HEX

File: //proc/thread-self/cwd/wp-content/imunify-security/rules.php
<?php
if ( ! defined( 'WPINC' ) ) {
	exit;
}
return json_decode( '{"version": "0.0.7", "rules": {"TEST-RULE": {"cve": "TEST-CVE", "severity": 1.0, "mode": "pass", "target": "core", "versions": ">=1.0.0", "action": "init", "conditions": [{"type": "equals", "name": "ARGS:test-rule", "value": "b3d45e60-53a5-4959-b911-5178baaef7ac"}]}, "CVE-2024-7031": {"cve": "CVE-2024-7031", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "filester", "versions": "<=1.8.2", "ajax_action": "njt_fs_action", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "CVE-2025-6814": {"cve": "CVE-2025-6814", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "booking-x", "versions": ">=1.1.0", "method": "POST", "action": "init", "conditions": [{"type": "exists", "name": "ARGS:export_xml"}, {"type": "equals", "name": "ARGS:export_xml", "value": "Export xml"}, {"type": "missing_capability", "value": "manage_options"}]}, "CVE-2025-5282": {"cve": "CVE-2025-5282", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "wp-travel-engine", "versions": "<=6.5.1", "method": "DELETE", "action": "rest_api_init", "conditions": [{"type": "contains", "name": "REQUEST_URI", "value": "wptravelengine/v2/trips"}, {"type": "exists", "name": "ARGS:id"}, {"type": "exists", "name": "ARGS:package_id"}, {"type": "missing_capability", "value": "edit_posts"}]}, "CVE-2023-7306": {"cve": "CVE-2023-7306", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "nmedia-user-file-uploader", "versions": "<=21.5", "ajax_action": "wpfm_delete_multiple_files", "conditions": [{"type": "exists", "name": "ARGS:file_ids"}, {"type": "missing_capability", "value": "read"}]}, "RULE-CVE-2020-36837-01": {"cve": "CVE-2020-36837", "mode": "pass", "target": "plugin", "slug": "themegrill-demo-importer", "versions": ">=1.3.4 <=1.6.1", "action": "admin_init", "method": "GET", "conditions": [{"name": "ARGS:do_reset_wordpress", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 9.9}, "RULE-CVE-2020-36838-01": {"cve": "CVE-2020-36838", "mode": "pass", "target": "plugin", "slug": "facebook-messenger-customer-chat", "versions": "<1.6", "method": "POST", "ajax_action": "update_options", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "update_options"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.4}, "RULE-CVE-2020-36842-01": {"cve": "CVE-2020-36842", "description": "WPvivid Backup/Restore <=0.9.35 missing capability check on wpvivid_upload_import_files AJAX action allows low-privilege authenticated arbitrary ZIP upload and extraction.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2020-36842", "severity": 8.8, "tags": ["auth-arbitrary-file-upload", "missing-capability-check", "ajax"], "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.35", "method": "POST", "ajax_action": "wpvivid_upload_import_files", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpvivid_upload_import_files"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2020-36842-02": {"cve": "CVE-2020-36842", "description": "WPvivid Backup/Restore <=0.9.35 missing capability check on wpvivid_upload_files AJAX action allows low-privilege authenticated arbitrary ZIP upload and extraction.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2020-36842", "severity": 8.8, "tags": ["auth-arbitrary-file-upload", "missing-capability-check", "ajax"], "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.35", "method": "POST", "ajax_action": "wpvivid_upload_files", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpvivid_upload_files"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2021-24584-01": {"cve": "CVE-2021-24584", "mode": "pass", "target": "plugin", "slug": "mp-timetable", "versions": "<=2.4.1", "method": "POST", "ajax_action": "route_url", "conditions": [{"name": "ARGS:controller", "type": "equals", "value": "events"}, {"name": "ARGS:mptt_action", "type": "equals", "value": "update_event_data"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 5.4}, "RULE-CVE-2021-24585-01": {"ajax_action": "route_url", "conditions": [{"type": "missing_capability", "value": "manage_options"}, {"name": "ARGS:controller", "type": "equals", "value": "events"}, {"name": "ARGS:mptt_action", "type": "equals", "value": "get_event_data"}], "cve": "CVE-2021-24585", "mode": "pass", "severity": 6.5, "slug": "mp-timetable", "target": "plugin", "versions": "<=2.3.19"}, "RULE-CVE-2021-4444-01": {"cve": "CVE-2021-4444", "severity": 7.3, "mode": "pass", "target": "plugin", "slug": "woo-product-filter", "versions": "<=1.4.9", "method": "POST", "ajax_action": "woofilters_save", "conditions": [{"name": "ARGS:mod", "type": "equals", "value": "woofilters"}, {"name": "ARGS:filter_name", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2021-4444-02": {"cve": "CVE-2021-4444", "severity": 7.3, "mode": "pass", "target": "plugin", "slug": "woo-product-filter", "versions": "<=1.4.9", "method": "POST", "ajax_action": "woofilters_update", "conditions": [{"name": "ARGS:mod", "type": "equals", "value": "woofilters"}, {"name": "ARGS:id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2021-4444-03": {"cve": "CVE-2021-4444", "severity": 7.3, "mode": "pass", "target": "plugin", "slug": "woo-product-filter", "versions": "<=1.4.9", "method": "POST", "ajax_action": "woofilters_delete", "conditions": [{"name": "ARGS:mod", "type": "equals", "value": "woofilters"}, {"name": "ARGS:id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2021-4446-01": {"cve": "CVE-2021-4446", "description": "Essential Addons for Elementor Lite <= 4.6.4 missing authorization on AJAX plugin installation via wpdeveloper_install_plugin, allowing low-privilege users to install arbitrary plugins.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2021-4446", "severity": 6.3, "tags": ["authz-bypass", "missing-capability-check", "wordpress-ajax"], "mode": "pass", "target": "plugin", "slug": "essential-addons-for-elementor-lite", "versions": "<=4.6.4", "method": "POST", "ajax_action": "wpdeveloper_install_plugin", "conditions": [{"name": "ARGS:slug", "type": "exists"}, {"type": "missing_capability", "value": "install_plugins"}]}, "RULE-CVE-2021-4446-02": {"cve": "CVE-2021-4446", "description": "Essential Addons for Elementor Lite <= 4.6.4 missing authorization on AJAX plugin activation via wpdeveloper_activate_plugin, enabling low-privilege users to activate installed plugins.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2021-4446", "severity": 6.3, "tags": ["authz-bypass", "missing-capability-check", "wordpress-ajax"], "mode": "pass", "target": "plugin", "slug": "essential-addons-for-elementor-lite", "versions": "<=4.6.4", "method": "POST", "ajax_action": "wpdeveloper_activate_plugin", "conditions": [{"name": "ARGS:basename", "type": "exists"}, {"type": "missing_capability", "value": "activate_plugins"}]}, "RULE-CVE-2021-4446-03": {"cve": "CVE-2021-4446", "description": "Essential Addons for Elementor Lite <= 4.6.4 missing authorization on AJAX plugin upgrade via wpdeveloper_upgrade_plugin, enabling low-privilege users to trigger plugin upgrades.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2021-4446", "severity": 6.3, "tags": ["authz-bypass", "missing-capability-check", "wordpress-ajax"], "mode": "pass", "target": "plugin", "slug": "essential-addons-for-elementor-lite", "versions": "<=4.6.4", "method": "POST", "ajax_action": "wpdeveloper_upgrade_plugin", "conditions": [{"name": "ARGS:basename", "type": "exists"}, {"type": "missing_capability", "value": "update_plugins"}]}, "RULE-CVE-2022-0531-01A": {"cve": "CVE-2022-0531", "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.69", "method": "GET", "action": "admin_menu", "conditions": [{"name": "ARGS:page", "type": "regex", "value": "~^(?i)wpvivid$~"}, {"name": "ARGS:sub_page", "type": "regex", "value": "~[\"\'<>]~"}], "severity": 6.1}, "RULE-CVE-2022-0531-01B": {"cve": "CVE-2022-0531", "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.69", "method": "GET", "action": "admin_menu", "conditions": [{"name": "ARGS:page", "type": "regex", "value": "~^(?i)wpvivid$~"}, {"name": "ARGS:sub_tab", "type": "regex", "value": "~[\"\'<>]~"}], "severity": 6.1}, "RULE-CVE-2022-2446-01": {"cve": "CVE-2022-2446", "mode": "pass", "target": "plugin", "slug": "wp-editor", "versions": "<=1.2.9", "method": "POST", "ajax_action": "wpeditor_browse_theme_root", "conditions": [{"name": "ARGS:current_theme_root", "type": "regex", "value": "~^phar://~i"}], "severity": 7.2}, "RULE-CVE-2022-2446-02": {"cve": "CVE-2022-2446", "mode": "pass", "target": "plugin", "slug": "wp-editor", "versions": "<=1.2.9", "method": "POST", "ajax_action": "wpeditor_get_file", "conditions": [{"name": "ARGS:file_path", "type": "regex", "value": "~^phar://~i"}], "severity": 7.2}, "RULE-CVE-2022-2446-03": {"cve": "CVE-2022-2446", "mode": "pass", "target": "plugin", "slug": "wp-editor", "versions": "<=1.2.9", "method": "POST", "ajax_action": "wpeditor_upload", "conditions": [{"name": "ARGS:complete_directory", "type": "regex", "value": "~^phar://~i"}], "severity": 7.2}, "RULE-CVE-2022-2446-04": {"cve": "CVE-2022-2446", "mode": "pass", "target": "plugin", "slug": "wp-editor", "versions": "<=1.2.9", "method": "POST", "ajax_action": "wpeditor_save_file", "conditions": [{"name": "ARGS:real_file", "type": "regex", "value": "~^phar://~i"}], "severity": 7.2}, "RULE-CVE-2022-43453-01": {"cve": "CVE-2022-43453", "mode": "pass", "target": "plugin", "slug": "wptools", "versions": "<3.43", "ajax_action": "wptools_get_ajax_data", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2022-43453-02": {"cve": "CVE-2022-43453", "mode": "pass", "target": "plugin", "slug": "wptools", "versions": "<3.43", "ajax_action": "wptools_get_js_errors", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2022-43453-03": {"cve": "CVE-2022-43453", "mode": "pass", "target": "plugin", "slug": "wptools", "versions": "<3.43", "ajax_action": "wptools_get_speed_info", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2022-43453-04": {"cve": "CVE-2022-43453", "mode": "pass", "target": "plugin", "slug": "wptools", "versions": "<3.43", "ajax_action": "wptools_dismissible_notice", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2022-43453-05": {"cve": "CVE-2022-43453", "mode": "pass", "target": "plugin", "slug": "wptools", "versions": "<3.43", "ajax_action": "wptools_dismissible_notice2", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2022-43453-06": {"cve": "CVE-2022-43453", "mode": "pass", "target": "plugin", "slug": "wptools", "versions": "<3.43", "ajax_action": "wptools_bill_go_pro_hide", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2022-45830-01": {"cve": "CVE-2022-45830", "mode": "pass", "target": "plugin", "slug": "wp-analytify", "versions": "<=4.2.3", "action": "admin_init", "method": "POST", "conditions": [{"name": "ARGS:wp_analytify_log_out", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2022-4972-01": {"cve": "CVE-2022-4972", "mode": "pass", "target": "plugin", "slug": "download-monitor", "versions": "<=4.7.51", "method": "GET", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:^/wp-json|(?:^|[?&])rest_route=)/download-monitor/v1/download_reports(?:[/?&]|$)~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.5}, "RULE-CVE-2022-4972-02": {"cve": "CVE-2022-4972", "mode": "pass", "target": "plugin", "slug": "download-monitor", "versions": "<=4.7.51", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:^/wp-json|(?:^|[?&])rest_route=)/download-monitor/v1/download_reports(?:[/?&]|$)~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.5}, "RULE-CVE-2022-4972-03": {"cve": "CVE-2022-4972", "mode": "pass", "target": "plugin", "slug": "download-monitor", "versions": "<=4.7.51", "method": "GET", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:^/wp-json|(?:^|[?&])rest_route=)/download-monitor/v1/user_reports(?:[/?&]|$)~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.5}, "RULE-CVE-2022-4972-04": {"cve": "CVE-2022-4972", "mode": "pass", "target": "plugin", "slug": "download-monitor", "versions": "<=4.7.51", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:^/wp-json|(?:^|[?&])rest_route=)/download-monitor/v1/user_reports(?:[/?&]|$)~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.5}, "RULE-CVE-2022-4972-05": {"cve": "CVE-2022-4972", "mode": "pass", "target": "plugin", "slug": "download-monitor", "versions": "<=4.7.51", "method": "GET", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:^/wp-json|(?:^|[?&])rest_route=)/download-monitor/v1/user_data(?:[/?