diff --git a/lib/parsers/edge-cases.yaml b/lib/parsers/edge-cases.yaml new file mode 100644 index 0000000000..759f8106d4 --- /dev/null +++ b/lib/parsers/edge-cases.yaml @@ -0,0 +1,7 @@ +sfwd-lms: + target: "" + regex: '(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)' + +fusion-builder: + target: "wp-content/plugins/fusion-builder/languages/fusion-builder.pot" + regex: "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" \ No newline at end of file diff --git a/nuclei-templates/2018/CVE-2018-25019-10a89ae66beb80eb5f5ead8cc5089e02.yaml b/nuclei-templates/2018/CVE-2018-25019-10a89ae66beb80eb5f5ead8cc5089e02.yaml index 92ffc1c28d..7b7749d011 100644 --- a/nuclei-templates/2018/CVE-2018-25019-10a89ae66beb80eb5f5ead8cc5089e02.yaml +++ b/nuclei-templates/2018/CVE-2018-25019-10a89ae66beb80eb5f5ead8cc5089e02.yaml @@ -4,7 +4,7 @@ info: name: > LearnDash LMS <= 2.5.3 - Arbitrary File Upload author: topscoder - severity: high + severity: critical description: > The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server reference: @@ -17,14 +17,14 @@ info: fofa-query: "wp-content/plugins/sfwd-lms/" google-query: inurl:"/wp-content/plugins/sfwd-lms/" shodan-query: 'vuln:CVE-2018-25019' - tags: cve,wordpress,wp-plugin,sfwd-lms,high + tags: cve,wordpress,wp-plugin,sfwd-lms,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + - "{{BaseURL}}/" extractors: - type: regex @@ -33,14 +33,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" matchers-condition: and matchers: diff --git a/nuclei-templates/2020/CVE-2020-6009-2a5ae121ac45c4db9286f6262f63f6e5.yaml b/nuclei-templates/2020/CVE-2020-6009-2a5ae121ac45c4db9286f6262f63f6e5.yaml index 6f541df759..d86e418503 100644 --- a/nuclei-templates/2020/CVE-2020-6009-2a5ae121ac45c4db9286f6262f63f6e5.yaml +++ b/nuclei-templates/2020/CVE-2020-6009-2a5ae121ac45c4db9286f6262f63f6e5.yaml @@ -24,7 +24,7 @@ http: redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + - "{{BaseURL}}/" extractors: - type: regex @@ -33,14 +33,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" matchers-condition: and matchers: diff --git a/nuclei-templates/2020/CVE-2020-7108-d6e8b2f76cbc2ec5ae7e7af3679d4ed8.yaml b/nuclei-templates/2020/CVE-2020-7108-d6e8b2f76cbc2ec5ae7e7af3679d4ed8.yaml index f533a8f854..c566a5797e 100644 --- a/nuclei-templates/2020/CVE-2020-7108-d6e8b2f76cbc2ec5ae7e7af3679d4ed8.yaml +++ b/nuclei-templates/2020/CVE-2020-7108-d6e8b2f76cbc2ec5ae7e7af3679d4ed8.yaml @@ -24,7 +24,7 @@ http: redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + - "{{BaseURL}}/" extractors: - type: regex @@ -33,14 +33,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" matchers-condition: and matchers: diff --git a/nuclei-templates/2023/CVE-2023-28777-13a97dd87cd8da4d2ca9cc4586e65cfe.yaml b/nuclei-templates/2023/CVE-2023-28777-13a97dd87cd8da4d2ca9cc4586e65cfe.yaml index 4e380173fa..db410f0ed9 100644 --- a/nuclei-templates/2023/CVE-2023-28777-13a97dd87cd8da4d2ca9cc4586e65cfe.yaml +++ b/nuclei-templates/2023/CVE-2023-28777-13a97dd87cd8da4d2ca9cc4586e65cfe.yaml @@ -4,7 +4,7 @@ info: name: > LearnDash LMS <= 4.5.3 - Authenticated (Contributor+) SQL Injection author: topscoder - severity: high + severity: low description: > The LearnDash LMS plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 4.