&]|$)~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.5}, "RULE-CVE-2022-4972-06": {"cve": "CVE-2022-4972", "mode": "pass", "target": "plugin", "slug": "download-monitor", "versions": "<=4.7.51", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:^/wp-json|(?:^|[?&])rest_route=)/download-monitor/v1/user_data(?:[/?&]|$)~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.5}, "RULE-CVE-2022-4972-07": {"cve": "CVE-2022-4972", "mode": "pass", "target": "plugin", "slug": "download-monitor", "versions": "<=4.7.51", "method": "GET", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:^/wp-json|(?:^|[?&])rest_route=)/download-monitor/v1/templates(?:[/?&]|$)~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.5}, "RULE-CVE-2022-4972-08": {"cve": "CVE-2022-4972", "mode": "pass", "target": "plugin", "slug": "download-monitor", "versions": "<=4.7.51", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:^/wp-json|(?:^|[?&])rest_route=)/download-monitor/v1/templates(?:[/?&]|$)~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.5}, "RULE-CVE-2023-23715-01": {"cve": "CVE-2023-23715", "severity": 8.8, "mode": "pass", "target": "plugin", "slug": "jobboardwp", "versions": "<=1.2.2", "ajax_action": "jb-delete-job", "method": "POST", "conditions": [{"name": "ARGS:jb-delete-job", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-23730-01": {"cve": "CVE-2023-23730", "mode": "pass", "target": "plugin", "slug": "ultimate-addons-for-gutenberg", "versions": "<=2.3.0", "ajax_action": "uagb_process_forms", "method": "POST", "conditions": [{"type": "missing_capability", "value": "manage_options"}, {"name": "ARGS:form_data", "type": "regex", "value": "~(?:^|&)g-recaptcha-response=[^&]{0,80}(?:&|$)~"}], "severity": 5.3}, "RULE-CVE-2023-23735-01": {"cve": "CVE-2023-23735", "description": "Unauthenticated email HTML injection (XSS) via Spectra form processing allows HTML/script injection in email field", "severity": 7.2, "mode": "pass", "target": "plugin", "slug": "ultimate-addons-for-gutenberg", "versions": "<=2.3.0", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "uagb_process_forms"}, {"name": "ARGS:email", "type": "detectXSS"}]}, "RULE-CVE-2023-23825-01": {"cve": "CVE-2023-23825", "description": "Spectra (Ultimate Addons for Gutenberg) <= 2.3.0 missing authorization/CSRF protection on AJAX WPForms import action ast_block_templates_import_wpforms, allowing low-privilege or CSRF-triggered imports.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-23825", "severity": 8.8, "tags": ["wordpress", "plugin", "spectra", "ultimate-addons-for-gutenberg", "missing-authorization", "csrf"], "mode": "pass", "target": "plugin", "slug": "ultimate-addons-for-gutenberg", "versions": "<=2.3.0", "ajax_action": "ast_block_templates_import_wpforms", "method": "POST", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "ast_block_templates_import_wpforms"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-23825-02": {"cve": "CVE-2023-23825", "description": "Spectra (Ultimate Addons for Gutenberg) <= 2.3.0 missing authorization/CSRF protection on AJAX block template import action ast_block_templates_import_block, allowing low-privilege or CSRF-triggered imports.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-23825", "severity": 8.8, "tags": ["wordpress", "plugin", "spectra", "ultimate-addons-for-gutenberg", "missing-authorization", "csrf"], "mode": "pass", "target": "plugin", "slug": "ultimate-addons-for-gutenberg", "versions": "<=2.3.0", "ajax_action": "ast_block_templates_import_block", "method": "POST", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "ast_block_templates_import_block"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-23990-01": {"action": "init", "conditions": [{"name": "REQUEST_URI", "type": "equals", "value": "/wp-admin/profile.php"}, {"name": "ARGS:wp_capabilities", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "cve": "CVE-2023-23990", "method": "POST", "mode": "pass", "severity": 7.6, "slug": "wpcf7-redirect", "target": "plugin", "versions": "<=2.7.0"}, "RULE-CVE-2023-23990-02": {"action": "init", "conditions": [{"name": "REQUEST_URI", "type": "equals", "value": "/wp-admin/profile.php"}, {"name": "ARGS:wp_user_level", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "cve": "CVE-2023-23990", "method": "POST", "mode": "pass", "severity": 7.6, "slug": "wpcf7-redirect", "target": "plugin", "versions": "<=2.7.0"}, "RULE-CVE-2023-23990-03": {"action": "init", "conditions": [{"name": "REQUEST_URI", "type": "equals", "value": "/wp-admin/user-edit.php"}, {"name": "ARGS:wp_capabilities", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "cve": "CVE-2023-23990", "method": "POST", "mode": "pass", "severity": 7.6, "slug": "wpcf7-redirect", "target": "plugin", "versions": "<=2.7.0"}, "RULE-CVE-2023-23990-04": {"action": "init", "conditions": [{"name": "REQUEST_URI", "type": "equals", "value": "/wp-admin/user-edit.php"}, {"name": "ARGS:wp_user_level", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "cve": "CVE-2023-23990", "method": "POST", "mode": "pass", "severity": 7.6, "slug": "wpcf7-redirect", "target": "plugin", "versions": "<=2.7.0"}, "RULE-CVE-2023-24407-01": {"cve": "CVE-2023-24407", "mode": "pass", "target": "plugin", "slug": "booking-calendar", "versions": "<=3.2.3", "method": "POST", "ajax_action": "wpdevart_export", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpdevart_export"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-24407-02": {"cve": "CVE-2023-24407", "mode": "pass", "target": "plugin", "slug": "booking-calendar", "versions": "<=3.2.3", "method": "POST", "ajax_action": "wpdevart_ajax", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpdevart_ajax"}, {"name": "ARGS:task", "type": "regex", "value": "~^wpdevart_(quick_update|add_field|payment(_ajax)?|export)$~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-24407-03": {"cve": "CVE-2023-24407", "mode": "pass", "target": "plugin", "slug": "booking-calendar", "versions": "<=3.2.3", "method": "POST", "ajax_action": "wpdevart_add_field", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpdevart_add_field"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-24407-04": {"cve": "CVE-2023-24407", "mode": "pass", "target": "plugin", "slug": "booking-calendar", "versions": "<=3.2.3", "method": "POST", "ajax_action": "wpdevart_payment", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpdevart_payment"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-24407-05": {"cve": "CVE-2023-24407", "mode": "pass", "target": "plugin", "slug": "booking-calendar", "versions": "<=3.2.3", "method": "POST", "ajax_action": "wpdevart_payment_ajax", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpdevart_payment_ajax"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-25988-01": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Video_Del", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-02": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Video_Clone", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-03": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Video_Edit", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-04": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Video_Edit_Videos", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-05": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TSoft_Vimeo_Video_Image", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-06": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TSoft_Wistia_Video_Image", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-07": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_VideoOpt_Del", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-08": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_VideoOpt_Edit", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-09": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_VideoOpt_Edit1", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-10": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGalleryV_Clone_Option", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-11": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Video_Page", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-12": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Video_PageGO", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-13": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Video_CP_Popup", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-14": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Video_CP_Popup_Left", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-15": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Video_CP_Popup_Right", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-16": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TS_PTable_New_MTable_DisMiss_VG", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-17": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TS_VG_Question_DisMiss", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-18": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "Total_Soft_GV_Prev", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-19": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Video_Post", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-25988-20": {"cve": "CVE-2023-25988", "severity": 7.5, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=1.7.6", "ajax_action": "TotalSoftGallery_Page_Post", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-27460-01": {"cve": "CVE-2023-27460", "description": "CP Contact Form with Paypal <= 1.3.34 missing authorization on AJAX feedback submission (cpcfwpp_feedback) allows low-privileged users to misuse internal feedback functionality.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-27460", "severity": 4.3, "tags": ["missing-authorization", "broken-access-control", "ajax", "feedback"], "mode": "pass", "target": "plugin", "slug": "cp-contact-form-with-paypal", "versions": "<=1.3.34", "method": "POST", "ajax_action": "cpcfwpp_feedback", "conditions": [{"name": "ARGS:answer", "type": "exists"}, {"name": "ARGS:oinfo", "type": "exists"}, {"name": "ARGS:opinfo", "type": "exists"}, {"name": "ARGS:anonymous", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-32117-01": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_download_zip", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-32117-02": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_download", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-32117-03": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_stream", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-32117-04": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_preview", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-32117-05": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_get_share_link", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-32117-06": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_get_preview_thumbnail", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-32117-07": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_get_shortcodes", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-32117-08": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_get_upload_url", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-32117-09": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_file_uploaded", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-32117-10": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_delete_shortcode", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-32117-11": {"cve": "CVE-2023-32117", "mode": "pass", "target": "plugin", "slug": "integrate-google-drive", "versions": "<=1.1.99", "ajax_action": "igd_download_status", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-35051-01": {"cve": "CVE-2023-35051", "description": "Block unauthorized POST accua-save-form-settings action (Broken Access Control) in Contact Forms by Cimatti <=1.5.7", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-35051", "severity": 8.8, "tags": ["authz", "broken-access-control", "missing-authorization"], "mode": "pass", "target": "plugin", "slug": "contact-forms", "versions": "<=1.5.7", "method": "POST", "ajax_action": "accua-save-form-settings", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-35051-02": {"cve": "CVE-2023-35051", "description": "Block unauthorized POST accua_form_save_form_settings action (Broken Access Control) in Contact Forms by Cimatti <=1.5.7", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-35051", "severity": 8.8, "tags": ["authz", "broken-access-control", "missing-authorization"], "mode": "pass", "target": "plugin", "slug": "contact-forms", "versions": "<=1.5.7", "method": "POST", "ajax_action": "accua_form_save_form_settings", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-35051-03": {"cve": "CVE-2023-35051", "description": "Block unauthorized POST accua-save-form-field action (Broken Access Control) in Contact Forms by Cimatti <=1.5.7", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-35051", "severity": 8.8, "tags": ["authz", "broken-access-control", "missing-authorization"], "mode": "pass", "target": "plugin", "slug": "contact-forms", "versions": "<=1.5.7", "method": "POST", "ajax_action": "accua-save-form-field", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-35051-04": {"cve": "CVE-2023-35051", "description": "Block unauthorized POST accua_forms_preview action (Broken Access Control) in Contact Forms by Cimatti <=1.5.7", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-35051", "severity": 8.8, "tags": ["authz", "broken-access-control", "missing-authorization"], "mode": "pass", "target": "plugin", "slug": "contact-forms", "versions": "<=1.5.7", "method": "POST", "ajax_action": "accua_forms_preview", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-35051-05": {"cve": "CVE-2023-35051", "description": "Block unauthorized POST accua_forms_submission_page_save_excel action (Broken Access Control) in Contact Forms by Cimatti <=1.5.7", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-35051", "severity": 8.8, "tags": ["authz", "broken-access-control", "missing-authorization"], "mode": "pass", "target": "plugin", "slug": "contact-forms", "versions": "<=1.5.7", "method": "POST", "ajax_action": "accua_forms_submission_page_save_excel", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-36679-01": {"cve": "CVE-2023-36679", "severity": 7.1, "mode": "pass", "target": "plugin", "slug": "ultimate-addons-for-gutenberg", "versions": "<=2.6.6", "ajax_action": "ast_block_templates_importer", "conditions": [{"name": "ARGS:api_uri", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-36679-02": {"cve": "CVE-2023-36679", "severity": 7.1, "mode": "pass", "target": "plugin", "slug": "ultimate-addons-for-gutenberg", "versions": "<=2.6.6", "ajax_action": "ast_block_templates_import_wpforms", "conditions": [{"name": "ARGS:wpforms_url", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-37866-01": {"cve": "CVE-2023-37866", "mode": "pass", "target": "plugin", "slug": "jetformbuilder", "versions": "<=3.0.8", "ajax_action": "jfb_addon_activate_action", "conditions": [{"type": "missing_capability", "value": "activate_plugins"}], "severity": 7.2}, "RULE-CVE-2023-37967-01": {"cve": "CVE-2023-37967", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "directorypress", "versions": "<=3.6.2", "ajax_action": "directorypress_fields_delete", "method": "POST", "conditions": [{"name": "ARGS:id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-37967-02": {"cve": "CVE-2023-37967", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "directorypress", "versions": "<=3.6.2", "ajax_action": "directorypress_fields_group_delete", "method": "POST", "conditions": [{"name": "ARGS:id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-37967-03": {"cve": "CVE-2023-37967", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "directorypress", "versions": "<=3.6.2", "ajax_action": "directorypress_fields_config", "method": "POST", "conditions": [{"name": "ARGS:field_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-38386-01": {"cve": "CVE-2023-38386", "mode": "pass", "target": "plugin", "slug": "ninja-forms", "versions": "<=3.6.25", "method": "GET", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/ninja-forms-submissions/v1/export(?:[/?]|$)~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-38386-02": {"cve": "CVE-2023-38386", "mode": "pass", "target": "plugin", "slug": "ninja-forms", "versions": "<=3.6.25", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/ninja-forms-submissions/v1/export(?:[/?]|$)~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2023-39920-01": {"cve": "CVE-2023-39920", "mode": "pass", "target": "plugin", "slug": "wpcf7-redirect", "versions": "<=2.9.2", "method": "GET", "action": "admin_init", "conditions": [{"name": "ARGS:export_leads", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.5}, "RULE-CVE-2023-39920-02": {"cve": "CVE-2023-39920", "mode": "pass", "target": "plugin", "slug": "wpcf7-redirect", "versions": "<=2.9.2", "ajax_action": "send_debug_info", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 7.5}, "RULE-CVE-2023-39990-01": {"cve": "CVE-2023-39990", "mode": "pass", "target": "plugin", "slug": "pmpro-courses", "versions": "<=1.2.3", "method": "POST", "ajax_action": "pmpro_courses_update_course", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "pmpro_courses_update_course"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-39990-02": {"cve": "CVE-2023-39990", "mode": "pass", "target": "plugin", "slug": "pmpro-courses", "versions": "<=1.2.3", "method": "POST", "ajax_action": "pmpro_courses_remove_course", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "pmpro_courses_remove_course"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-39997-01": {"cve": "CVE-2023-39997", "mode": "pass", "target": "plugin", "slug": "popup-by-supsystic", "versions": "<=1.10.19", "severity": 9.8, "action": "init", "conditions": [{"name": "ARGS:mod", "type": "equals", "value": "subscribe"}, {"name": "ARGS:action", "type": "equals", "value": "getWpCsvList"}, {"name": "ARGS:pl", "type": "equals", "value": "pps"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-40203-01": {"cve": "CVE-2023-40203", "mode": "pass", "target": "plugin", "slug": "mailchimp-forms-by-mailmunch", "versions": "<=3.1.4", "method": "POST", "ajax_action": "delete_widget", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "delete_widget"}, {"name": "ARGS:widget_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-40203-02": {"cve": "CVE-2023-40203", "mode": "pass", "target": "plugin", "slug": "mailchimp-forms-by-mailmunch", "versions": "<=3.1.4", "method": "POST", "ajax_action": "change_email_status", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "change_email_status"}, {"name": "ARGS:email_id", "type": "exists"}, {"name": "ARGS:email_status", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-40203-03": {"cve": "CVE-2023-40203", "mode": "pass", "target": "plugin", "slug": "mailchimp-forms-by-mailmunch", "versions": "<=3.1.4", "method": "POST", "ajax_action": "delete_email", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "delete_email"}, {"name": "ARGS:email_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-41243-01": {"cve": "CVE-2023-41243", "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.90", "method": "POST", "ajax_action": "wpvivid_get_import_list_page", "conditions": [{"name": "ARGS:wpvivid_upload_import_files", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-41243-02": {"cve": "CVE-2023-41243", "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.90", "method": "POST", "ajax_action": "wpvivid_get_import_list_page", "conditions": [{"name": "ARGS:wpvivid_start_import", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-41243-03": {"cve": "CVE-2023-41243", "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.90", "method": "POST", "ajax_action": "wpvivid_get_import_list_page", "conditions": [{"name": "ARGS:wpvivid_delete_export_list", "type": "exists"}, {"name": "ARGS:export_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2023-6751-01": {"cve": "CVE-2023-6751", "mode": "pass", "target": "plugin", "slug": "hostinger", "versions": "<=1.9.7", "ajax_action": "hostinger_publish_website", "method": "POST", "conditions": [{"name": "ARGS:maintenance", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 6.5}, "RULE-CVE-2023-6827-01": {"cve": "CVE-2023-6827", "mode": "pass", "target": "plugin", "slug": "essential-real-estate", "versions": "<=4.3.5", "method": "POST", "ajax_action": "gsf_upload_fonts", "conditions": [{"name": "FILES:file_font", "type": "exists"}], "severity": 8.8}, "RULE-CVE-2023-6878-01": {"cve": "CVE-2023-6878", "mode": "pass", "target": "plugin", "slug": "slick-social-share-buttons", "versions": "<=2.4.11", "ajax_action": "dcssb_ajax_update", "method": "POST", "severity": 6.5, "description": "Slick Social Share Buttons <= 2.4.11 dcssb_ajax_update missing capability check allows authenticated subscriber+ users to arbitrarily modify site options, enabling unauthorized configuration changes via admin-ajax.php as described by Wordfence and NVD.", "tags": ["authz", "arbitrary-option-update", "privilege-escalation"], "conditions": [{"name": "ARGS:action", "type": "equals", "value": "dcssb_ajax_update"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-6878-02": {"cve": "CVE-2023-6878", "mode": "pass", "target": "plugin", "slug": "slick-social-share-buttons", "versions": "<=2.4.11", "ajax_action": "dcssb_ajax_update", "method": "POST", "severity": 6.5, "description": "Block low-privilege abuse of dcssb_ajax_update to toggle users_can_register via arbitrary option updates in Slick Social Share Buttons <= 2.4.11, as the handler lacks a capability check and permits subscriber-level attackers to change site options.", "tags": ["authz", "arbitrary-option-update", "privilege-escalation"], "conditions": [{"name": "ARGS:action", "type": "equals", "value": "dcssb_ajax_update"}, {"type": "missing_capability", "value": "manage_options"}, {"name": "ARGS:users_can_register", "type": "exists"}]}, "RULE-CVE-2023-6878-03": {"cve": "CVE-2023-6878", "mode": "pass", "target": "plugin", "slug": "slick-social-share-buttons", "versions": "<=2.4.11", "ajax_action": "dcssb_ajax_update", "method": "POST", "severity": 6.5, "description": "Block low-privilege abuse of dcssb_ajax_update to change the default_role option (e.g., to administrator/editor/author) via the arbitrary option update vulnerability in Slick Social Share Buttons <= 2.4.11.", "tags": ["authz", "arbitrary-option-update", "privilege-escalation"], "conditions": [{"name": "ARGS:action", "type": "equals", "value": "dcssb_ajax_update"}, {"type": "missing_capability", "value": "manage_options"}, {"name": "ARGS:default_role", "type": "exists"}, {"name": "ARGS:default_role", "type": "regex", "value": "~^(administrator|editor|author)$~i"}]}, "RULE-CVE-2023-6878-04": {"cve": "CVE-2023-6878", "mode": "pass", "target": "plugin", "slug": "slick-social-share-buttons", "versions": "<=2.4.11", "ajax_action": "dcssb_ajax_update", "method": "POST", "severity": 6.5, "description": "Block low-privilege abuse of dcssb_ajax_update to modify the admin_email option through the arbitrary option update vulnerability in Slick Social Share Buttons <= 2.4.11, which allows subscriber-level users to change site options.", "tags": ["authz", "arbitrary-option-update", "integrity"], "conditions": [{"name": "ARGS:action", "type": "equals", "value": "dcssb_ajax_update"}, {"type": "missing_capability", "value": "manage_options"}, {"name": "ARGS:admin_email", "type": "exists"}]}, "RULE-CVE-2023-6966-04": {"cve": "CVE-2023-6966", "description": "The Moneytizer <= 9.6.3 wp_ajax_get_ads_txt missing capability/nonce checks allow subscriber+ or CSRF to read/alter ads.txt, lazy-loading, stats visibility, and tag configuration via admin-ajax.php.", "cve_link": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71823e36-3899-4253-a1d2-c6f8921d18dc?source=cve", "severity": 8.1, "tags": ["improper-access-control", "missing-authorization", "csrf", "ajax"], "mode": "pass", "target": "plugin", "slug": "the-moneytizer", "versions": "<=9.6.3", "method": "POST", "ajax_action": "get_ads_txt", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-6966-05": {"cve": "CVE-2023-6966", "description": "The Moneytizer <= 9.6.3 wp_ajax_do_generate_tag missing capability/nonce checks allow subscriber+ or CSRF to generate/modify Moneytizer tags and formats via admin-ajax.php.", "cve_link": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71823e36-3899-4253-a1d2-c6f8921d18dc?source=cve", "severity": 8.1, "tags": ["improper-access-control", "missing-authorization", "csrf", "ajax"], "mode": "pass", "target": "plugin", "slug": "the-moneytizer", "versions": "<=9.6.3", "method": "POST", "ajax_action": "do_generate_tag", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-6966-06": {"cve": "CVE-2023-6966", "description": "The Moneytizer <= 9.6.3 wp_ajax_update_bank_data missing capability/nonce checks allow subscriber+ or CSRF to update billing/bank details via admin-ajax.php.", "cve_link": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71823e36-3899-4253-a1d2-c6f8921d18dc?source=cve", "severity": 8.1, "tags": ["improper-access-control", "missing-authorization", "csrf", "ajax"], "mode": "pass", "target": "plugin", "slug": "the-moneytizer", "versions": "<=9.6.3", "method": "POST", "ajax_action": "update_bank_data", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-6966-07": {"cve": "CVE-2023-6966", "description": "The Moneytizer <= 9.6.3 wp_ajax_do_reactivate_tag missing capability/nonce checks allow subscriber+ or CSRF to reactivate tags via admin-ajax.php.", "cve_link": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71823e36-3899-4253-a1d2-c6f8921d18dc?source=cve", "severity": 8.1, "tags": ["improper-access-control", "missing-authorization", "csrf", "ajax"], "mode": "pass", "target": "plugin", "slug": "the-moneytizer", "versions": "<=9.6.3", "method": "POST", "ajax_action": "do_reactivate_tag", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-6966-08": {"cve": "CVE-2023-6966", "description": "The Moneytizer <= 9.6.3 wp_ajax_apply_conf missing capability/nonce checks allow subscriber+ or CSRF to apply configuration via admin-ajax.php.", "cve_link": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71823e36-3899-4253-a1d2-c6f8921d18dc?source=cve", "severity": 8.1, "tags": ["improper-access-control", "missing-authorization", "csrf", "ajax"], "mode": "pass", "target": "plugin", "slug": "the-moneytizer", "versions": "<=9.6.3", "method": "POST", "ajax_action": "apply_conf", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2023-7291-01": {"cve": "CVE-2023-7291", "mode": "pass", "target": "plugin", "slug": "paytium", "versions": "<=4.3.7", "method": "POST", "ajax_action": "paytium_mollie_create_account", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2023-7291-02": {"cve": "CVE-2023-7291", "mode": "pass", "target": "plugin", "slug": "paytium", "versions": "<=4.3.7", "method": "POST", "ajax_action": "paytium_mollie_create_profile", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2023-7291-03": {"cve": "CVE-2023-7291", "mode": "pass", "target": "plugin", "slug": "paytium", "versions": "<=4.3.7", "method": "POST", "ajax_action": "pt_save_profile_settings", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2023-7291-04": {"cve": "CVE-2023-7291", "mode": "pass", "target": "plugin", "slug": "paytium", "versions": "<=4.3.7", "method": "POST", "ajax_action": "pt_get_mollie_profiles", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2023-7291-05": {"cve": "CVE-2023-7291", "mode": "pass", "target": "plugin", "slug": "paytium", "versions": "<=4.3.7", "method": "POST", "ajax_action": "paytium_sw_save_api_keys", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2024-0659-01": {"cve": "CVE-2024-0659", "description": "Easy Digital Downloads <=3.1.5 unauthorized access to debug log tools action", "severity": 4.3, "tags": ["broken-access-control", "information-disclosure"], "mode": "pass", "target": "plugin", "slug": "easy-digital-downloads", "versions": "<=3.2.6", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:edd-action", "type": "equals", "value": "tools_tab_debug_log"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-0660-01A": {"cve": "CVE-2024-0660", "description": "Formidable Forms <=6.7.2 CSRF-to-stored-XSS via admin-ajax frm_save_form (missing nonce validation)", "severity": 8.8, "tags": ["xss", "csrf", "stored-xss", "ajax"], "mode": "pass", "target": "plugin", "slug": "formidable", "versions": "<=6.7.2", "method": "POST", "ajax_action": "frm_save_form", "conditions": [{"name": "REQUEST_URI", "type": "contains", "value": "/wp-admin/admin-ajax.php"}, {"name": "ARGS:action", "type": "equals", "value": "frm_save_form"}, {"name": "ARGS:success_msg", "type": "detectXSS"}]}, "RULE-CVE-2024-0660-01B": {"cve": "CVE-2024-0660", "description": "Formidable Forms <=6.7.2 CSRF-to-stored-XSS via admin-ajax frm_save_form (missing nonce validation)", "severity": 8.8, "tags": ["xss", "csrf", "stored-xss", "ajax"], "mode": "pass", "target": "plugin", "slug": "formidable", "versions": "<=6.7.2", "method": "POST", "ajax_action": "frm_save_form", "conditions": [{"name": "REQUEST_URI", "type": "contains", "value": "/wp-admin/admin-ajax.php"}, {"name": "ARGS:action", "type": "equals", "value": "frm_save_form"}, {"name": "ARGS:custom_html", "type": "detectXSS"}]}, "RULE-CVE-2024-10542-01": {"cve": "CVE-2024-10542", "mode": "pass", "target": "plugin", "slug": "cleantalk-spam-protect", "versions": "<=6.43.2", "action": "init", "conditions": [{"name": "ARGS:spbc_remote_call_action", "type": "regex", "value": "~^(?:install_plugin|activate_plugin|deactivate_plugin|uninstall_plugin|update_settings|post_api_key)$~i"}, {"name": "ARGS:plugin_name", "type": "regex", "value": "~^(?:antispam|anti-spam|apbct)$~i"}, {"type": "missing_capability", "value": "activate_plugins"}], "severity": 7.5}, "RULE-CVE-2024-10571-01": {"cve": "CVE-2024-10571", "mode": "pass", "target": "plugin", "slug": "chart-builder", "versions": "<=2.9.5", "ajax_action": "ays_chart_admin_ajax", "conditions": [{"name": "ARGS:source", "type": "regex", "value": "~^(?!google-charts$|chart-js$).+~"}], "severity": 9.8}, "RULE-CVE-2024-1071-01": {"cve": "CVE-2024-1071", "description": "Ultimate Member >=2.1.3 <=2.8.2 unauthenticated SQL injection via sorting parameter in um_get_members AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-1071", "severity": 9.8, "tags": ["sql-injection", "unauthenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "ultimate-member", "versions": ">=2.1.3 <=2.8.2", "method": "POST", "ajax_action": "um_get_members", "conditions": [{"name": "ARGS:sorting", "type": "detectSQLi"}]}, "RULE-CVE-2024-10728-01": {"cve": "CVE-2024-10728", "description": "PostX \u2013 Post Grid Gutenberg Blocks <=4.1.16 missing authorization on install_required_plugin AJAX action allows Subscriber+ arbitrary plugin installation/activation", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-10728", "severity": 8.8, "tags": ["missing-authorization", "privilege-escalation", "arbitrary-plugin-install"], "mode": "pass", "target": "plugin", "slug": "ultimate-post", "versions": "<=4.1.16", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "install_required_plugin"}, {"type": "missing_capability", "value": "install_plugins"}]}, "RULE-CVE-2024-11415-01": {"cve": "CVE-2024-11415", "description": "WP-Orphanage Extended <=1.2 CSRF to orphan account privilege escalation via settings page role parameter", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-11415", "severity": 8.8, "tags": ["csrf", "privilege-escalation", "settings-update"], "mode": "pass", "target": "plugin", "slug": "wp-orphanage-extended", "versions": "<=1.2", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "wp-orphanage-extended"}, {"name": "ARGS:action", "type": "equals", "value": "update"}, {"name": "ARGS:wporphanageex_role", "type": "regex", "value": "~^(?:administrator|editor|author)$~i"}]}, "RULE-CVE-2024-11643-01": {"cve": "CVE-2024-11643", "mode": "pass", "target": "plugin", "slug": "allaccessible", "versions": "<=1.3.4", "method": "POST", "ajax_action": "AllAccessible_save_settings", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-12635-01": {"cve": "CVE-2024-12635", "mode": "pass", "target": "plugin", "slug": "wp-docs", "versions": "<=2.2.0", "method": "POST", "ajax_action": "wpdocs_update_folder", "conditions": [{"name": "ARGS:dir_id", "type": "detectSQLi"}], "severity": 6.5}, "RULE-CVE-2024-12635-02": {"cve": "CVE-2024-12635", "mode": "pass", "target": "plugin", "slug": "wp-docs", "versions": "<=2.2.0", "method": "POST", "ajax_action": "wpdocs_delete_folder", "conditions": [{"name": "ARGS:dir_id", "type": "detectSQLi"}], "severity": 6.5}, "RULE-CVE-2024-12635-03": {"cve": "CVE-2024-12635", "mode": "pass", "target": "plugin", "slug": "wp-docs", "versions": "<=2.2.0", "method": "POST", "ajax_action": "wpdocs_delete_files", "conditions": [{"name": "ARGS:dir_id", "type": "detectSQLi"}], "severity": 6.5}, "RULE-CVE-2024-12771-01": {"cve": "CVE-2024-12771", "mode": "pass", "target": "plugin", "slug": "ecommerce-product-catalog", "versions": "<=3.3.43", "method": "POST", "ajax_action": "customer_panel_password_reset", "conditions": [{"name": "ARGS:new_password", "type": "exists"}, {"name": "ARGS:repeat_new_password", "type": "exists"}], "severity": 8.8}, "RULE-CVE-2024-12881-01": {"cve": "CVE-2024-12881", "mode": "pass", "target": "plugin", "slug": "plugversions", "versions": "<=0.0.7", "method": "POST", "ajax_action": "eos_plugin_reviews_restore_version", "conditions": [{"name": "ARGS:dir", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-1317-01": {"cve": "CVE-2024-1317", "mode": "pass", "target": "plugin", "slug": "feedzy-rss-feeds", "versions": "<=4.4.2", "method": "POST", "ajax_action": "feedzy", "conditions": [{"name": "ARGS:search_key", "type": "detectSQLi"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-13315-01": {"cve": "CVE-2024-13315", "description": "Shopwarden <=1.0.11 CSRF to arbitrary WordPress options update via admin.php page=shopwarden action=save_setting", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-13315", "severity": 8.8, "tags": ["csrf", "broken-access-control", "options-update", "privilege-escalation"], "mode": "pass", "target": "plugin", "slug": "shopwarden", "versions": "<=1.0.11", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "shopwarden"}, {"name": "ARGS:action", "type": "equals", "value": "save_setting"}, {"name": "ARGS:key", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-13365-01": {"cve": "CVE-2024-13365", "description": "Security & Malware scan by CleanTalk <=2.149 unauthenticated arbitrary file upload via spbc_check_file_block AJAX action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-13365", "severity": 9.8, "tags": ["arbitrary-file-upload", "unauthenticated", "missing-authorization", "remote-code-execution"], "mode": "pass", "target": "plugin", "slug": "security-malware-firewall", "versions": "<=2.149", "method": "POST", "ajax_action": "spbc_check_file_block", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-13508-01": {"cve": "CVE-2024-13508", "mode": "pass", "target": "plugin", "slug": "booking-package", "versions": "<=1.6.72", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:locale", "type": "detectXSS"}], "severity": 6.1}, "RULE-CVE-2024-13508-02": {"cve": "CVE-2024-13508", "mode": "pass", "target": "plugin", "slug": "booking-package", "versions": "<=1.6.72", "method": "POST", "ajax_action": "package_app_public_action", "conditions": [{"name": "ARGS:locale", "type": "detectXSS"}], "severity": 6.1}, "RULE-CVE-2024-13508-03": {"cve": "CVE-2024-13508", "mode": "pass", "target": "plugin", "slug": "booking-package", "versions": "<=1.6.72", "method": "POST", "ajax_action": "package_app_action", "conditions": [{"name": "ARGS:locale", "type": "detectXSS"}], "severity": 6.1}, "RULE-CVE-2024-13789-01": {"cve": "CVE-2024-13789", "mode": "pass", "target": "plugin", "slug": "ravpage", "versions": "<=2.31", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/__ravpage/api([#?]|$)~"}, {"name": "ARGS:paramsv2", "type": "regex", "value": "~(?:Tzo|Qzo)~"}], "severity": 9.8}, "RULE-CVE-2024-1751-01": {"cve": "CVE-2024-1751", "description": "Tutor LMS <=2.6.1 authenticated SQL injection via question_id in tutor_qna_single_action AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-1751", "severity": 8.8, "tags": ["sql-injection", "time-based-blind", "authenticated"], "mode": "pass", "target": "plugin", "slug": "tutor", "versions": "<=2.6.1", "method": "POST", "ajax_action": "tutor_qna_single_action", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "tutor_qna_single_action"}, {"name": "ARGS:question_id", "type": "detectSQLi"}]}, "RULE-CVE-2024-1751-02": {"cve": "CVE-2024-1751", "description": "Tutor LMS <=2.6.1 authenticated SQL injection via question_id in tutor_q_and_a_load_more AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-1751", "severity": 8.8, "tags": ["sql-injection", "time-based-blind", "authenticated"], "mode": "pass", "target": "plugin", "slug": "tutor", "versions": "<=2.6.1", "method": "POST", "ajax_action": "tutor_q_and_a_load_more", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "tutor_q_and_a_load_more"}, {"name": "ARGS:question_id", "type": "detectSQLi"}]}, "RULE-CVE-2024-1755-01": {"cve": "CVE-2024-1755", "mode": "pass", "target": "plugin", "slug": "nps-computy", "versions": "<=2.7.5", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "nps-plugin-options"}, {"name": "ARGS:event", "type": "equals", "value": "delete_all"}], "severity": 8.8}, "RULE-CVE-2024-1755-02": {"cve": "CVE-2024-1755", "mode": "pass", "target": "plugin", "slug": "nps-computy", "versions": "<=2.7.5", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "nps-plugin-options"}, {"name": "ARGS:event", "type": "equals", "value": "delete"}, {"name": "ARGS:id", "type": "regex", "value": "~^[0-9]+$~i"}], "severity": 8.8}, "RULE-CVE-2024-1982-01": {"cve": "CVE-2024-1982", "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.68", "ajax_action": "wpvivid_restore", "method": "POST", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.1}, "RULE-CVE-2024-1982-02": {"cve": "CVE-2024-1982", "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.68", "ajax_action": "wpvivid_get_restore_progress", "method": "POST", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.1}, "RULE-CVE-2024-1982-03": {"cve": "CVE-2024-1982", "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.68", "ajax_action": "wpvividstg_start_staging_free", "method": "POST", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.1}, "RULE-CVE-2024-1982-04": {"cve": "CVE-2024-1982", "mode": "pass", "target": "plugin", "slug": "wpvivid-backuprestore", "versions": "<=0.9.68", "ajax_action": "wpvividstg_get_staging_progress_free", "method": "POST", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.1}, "RULE-CVE-2024-1991-01": {"cve": "CVE-2024-1991", "mode": "pass", "target": "plugin", "slug": "custom-registration-form-builder-with-submission-manager", "versions": "<=5.3.0.0", "method": "POST", "ajax_action": "rm_update_users_role", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-21751-01": {"cve": "CVE-2024-21751", "mode": "pass", "target": "plugin", "slug": "rabbit-loader", "versions": "<=2.19.13", "ajax_action": "rabbitloader_ajax_purge", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-21751-02": {"cve": "CVE-2024-21751", "mode": "pass", "target": "plugin", "slug": "rabbit-loader", "versions": "<=2.19.13", "ajax_action": "rabbitloader_mode_change", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-21751-03": {"cve": "CVE-2024-21751", "mode": "pass", "target": "plugin", "slug": "rabbit-loader", "versions": "<=2.19.13", "ajax_action": "rabbitloader_ajax_cron", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-21751-04": {"cve": "CVE-2024-21751", "mode": "pass", "target": "plugin", "slug": "rabbit-loader", "versions": "<=2.19.13", "ajax_action": "rabbitloader_ajax_survey_dismissed", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-2417-01": {"cve": "CVE-2024-2417", "description": "User Registration <=3.1.5 missing authorization in form_save_action allows subscriber+ privilege escalation", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-2417", "severity": 8.8, "tags": ["missing-authorization", "privilege-escalation", "broken-access-control"], "mode": "pass", "target": "plugin", "slug": "user-registration", "versions": "<=3.1.5", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "user_registration_form_save_action"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-25935-01": {"cve": "CVE-2024-25935", "mode": "pass", "target": "plugin", "slug": "custom-registration-form-builder-with-submission-manager", "versions": "<=5.2.5.9", "method": "POST", "ajax_action": "rm_options_default_payment_method", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2024-29117-01": {"cve": "CVE-2024-29117", "mode": "pass", "target": "plugin", "slug": "contact-forms", "versions": "<=1.7.0", "method": "POST", "ajax_action": "accua_form_submit", "conditions": [{"name": "ARGS:message", "type": "regex", "value": "~<(?:script|iframe|img|svg)[^>]*>~i"}], "severity": 6.1}, "RULE-CVE-2024-3050-01": {"cve": "CVE-2024-3050", "description": "Site Reviews <7.0.0 IP address spoofing via untrusted proxy headers on unauthenticated review submission \u2014 CAPABILITY GATE WORKAROUND (WAF cannot inspect HTTP headers where exploit payload resides)", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-3050", "severity": 9.1, "tags": ["ip-spoofing", "authentication-bypass", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "site-reviews", "versions": "<7.0.0", "method": "POST", "ajax_action": "glsr_action", "conditions": [{"name": "ARGS:site-reviews[_action]", "type": "equals", "value": "submit-review"}, {"type": "missing_capability", "value": "moderate_comments"}]}, "RULE-CVE-2024-30501-01": {"cve": "CVE-2024-30501", "mode": "pass", "target": "plugin", "slug": "download-monitor", "versions": "<=4.9.4", "method": "GET", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^(?:/wp-json)?/download-monitor/v1/~"}, {"name": "ARGS:limit", "type": "detectSQLi"}], "severity": 7.2}, "RULE-CVE-2024-30501-02": {"cve": "CVE-2024-30501", "mode": "pass", "target": "plugin", "slug": "download-monitor", "versions": "<=4.9.4", "method": "POST", "ajax_action": "dlm_top_downloads_reports", "conditions": [{"name": "ARGS:limit", "type": "detectSQLi"}], "severity": 7.2}, "RULE-CVE-2024-31113-01": {"cve": "CVE-2024-31113", "mode": "pass", "target": "plugin", "slug": "easy-digital-downloads", "versions": "<=3.2.11", "method": "POST", "ajax_action": "edd_recapture_remote_install", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-3495-01": {"cve": "CVE-2024-3495", "mode": "pass", "target": "plugin", "slug": "country-state-city-auto-dropdown", "versions": "<=2.7.2", "method": "POST", "ajax_action": "tc_csca_get_states", "conditions": [{"name": "ARGS:cnt", "type": "detectSQLi"}], "severity": 9.8}, "RULE-CVE-2024-3495-02": {"cve": "CVE-2024-3495", "mode": "pass", "target": "plugin", "slug": "country-state-city-auto-dropdown", "versions": "<=2.7.2", "method": "POST", "ajax_action": "tc_csca_get_cities", "conditions": [{"name": "ARGS:sid", "type": "detectSQLi"}], "severity": 9.8}, "RULE-CVE-2024-3549-01": {"cve": "CVE-2024-3549", "mode": "pass", "target": "plugin", "slug": "blog2social", "versions": "<=7.4.1", "method": "POST", "ajax_action": "b2s_sort_data", "conditions": [{"name": "ARGS:b2sSortPostType", "type": "detectSQLi"}], "severity": 9.9}, "RULE-CVE-2024-3592-01": {"cve": "CVE-2024-3592", "mode": "pass", "target": "plugin", "slug": "quiz-master-next", "versions": "<=9.0.1", "method": "POST", "ajax_action": "qsm_bulk_delete_question_from_database", "conditions": [{"name": "ARGS:question_id", "type": "regex", "value": "~[^0-9,]~"}, {"type": "missing_capability", "value": "delete_published_posts"}], "severity": 6.5}, "RULE-CVE-2024-3592-02": {"cve": "CVE-2024-3592", "mode": "pass", "target": "plugin", "slug": "quiz-master-next", "versions": "<=9.0.1", "method": "POST", "ajax_action": "qsm_delete_question_from_database", "conditions": [{"name": "ARGS:question_id", "type": "regex", "value": "~[^0-9,]~"}, {"type": "missing_capability", "value": "delete_published_posts"}], "severity": 6.5}, "RULE-CVE-2024-3729-03": {"cve": "CVE-2024-3729", "mode": "pass", "target": "plugin", "slug": "acf-frontend-form-element", "versions": "<=3.19.4", "severity": 9.8, "method": "POST", "ajax_action": "frontend_admin/form_submit", "conditions": [{"name": "ARGS:role", "type": "regex", "value": "~^(administrator|editor|author)$~i"}]}, "RULE-CVE-2024-3729-04": {"cve": "CVE-2024-3729", "mode": "pass", "target": "plugin", "slug": "acf-frontend-form-element", "versions": "<=3.19.4", "severity": 9.8, "method": "POST", "ajax_action": "frontend_admin/validate_form_submit", "conditions": [{"name": "ARGS:role", "type": "regex", "value": "~^(administrator|editor|author)$~i"}]}, "RULE-CVE-2024-39635-01": {"cve": "CVE-2024-39635", "severity": 5.4, "mode": "pass", "target": "plugin", "slug": "youzify", "versions": "<=1.2.7", "method": "POST", "ajax_action": "youzify_admin_data_save", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-39635-02": {"cve": "CVE-2024-39635", "severity": 5.4, "mode": "pass", "target": "plugin", "slug": "youzify", "versions": "<=1.2.7", "method": "POST", "ajax_action": "youzify_reset_settings", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-39649-01": {"cve": "CVE-2024-39649", "severity": 6.5, "mode": "pass", "target": "plugin", "slug": "essential-addons-for-elementor-lite", "versions": "<=5.9.26", "method": "POST", "ajax_action": "elementor_ajax", "conditions": [{"name": "ARGS:actions", "type": "detectXSS"}]}, "RULE-CVE-2024-4180-01": {"cve": "CVE-2024-4180", "description": "The Events Calendar <=6.4.0 reflected XSS via view=reflector in AJAX fallback handler (POST)", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-4180", "severity": 9.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "the-events-calendar", "versions": "<=6.4.0", "method": "POST", "ajax_action": "tribe_events_views_v2_fallback", "conditions": [{"name": "ARGS:view", "type": "equals", "value": "reflector"}]}, "RULE-CVE-2024-4180-02": {"cve": "CVE-2024-4180", "description": "The Events Calendar <=6.4.0 reflected XSS via view=reflector in AJAX fallback handler (GET)", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-4180", "severity": 9.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "the-events-calendar", "versions": "<=6.4.0", "method": "GET", "ajax_action": "tribe_events_views_v2_fallback", "conditions": [{"name": "ARGS:view", "type": "equals", "value": "reflector"}]}, "RULE-CVE-2024-43304-01": {"cve": "CVE-2024-43304", "mode": "pass", "target": "plugin", "slug": "cryptocurrency-price-ticker-widget", "versions": "<=2.8.0", "method": "POST", "ajax_action": "ccpw_get_coins_list", "conditions": [{"name": "ARGS:requiredCurrencies", "type": "detectXSS"}], "severity": 6.1}, "RULE-CVE-2024-43314-01": {"cve": "CVE-2024-43314", "severity": 4.3, "mode": "pass", "target": "plugin", "slug": "wp-asset-clean-up", "versions": "<=1.3.9.3", "action": "admin_post", "method": "POST", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-4366-01": {"cve": "CVE-2024-4366", "mode": "pass", "target": "plugin", "slug": "ultimate-addons-for-gutenberg", "versions": "<=2.13.0", "method": "POST", "ajax_action": "uag_load_image_gallery_masonry", "conditions": [{"type": "missing_capability", "value": "manage_options"}, {"name": "ARGS:block_id", "type": "detectXSS"}], "severity": 5.4}, "RULE-CVE-2024-4366-02": {"cve": "CVE-2024-4366", "mode": "pass", "target": "plugin", "slug": "ultimate-addons-for-gutenberg", "versions": "<=2.13.0", "method": "POST", "ajax_action": "uag_load_image_gallery_grid_pagination", "conditions": [{"type": "missing_capability", "value": "manage_options"}, {"name": "ARGS:block_id", "type": "detectXSS"}], "severity": 5.4}, "RULE-CVE-2024-43924-01": {"cve": "CVE-2024-43924", "mode": "pass", "target": "plugin", "slug": "responsive-lightbox", "versions": "<=2.4.7", "ajax_action": "save-attachment-compat", "conditions": [{"name": "ARGS:attachment_ids", "type": "exists"}, {"type": "missing_capability", "value": "edit_posts"}], "severity": 9.8}, "RULE-CVE-2024-43924-02": {"cve": "CVE-2024-43924", "mode": "pass", "target": "plugin", "slug": "responsive-lightbox", "versions": "<=2.4.7", "ajax_action": "rl-folders-move-attachments", "conditions": [{"name": "ARGS:attachment_ids", "type": "exists"}, {"type": "missing_capability", "value": "edit_posts"}], "severity": 9.8}, "RULE-CVE-2024-43924-03": {"cve": "CVE-2024-43924", "mode": "pass", "target": "plugin", "slug": "responsive-lightbox", "versions": "<=2.4.7", "ajax_action": "rl-deactivate-plugin", "conditions": [{"name": "ARGS:section", "type": "exists"}, {"type": "missing_capability", "value": "install_plugins"}], "severity": 9.8}, "RULE-CVE-2024-4434-01": {"cve": "CVE-2024-4434", "description": "LearnPress <= 4.2.6.5 unauthenticated time-based SQL injection via term_id in public course/category listings (Wordfence/NVD: term_id SQLi, unauthenticated, CWE-89)", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-4434", "severity": 9.8, "tags": ["sqli", "unauth", "learnpress", "term_id"], "mode": "pass", "target": "plugin", "slug": "learnpress", "versions": "<=4.2.6.5", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:term_id", "type": "exists"}, {"name": "ARGS:term_id", "type": "detectSQLi"}]}, "RULE-CVE-2024-47308-01": {"cve": "CVE-2024-47308", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "templately", "versions": "<=3.1.2", "ajax_action": "templately_import_settings", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-47308-02": {"cve": "CVE-2024-47308", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "templately", "versions": "<=3.1.2", "ajax_action": "templately_pack_import", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-47361-01": {"cve": "CVE-2024-47361", "mode": "pass", "target": "plugin", "slug": "addon-elements-for-elementor-page-builder", "versions": "<=1.13.6", "method": "POST", "ajax_action": "eae_refresh_insta_cache", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "eae_refresh_insta_cache"}, {"name": "ARGS:transient_key", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-48044-01": {"cve": "CVE-2024-48044", "severity": 5.4, "mode": "pass", "target": "plugin", "slug": "shortpixel-image-optimiser", "versions": "<=5.6.3", "method": "POST", "ajax_action": "shortpixel_process_queue", "conditions": [{"type": "missing_capability", "value": "edit_posts"}]}, "RULE-CVE-2024-48044-02": {"cve": "CVE-2024-48044", "severity": 5.4, "mode": "pass", "target": "plugin", "slug": "shortpixel-image-optimiser", "versions": "<=5.6.3", "method": "POST", "ajax_action": "shortpixel_ajax_request", "conditions": [{"name": "ARGS:screen_action", "type": "exists"}, {"name": "ARGS:screen_action", "type": "regex", "value": "~^(applyBulkSelection|startBulk|startMigrateAll|startMigrateSelected|toolsRemoveAll|toolsRemoveSelected|toolsRollbackAll|toolsRollbackSelected|foldersAddFolder|foldersRenameFolder|foldersRemoveFolder|toolsViewLog|toolsDownloadLog)$~i"}, {"type": "missing_capability", "value": "edit_posts"}]}, "RULE-CVE-2024-48044-03": {"cve": "CVE-2024-48044", "severity": 5.4, "mode": "pass", "target": "plugin", "slug": "shortpixel-image-optimiser", "versions": "<=5.6.3", "method": "POST", "ajax_action": "shortpixel_ajax_request", "conditions": [{"name": "ARGS:screen_action", "type": "exists"}, {"name": "ARGS:screen_action", "type": "regex", "value": "~^(startMigrateAll|toolsRemoveAll|toolsRollbackAll)$~i"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-48044-04": {"cve": "CVE-2024-48044", "severity": 5.4, "mode": "pass", "target": "plugin", "slug": "shortpixel-image-optimiser", "versions": "<=5.6.3", "method": "POST", "ajax_action": "shortpixel_ajax_request", "conditions": [{"name": "ARGS:screen_action", "type": "exists"}, {"name": "ARGS:screen_action", "type": "regex", "value": "~^(optimizeItem|markCompleted|unMarkCompleted|cancelOptimize|restoreItem|reOptimizeItem|getItemEditWarning)$~i"}, {"name": "ARGS:id", "type": "exists"}, {"name": "ARGS:type", "type": "exists"}, {"type": "missing_capability", "value": "edit_posts"}]}, "RULE-CVE-2024-49252-01": {"cve": "CVE-2024-49252", "mode": "pass", "target": "plugin", "slug": "leyka", "versions": "<=3.31.6", "method": "POST", "ajax_action": "leyka_upload_l10n", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 5.3}, "RULE-CVE-2024-49633-01": {"cve": "CVE-2024-49633", "mode": "pass", "target": "plugin", "slug": "directorypress", "versions": "<=3.6.19", "method": "POST", "ajax_action": "directorypress_handler_request", "conditions": [{"name": "ARGS:hash", "type": "detectXSS"}], "severity": 6.1}, "RULE-CVE-2024-49644-01": {"cve": "CVE-2024-49644", "description": "Accessibility by AllAccessible <=1.3.4 authenticated (Subscriber+) arbitrary option update via AllAccessible_save_settings AJAX action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-49644", "severity": 8.8, "tags": ["missing-authorization", "privilege-escalation", "arbitrary-option-update"], "mode": "pass", "target": "plugin", "slug": "allaccessible", "versions": "<=1.3.4", "method": "POST", "ajax_action": "AllAccessible_save_settings", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-5020-01": {"cve": "CVE-2024-5020", "severity": 6.4, "mode": "pass", "target": "plugin", "slug": "accordion-slider", "versions": "<=1.9.12", "method": "POST", "ajax_action": "accordion_slider_save_accordion", "conditions": [{"name": "ARGS:data", "type": "detectXSS"}]}, "RULE-CVE-2024-5020-02": {"cve": "CVE-2024-5020", "severity": 6.4, "mode": "pass", "target": "plugin", "slug": "accordion-slider", "versions": "<=1.9.12", "method": "POST", "ajax_action": "accordion_slider_preview_accordion", "conditions": [{"name": "ARGS:data", "type": "detectXSS"}]}, "RULE-CVE-2024-5020-03": {"cve": "CVE-2024-5020", "severity": 6.4, "mode": "pass", "target": "plugin", "slug": "accordion-slider", "versions": "<=1.9.12", "method": "POST", "ajax_action": "accordion_slider_import_accordion", "conditions": [{"name": "ARGS:data", "type": "detectXSS"}]}, "RULE-CVE-2024-51667-01": {"cve": "CVE-2024-51667", "mode": "pass", "target": "plugin", "slug": "paytium", "versions": "<=4.4.10", "method": "POST", "ajax_action": "paytium_emails_attachments", "conditions": [{"type": "missing_capability", "value": "edit_posts"}], "severity": 4.3}, "RULE-CVE-2024-5450-01": {"cve": "CVE-2024-5450", "mode": "pass", "target": "plugin", "slug": "bug-library", "versions": "<2.1.1", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:new-bug-title", "type": "exists"}, {"name": "FILES:attachimage", "type": "exists"}], "severity": 9.1}, "RULE-CVE-2024-56276-01": {"cve": "CVE-2024-56276", "mode": "pass", "target": "plugin", "slug": "wpforms-lite", "versions": "<=1.9.2.2", "method": "POST", "ajax_action": "wpforms_lite_settings_upgrade", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-6028-01": {"cve": "CVE-2024-6028", "mode": "pass", "target": "plugin", "slug": "quiz-maker", "versions": "<=6.5.8.3", "severity": 9.8, "method": "POST", "action": "init", "conditions": [{"name": "ARGS:ays_questions", "type": "regex", "value": "~[^0-9,]~"}]}, "RULE-CVE-2024-6088-01": {"cve": "CVE-2024-6088", "mode": "pass", "target": "plugin", "slug": "learnpress", "versions": "<=4.2.6.8.1", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:/wp-json/learnpress/v1/(?:users/)?register(?:[/?&#]|$)|[?&]rest_route=/learnpress/v1/(?:users/)?register(?:[/?&#]|$))~i"}], "severity": 5.3}, "RULE-CVE-2024-6265-01": {"cve": "CVE-2024-6265", "description": "UsersWP <=1.2.10 unauthenticated SQL injection via uwp_sort_by parameter on front-end users page", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-6265", "severity": 9.8, "tags": ["sql-injection", "unauthenticated", "order-by-injection"], "mode": "pass", "target": "plugin", "slug": "userswp", "versions": "<=1.2.10", "action": "init", "conditions": [{"name": "ARGS:uwp_sort_by", "type": "detectSQLi"}]}, "RULE-CVE-2024-6265-02": {"cve": "CVE-2024-6265", "description": "UsersWP <=1.2.10 unauthenticated SQL injection via uwp_sort_by on AJAX user sorting handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-6265", "severity": 9.8, "tags": ["sql-injection", "unauthenticated", "order-by-injection", "ajax"], "mode": "pass", "target": "plugin", "slug": "userswp", "versions": "<=1.2.10", "ajax_action": "uwp_ajax_user_sorting_action", "conditions": [{"name": "ARGS:uwp_sort_by", "type": "detectSQLi"}]}, "RULE-CVE-2024-6624-01": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:json", "type": "regex", "value": "~user/register~i"}, {"name": "ARGS:custom_fields[wp_capabilities]", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-02": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:json", "type": "regex", "value": "~user/register~i"}, {"name": "ARGS:custom_fields[wp_user_level]", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-03": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:json", "type": "regex", "value": "~user/update_user_meta~i"}, {"name": "ARGS:meta_key", "type": "regex", "value": "~^wp_(capabilities|user_level)$~i"}], "severity": 9.8}, "RULE-CVE-2024-6624-04": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:json", "type": "regex", "value": "~user/update_user_meta~i"}, {"name": "ARGS:wp_capabilities", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-05": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:json", "type": "regex", "value": "~user/update_user_meta~i"}, {"name": "ARGS:wp_user_level", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-06": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "POST", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/api/user/register~i"}, {"name": "ARGS:custom_fields[wp_capabilities]", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-07": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "POST", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/api/user/register~i"}, {"name": "ARGS:custom_fields[wp_user_level]", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-08": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "POST", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/api/user/update_user_meta~i"}, {"name": "ARGS:meta_key", "type": "regex", "value": "~^wp_(capabilities|user_level)$~i"}], "severity": 9.8}, "RULE-CVE-2024-6624-09": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "POST", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/api/user/update_user_meta~i"}, {"name": "ARGS:wp_capabilities", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-10": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "POST", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/api/user/update_user_meta~i"}, {"name": "ARGS:wp_user_level", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-01G": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:json", "type": "regex", "value": "~user/register~i"}, {"name": "ARGS:custom_fields[wp_capabilities]", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-02G": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:json", "type": "regex", "value": "~user/register~i"}, {"name": "ARGS:custom_fields[wp_user_level]", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-03G": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:json", "type": "regex", "value": "~user/update_user_meta~i"}, {"name": "ARGS:meta_key", "type": "regex", "value": "~^wp_(capabilities|user_level)$~i"}], "severity": 9.8}, "RULE-CVE-2024-6624-04G": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:json", "type": "regex", "value": "~user/update_user_meta~i"}, {"name": "ARGS:wp_capabilities", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-05G": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:json", "type": "regex", "value": "~user/update_user_meta~i"}, {"name": "ARGS:wp_user_level", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-06G": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "GET", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/api/user/register~i"}, {"name": "ARGS:custom_fields[wp_capabilities]", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-07G": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "GET", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/api/user/register~i"}, {"name": "ARGS:custom_fields[wp_user_level]", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-08G": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "GET", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/api/user/update_user_meta~i"}, {"name": "ARGS:meta_key", "type": "regex", "value": "~^wp_(capabilities|user_level)$~i"}], "severity": 9.8}, "RULE-CVE-2024-6624-09G": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "GET", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/api/user/update_user_meta~i"}, {"name": "ARGS:wp_capabilities", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6624-10G": {"cve": "CVE-2024-6624", "mode": "pass", "target": "plugin", "slug": "json-api-user", "versions": "<=3.9.3", "method": "GET", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~/api/user/update_user_meta~i"}, {"name": "ARGS:wp_user_level", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2024-6757-01": {"cve": "CVE-2024-6757", "mode": "pass", "target": "plugin", "slug": "elementor", "versions": "<=3.24.5", "method": "POST", "ajax_action": "elementor_ajax", "conditions": [{"type": "missing_capability", "value": "edit_posts"}, {"name": "ARGS:actions", "type": "exists"}], "severity": 4.3}, "RULE-CVE-2024-6809-01": {"cve": "CVE-2024-6809", "description": "Simple Video Directory <=1.4.2 unauthenticated SQL injection via id parameter in qcsmd_upvote_action AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-6809", "severity": 9.8, "tags": ["sql-injection", "unauthenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "simple-media-directory", "versions": "<=1.4.2", "method": "POST", "ajax_action": "qcsmd_upvote_action", "conditions": [{"name": "ARGS:id", "type": "detectSQLi"}]}, "RULE-CVE-2024-7031-01": {"cve": "CVE-2024-7031", "mode": "pass", "target": "plugin", "slug": "filester", "versions": "<=1.8.2", "method": "POST", "ajax_action": "njt_fs_save_setting_restrictions", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-7031-02": {"cve": "CVE-2024-7031", "mode": "pass", "target": "plugin", "slug": "filester", "versions": "<=1.8.2", "method": "POST", "ajax_action": "njt_fs_save_setting", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2024-7385-01": {"cve": "CVE-2024-7385", "description": "WordPress Simple HTML Sitemap <=3.1 authenticated (Admin+) SQL injection via id parameter in wshs_saved delete action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-7385", "severity": 7.2, "tags": ["sql-injection", "authenticated", "admin-page"], "mode": "pass", "target": "plugin", "slug": "wp-simple-html-sitemap", "versions": "<=3.1", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "wshs_saved"}, {"name": "ARGS:action", "type": "equals", "value": "delete"}, {"name": "ARGS:id", "type": "detectSQLi"}]}, "RULE-CVE-2024-7385-02": {"cve": "CVE-2024-7385", "description": "WordPress Simple HTML Sitemap <=3.1 SQL injection via id parameter in wshs_save_shortcode AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-7385", "severity": 7.2, "tags": ["sql-injection", "authenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "wp-simple-html-sitemap", "versions": "<=3.1", "method": "POST", "ajax_action": "wshs_save_shortcode", "conditions": [{"name": "ARGS:id", "type": "detectSQLi"}]}, "RULE-CVE-2024-7493-01": {"cve": "CVE-2024-7493", "description": "WPCOM Member <=1.5.2.1 unauthenticated privilege escalation via role parameter in registration", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-7493", "severity": 9.8, "tags": ["privilege-escalation", "unauthenticated", "mass-assignment"], "mode": "pass", "target": "plugin", "slug": "wpcom-member", "versions": "<=1.5.2.1", "method": "POST", "ajax_action": "wpcom_register", "conditions": [{"name": "ARGS:role", "type": "exists"}]}, "RULE-CVE-2024-7493-02": {"cve": "CVE-2024-7493", "description": "WPCOM Member <=1.5.2.1 unauthenticated privilege escalation via meta_input wp_capabilities", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-7493", "severity": 9.8, "tags": ["privilege-escalation", "unauthenticated", "mass-assignment"], "mode": "pass", "target": "plugin", "slug": "wpcom-member", "versions": "<=1.5.2.1", "method": "POST", "ajax_action": "wpcom_register", "conditions": [{"name": "ARGS:meta_input[wp_capabilities]", "type": "exists"}]}, "RULE-CVE-2024-7493-03": {"cve": "CVE-2024-7493", "description": "WPCOM Member <=1.5.2.1 unauthenticated privilege escalation via meta_input wp_user_level", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-7493", "severity": 9.8, "tags": ["privilege-escalation", "unauthenticated", "mass-assignment"], "mode": "pass", "target": "plugin", "slug": "wpcom-member", "versions": "<=1.5.2.1", "method": "POST", "ajax_action": "wpcom_register", "conditions": [{"name": "ARGS:meta_input[wp_user_level]", "type": "exists"}]}, "RULE-CVE-2024-7857-01": {"cve": "CVE-2024-7857", "mode": "pass", "target": "plugin", "slug": "media-library-plus", "versions": "<=8.2.2", "method": "POST", "ajax_action": "mlf_change_sort_type", "conditions": [{"name": "ARGS:sort_type", "type": "detectSQLi"}], "severity": 6.5}, "RULE-CVE-2024-7982-01": {"cve": "CVE-2024-7982", "description": "Registrations for the Events Calendar <=2.12.3 unauthenticated stored XSS via first_name in registration form submission", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-7982", "severity": 9.6, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "registrations-for-the-events-calendar", "versions": "<=2.12.3", "method": "POST", "ajax_action": "rtec_process_form_submission", "conditions": [{"name": "ARGS:first_name", "type": "detectXSS"}]}, "RULE-CVE-2024-7982-02": {"cve": "CVE-2024-7982", "description": "Registrations for the Events Calendar <=2.12.3 unauthenticated stored XSS via last_name in registration form submission", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-7982", "severity": 9.6, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "registrations-for-the-events-calendar", "versions": "<=2.12.3", "method": "POST", "ajax_action": "rtec_process_form_submission", "conditions": [{"name": "ARGS:last_name", "type": "detectXSS"}]}, "RULE-CVE-2024-8853-01": {"cve": "CVE-2024-8853", "description": "Webo-facto <=1.40 unauthenticated privilege escalation via user_login containing -wfuser substring", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-8853", "severity": 9.8, "tags": ["privilege-escalation", "unauthenticated", "improper-privilege-management"], "mode": "pass", "target": "plugin", "slug": "webo-facto-connector", "versions": "<=1.40", "method": "POST", "action": "wp_loaded", "conditions": [{"name": "ARGS:user_login", "type": "contains", "value": "-wfuser"}]}, "RULE-CVE-2024-9769-01": {"cve": "CVE-2024-9769", "severity": 4.4, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=2.4.1", "method": "POST", "ajax_action": "tsvg_check_attachment", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-9769-02": {"cve": "CVE-2024-9769", "severity": 4.4, "mode": "pass", "target": "plugin", "slug": "gallery-videos", "versions": "<=2.4.1", "method": "POST", "ajax_action": "tsvg_get_attachment_id", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2024-9881-01": {"cve": "CVE-2024-9881", "severity": 4.8, "mode": "pass", "target": "plugin", "slug": "learnpress", "versions": "<4.2.7.2", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "learn-press-settings"}, {"name": "ARGS:learn_press_offline_payment[description]", "type": "detectXSS"}, {"type": "missing_capability", "value": "unfiltered_html"}]}, "RULE-CVE-2025-0969-01": {"cve": "CVE-2025-0969", "description": "Brizy Page Builder <=2.7.16 authenticated sensitive information exposure via brizy_get_users AJAX action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-0969", "severity": 6.5, "tags": ["missing-authorization", "sensitive-information-exposure", "broken-access-control"], "mode": "pass", "target": "plugin", "slug": "brizy", "versions": "<=2.7.16", "ajax_action": "brizy_get_users", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-10299-01": {"cve": "CVE-2025-10299", "severity": 8.8, "mode": "pass", "target": "plugin", "slug": "create-temporary-login", "versions": "<=1.0.7", "ajax_action": "ctl_create_link", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-10476-01": {"cve": "CVE-2025-10476", "mode": "pass", "target": "plugin", "slug": "wp-fastest-cache", "versions": "<=1.4.0", "ajax_action": "wpfc_db_fix", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 4.3}, "RULE-CVE-2025-10487-01": {"cve": "CVE-2025-10487", "description": "Advanced Ads <=2.0.12 unauthenticated limited RCE via ad_method parameter in advads_ad_select AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-10487", "severity": 7.3, "tags": ["code-injection", "unauthenticated", "function-injection"], "mode": "pass", "target": "plugin", "slug": "advanced-ads", "versions": "<=2.0.12", "ajax_action": "advads_ad_select", "conditions": [{"name": "ARGS:ad_method", "type": "regex", "value": "~^(?!ad$|group$|placement$|id$).+~"}]}, "RULE-CVE-2025-10587-01": {"cve": "CVE-2025-10587", "mode": "pass", "target": "plugin", "slug": "community-events", "versions": "<=1.5.1", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:event_name", "type": "exists"}, {"name": "ARGS:event_category", "type": "detectSQLi"}], "severity": 9.8}, "RULE-CVE-2025-10587-02": {"cve": "CVE-2025-10587", "mode": "pass", "target": "plugin", "slug": "community-events", "versions": "<=1.5.1", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:event_name", "type": "exists"}, {"name": "ARGS:event_venue", "type": "detectSQLi"}], "severity": 9.8}, "RULE-CVE-2025-11007-01": {"cve": "CVE-2025-11007", "mode": "pass", "target": "plugin", "slug": "ce21-suite", "versions": ">=2.2.1 <=2.3.1", "method": "POST", "ajax_action": "ce21_single_sign_on_save_api_settings", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2025-11204-01": {"cve": "CVE-2025-11204", "mode": "pass", "target": "plugin", "slug": "custom-registration-form-builder-with-submission-manager", "versions": "<=6.0.6.2", "method": "GET", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "rm_form_reports"}, {"name": "ARGS:rm_form_id", "type": "detectSQLi"}], "severity": 7.2}, "RULE-CVE-2025-11204-02": {"cve": "CVE-2025-11204", "mode": "pass", "target": "plugin", "slug": "custom-registration-form-builder-with-submission-manager", "versions": "<=6.0.6.2", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "rm_form_reports"}, {"name": "ARGS:rm_form_id", "type": "detectSQLi"}], "severity": 7.2}, "RULE-CVE-2025-11204-03": {"cve": "CVE-2025-11204", "mode": "pass", "target": "plugin", "slug": "custom-registration-form-builder-with-submission-manager", "versions": "<=6.0.6.2", "method": "POST", "ajax_action": "rm_get_stats", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "rm_get_stats"}, {"name": "ARGS:rm_form_id", "type": "detectSQLi"}], "severity": 7.2}, "RULE-CVE-2025-11204-04": {"cve": "CVE-2025-11204", "mode": "pass", "target": "plugin", "slug": "custom-registration-form-builder-with-submission-manager", "versions": "<=6.0.6.2", "method": "GET", "ajax_action": "rm_get_stats", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "rm_get_stats"}, {"name": "ARGS:rm_form_id", "type": "detectSQLi"}], "severity": 7.2}, "RULE-CVE-2025-11454-01": {"cve": "CVE-2025-11454", "description": "Specific Content For Mobile <=0.5.5 authenticated SQL injection via post parameter in eos_scfm_duplicate_post_as_draft admin action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-11454", "severity": 6.5, "tags": ["sql-injection", "authenticated", "contributor"], "mode": "pass", "target": "plugin", "slug": "specific-content-for-mobile", "versions": "<=0.5.5", "method": "GET", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "eos_scfm_duplicate_post_as_draft"}, {"name": "ARGS:post", "type": "regex", "value": "~[^0-9]~"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-11705-01": {"cve": "CVE-2025-11705", "description": "Anti-Malware Security and Brute-Force Firewall <=4.23.81 authenticated arbitrary file read via GOTMLS_scan AJAX action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-11705", "severity": 6.5, "tags": ["missing-authorization", "arbitrary-file-read", "authenticated"], "mode": "pass", "target": "plugin", "slug": "gotmls", "versions": "<=4.23.81", "method": "POST", "ajax_action": "GOTMLS_scan", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-11705-02": {"cve": "CVE-2025-11705", "description": "Anti-Malware Security and Brute-Force Firewall <=4.23.81 missing authorization on GOTMLS_View_Quarantine AJAX action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-11705", "severity": 6.5, "tags": ["missing-authorization", "information-disclosure", "authenticated"], "mode": "pass", "target": "plugin", "slug": "gotmls", "versions": "<=4.23.81", "method": "POST", "ajax_action": "GOTMLS_View_Quarantine", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-11705-03": {"cve": "CVE-2025-11705", "description": "Anti-Malware Security and Brute-Force Firewall <=4.23.81 missing authorization on GOTMLS_load_update AJAX action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-11705", "severity": 6.5, "tags": ["missing-authorization", "authenticated"], "mode": "pass", "target": "plugin", "slug": "gotmls", "versions": "<=4.23.81", "method": "POST", "ajax_action": "GOTMLS_load_update", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-11705-04": {"cve": "CVE-2025-11705", "description": "Anti-Malware Security and Brute-Force Firewall <=4.23.81 missing authorization on GOTMLS_empty_trash AJAX action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-11705", "severity": 6.5, "tags": ["missing-authorization", "authenticated"], "mode": "pass", "target": "plugin", "slug": "gotmls", "versions": "<=4.23.81", "method": "POST", "ajax_action": "GOTMLS_empty_trash", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-11705-05": {"cve": "CVE-2025-11705", "description": "Anti-Malware Security and Brute-Force Firewall <=4.23.81 missing authorization on GOTMLS_whitelist AJAX action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-11705", "severity": 6.5, "tags": ["missing-authorization", "authenticated"], "mode": "pass", "target": "plugin", "slug": "gotmls", "versions": "<=4.23.81", "method": "POST", "ajax_action": "GOTMLS_whitelist", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-11705-06": {"cve": "CVE-2025-11705", "description": "Anti-Malware Security and Brute-Force Firewall <=4.23.81 missing authorization on GOTMLS_fix AJAX action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-11705", "severity": 6.5, "tags": ["missing-authorization", "authenticated"], "mode": "pass", "target": "plugin", "slug": "gotmls", "versions": "<=4.23.81", "method": "POST", "ajax_action": "GOTMLS_fix", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-11749-01": {"cve": "CVE-2025-11749", "mode": "pass", "target": "plugin", "slug": "ai-engine", "versions": "<=3.1.3", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:/wp-json|[?&]rest_route=)/mwai/v1/[A-Za-z0-9_-]+/messages~"}], "severity": 9.8}, "RULE-CVE-2025-11749-02": {"cve": "CVE-2025-11749", "mode": "pass", "target": "plugin", "slug": "ai-engine", "versions": "<=3.1.3", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:/wp-json|[?&]rest_route=)/mwai/v1/[A-Za-z0-9_-]+/sse~"}], "severity": 9.8}, "RULE-CVE-2025-11758-01": {"cve": "CVE-2025-11758", "description": "All in One Time Clock Lite <=2.0.3 missing authorization on admin AJAX handler allowing unauthenticated page creation and report download", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-11758", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "aio-time-clock-lite", "versions": "<=2.0.3", "method": "POST", "ajax_action": "aio_time_clock_lite_admin_js", "conditions": [{"type": "missing_capability", "value": "edit_posts"}]}, "RULE-CVE-2025-11758-02": {"cve": "CVE-2025-11758", "description": "All in One Time Clock Lite <=2.0.3 missing authorization on frontend AJAX handler allowing unauthenticated shift manipulation", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-11758", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "aio-time-clock-lite", "versions": "<=2.0.3", "method": "POST", "ajax_action": "aio_time_clock_lite_js", "conditions": [{"type": "missing_capability", "value": "read"}]}, "RULE-CVE-2025-11816-01": {"cve": "CVE-2025-11816", "severity": 5.3, "mode": "pass", "target": "plugin", "slug": "wplegalpages", "versions": "<=3.5.0", "ajax_action": "disconnect_account_request", "method": "POST", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-11833-01": {"cve": "CVE-2025-11833", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.6.0", "action": "init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "postman_email_log"}, {"name": "ARGS:view", "type": "equals", "value": "log"}, {"name": "ARGS:log_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-11994-01": {"cve": "CVE-2025-11994", "description": "Easy Email Subscription <=1.3 unauthenticated stored XSS via subscription form name parameter", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-11994", "severity": 7.2, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "email-subscription-with-secure-captcha", "versions": "<=1.3", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:name", "type": "regex", "value": "~<[a-zA-Z/!]~"}]}, "RULE-CVE-2025-12376-01": {"cve": "CVE-2025-12376", "description": "Icon List Block <=1.2.1 authenticated (Subscriber+) SSRF via fs_api_request AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-12376", "severity": 6.4, "tags": ["ssrf", "missing-authorization", "authenticated"], "mode": "pass", "target": "plugin", "slug": "icon-list-block", "versions": "<=1.2.1", "method": "POST", "ajax_action": "fs_api_request", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "fs_api_request"}, {"name": "ARGS:url", "type": "regex", "value": "~^(?:https?:)?//~i"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-12641-01": {"cve": "CVE-2025-12641", "description": "Awesome Support <=6.3.6 unauthenticated role demotion via wpas-do=mr_activate_user (GET)", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-12641", "severity": 6.5, "tags": ["missing-authorization", "privilege-escalation", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "awesome-support", "versions": "<=6.3.6", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:wpas-do", "type": "equals", "value": "mr_activate_user"}, {"name": "ARGS:user_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-12641-02": {"cve": "CVE-2025-12641", "description": "Awesome Support <=6.3.6 unauthenticated role demotion via wpas-do=mr_activate_user (POST)", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-12641", "severity": 6.5, "tags": ["missing-authorization", "privilege-escalation", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "awesome-support", "versions": "<=6.3.6", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:wpas-do", "type": "equals", "value": "mr_activate_user"}, {"name": "ARGS:user_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-12646-01": {"cve": "CVE-2025-12646", "description": "Community Events <=1.5.4 unauthenticated SQL injection via dayofyear parameter in frontend event list AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-12646", "severity": 7.5, "tags": ["sql-injection", "unauthenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "community-events", "versions": "<=1.5.4", "method": "POST", "ajax_action": "community_events_frontend_list", "conditions": [{"name": "ARGS:dayofyear", "type": "detectSQLi"}]}, "RULE-CVE-2025-12646-02": {"cve": "CVE-2025-12646", "description": "Community Events <=1.5.4 unauthenticated SQL injection via dayofyear parameter in frontend event list AJAX handler (GET variant)", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-12646", "severity": 7.5, "tags": ["sql-injection", "unauthenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "community-events", "versions": "<=1.5.4", "method": "GET", "ajax_action": "community_events_frontend_list", "conditions": [{"name": "ARGS:dayofyear", "type": "detectSQLi"}]}, "RULE-CVE-2025-12707-01": {"ajax_action": "owt_lib_handler", "conditions": [{"name": "ARGS:bid", "type": "regex", "value": "~(?:VU5JT04=|U0VMRUNU|SU5TRVJU|VVBEQVRF|REVMRVRF|RFJPUA==|QU5E|T1I=|U0xFRVA=|RVhUUkFDVFZBTFVF|Q09OQ0FU|T1JERVIgQlk=|R1JPVVAgQlk=)~i"}], "cve": "CVE-2025-12707", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-12707", "description": "Library Management System <=3.2.1 unauthenticated SQL injection via bid parameter in owt_lib_handler AJAX handler", "mode": "pass", "severity": 7.5, "slug": "library-management-system", "tags": ["sql-injection", "unauthenticated", "base64-encoded-parameter"], "target": "plugin", "versions": "<=3.2.1"}, "RULE-CVE-2025-12787-01": {"cve": "CVE-2025-12787", "mode": "pass", "target": "plugin", "slug": "hydra-booking", "versions": "<=1.1.27", "method": "POST", "ajax_action": "tfhb_meeting_form_cencel", "conditions": [{"name": "ARGS:hash", "type": "regex", "value": "~^.{0,7}$|[<>\'\";&|`]~"}], "severity": 5.3}, "RULE-CVE-2025-12891-01": {"cve": "CVE-2025-12891", "severity": 5.3, "mode": "pass", "target": "plugin", "slug": "survey-maker", "versions": "<=5.1.9.4", "ajax_action": "ays_survey_show_results", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-1309-01": {"cve": "CVE-2025-1309", "description": "UiPress Lite <=3.5.04 missing authorization on uip_save_form_as_option AJAX handler allows arbitrary options update", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-1309", "severity": 8.8, "tags": ["missing-authorization", "privilege-escalation", "arbitrary-options-update"], "mode": "pass", "target": "plugin", "slug": "uipress-lite", "versions": "<=3.5.04", "method": "POST", "ajax_action": "uip_save_form_as_option", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-13206-01": {"cve": "CVE-2025-13206", "description": "GiveWP <= 4.13.0 stored XSS via donor first name in donation form submission", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13206", "severity": 6.1, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "give", "versions": "<=4.13.0", "method": "POST", "ajax_action": "give_process_donation", "conditions": [{"name": "ARGS:give_first", "type": "detectXSS"}]}, "RULE-CVE-2025-13206-02": {"cve": "CVE-2025-13206", "description": "GiveWP <= 4.13.0 stored XSS via donor last name in donation form submission", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13206", "severity": 6.1, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "give", "versions": "<=4.13.0", "method": "POST", "ajax_action": "give_process_donation", "conditions": [{"name": "ARGS:give_last", "type": "detectXSS"}]}, "RULE-CVE-2025-13359-01": {"cve": "CVE-2025-13359", "description": "TaxoPress <=3.40.1 time-based SQL injection via existing_terms_orderby in taxopress_ai_preview_feature AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13359", "severity": 6.5, "tags": ["sql-injection", "time-based-blind", "ajax"], "mode": "pass", "target": "plugin", "slug": "simple-tags", "versions": "<=3.40.1", "method": "POST", "ajax_action": "taxopress_ai_preview_feature", "conditions": [{"name": "ARGS:existing_terms_orderby", "type": "detectSQLi"}]}, "RULE-CVE-2025-13359-02": {"cve": "CVE-2025-13359", "description": "TaxoPress <=3.40.1 time-based SQL injection via existing_terms_order in taxopress_ai_preview_feature AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13359", "severity": 6.5, "tags": ["sql-injection", "time-based-blind", "ajax"], "mode": "pass", "target": "plugin", "slug": "simple-tags", "versions": "<=3.40.1", "method": "POST", "ajax_action": "taxopress_ai_preview_feature", "conditions": [{"name": "ARGS:existing_terms_order", "type": "detectSQLi"}]}, "RULE-CVE-2025-13359-03": {"cve": "CVE-2025-13359", "description": "TaxoPress <=3.40.1 SQL injection via existing_terms_maximum_terms in taxopress_ai_preview_feature AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13359", "severity": 6.5, "tags": ["sql-injection", "time-based-blind", "ajax"], "mode": "pass", "target": "plugin", "slug": "simple-tags", "versions": "<=3.40.1", "method": "POST", "ajax_action": "taxopress_ai_preview_feature", "conditions": [{"name": "ARGS:existing_terms_maximum_terms", "type": "detectSQLi"}]}, "RULE-CVE-2025-13359-04": {"cve": "CVE-2025-13359", "description": "TaxoPress <=3.40.1 time-based SQL injection via suggest_local_terms_orderby in simpletags AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13359", "severity": 6.5, "tags": ["sql-injection", "time-based-blind", "ajax"], "mode": "pass", "target": "plugin", "slug": "simple-tags", "versions": "<=3.40.1", "method": "POST", "ajax_action": "simpletags", "conditions": [{"name": "ARGS:suggest_local_terms_orderby", "type": "detectSQLi"}]}, "RULE-CVE-2025-13359-05": {"cve": "CVE-2025-13359", "description": "TaxoPress <=3.40.1 time-based SQL injection via suggest_local_terms_order in simpletags AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13359", "severity": 6.5, "tags": ["sql-injection", "time-based-blind", "ajax"], "mode": "pass", "target": "plugin", "slug": "simple-tags", "versions": "<=3.40.1", "method": "POST", "ajax_action": "simpletags", "conditions": [{"name": "ARGS:suggest_local_terms_order", "type": "detectSQLi"}]}, "RULE-CVE-2025-13367-01": {"cve": "CVE-2025-13367", "description": "User Registration & Membership <=4.4.6 reflected XSS via username GET parameter on thank-you page", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13367", "severity": 6.4, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "user-registration", "versions": "<=4.4.6", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:username", "type": "detectXSS"}]}, "RULE-CVE-2025-13367-02": {"cve": "CVE-2025-13367", "description": "User Registration & Membership <=4.4.6 reflected XSS via info GET parameter on thank-you page", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13367", "severity": 6.4, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "user-registration", "versions": "<=4.4.6", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:info", "type": "detectXSS"}]}, "RULE-CVE-2025-13367-03": {"cve": "CVE-2025-13367", "description": "User Registration & Membership <=4.4.6 reflected XSS via transaction_id GET parameter on thank-you page", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13367", "severity": 6.4, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "user-registration", "versions": "<=4.4.6", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:transaction_id", "type": "detectXSS"}]}, "RULE-CVE-2025-13390-01": {"cve": "CVE-2025-13390", "mode": "