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: @@ -17,14 +17,14 @@ info: fofa-query: "wp-content/plugins/sfwd-lms/" google-query: inurl:"/wp-content/plugins/sfwd-lms/" shodan-query: 'vuln:CVE-2023-28777' - tags: cve,wordpress,wp-plugin,sfwd-lms,high + tags: cve,wordpress,wp-plugin,sfwd-lms,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + - "{{BaseURL}}/" extractors: - type: regex @@ -33,14 +33,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" matchers-condition: and matchers: diff --git a/nuclei-templates/2023/CVE-2023-3105-838c5377a3ecbc7084b894cb32f7b8cc.yaml b/nuclei-templates/2023/CVE-2023-3105-838c5377a3ecbc7084b894cb32f7b8cc.yaml index 132293c2d6..4ce4b9033b 100644 --- a/nuclei-templates/2023/CVE-2023-3105-838c5377a3ecbc7084b894cb32f7b8cc.yaml +++ b/nuclei-templates/2023/CVE-2023-3105-838c5377a3ecbc7084b894cb32f7b8cc.yaml @@ -4,7 +4,7 @@ info: name: > LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change author: topscoder - severity: high + severity: low description: > The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for attackers with with existing account access at any level, to change user passwords and potentially take over administrator accounts. reference: @@ -17,14 +17,14 @@ info: fofa-query: "wp-content/plugins/sfwd-lms/" google-query: inurl:"/wp-content/plugins/sfwd-lms/" shodan-query: 'vuln:CVE-2023-3105' - tags: cve,wordpress,wp-plugin,sfwd-lms,high + tags: cve,wordpress,wp-plugin,sfwd-lms,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + - "{{BaseURL}}/" extractors: - type: regex @@ -33,14 +33,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" matchers-condition: and matchers: diff --git a/nuclei-templates/2024/CVE-2024-1208-02626784075443390163f8db5670c28a.yaml b/nuclei-templates/2024/CVE-2024-1208-02626784075443390163f8db5670c28a.yaml index ad71e15b9a..52015c911b 100644 --- a/nuclei-templates/2024/CVE-2024-1208-02626784075443390163f8db5670c28a.yaml +++ b/nuclei-templates/2024/CVE-2024-1208-02626784075443390163f8db5670c28a.yaml @@ -24,7 +24,7 @@ http: redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + - "{{BaseURL}}/" extractors: - type: regex @@ -33,14 +33,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" matchers-condition: and matchers: diff --git a/nuclei-templates/2024/CVE-2024-1209-953891b7b02246cb4b83db8ae0e364f6.yaml b/nuclei-templates/2024/CVE-2024-1209-953891b7b02246cb4b83db8ae0e364f6.yaml index 376200a560..7dd7d80814 100644 --- a/nuclei-templates/2024/CVE-2024-1209-953891b7b02246cb4b83db8ae0e364f6.yaml +++ b/nuclei-templates/2024/CVE-2024-1209-953891b7b02246cb4b83db8ae0e364f6.yaml @@ -24,7 +24,7 @@ http: redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + - "{{BaseURL}}/" extractors: - type: regex @@ -33,14 +33,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" matchers-condition: and matchers: diff --git a/nuclei-templates/2024/CVE-2024-1210-417dd4625c1b025667086ec6772974db.yaml b/nuclei-templates/2024/CVE-2024-1210-417dd4625c1b025667086ec6772974db.yaml index 6b060c24e9..c2643a3585 100644 --- a/nuclei-templates/2024/CVE-2024-1210-417dd4625c1b025667086ec6772974db.yaml +++ b/nuclei-templates/2024/CVE-2024-1210-417dd4625c1b025667086ec6772974db.yaml @@ -24,7 +24,7 @@ http: redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + - "{{BaseURL}}/" extractors: - type: regex @@ -33,14 +33,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)" matchers-condition: and matchers: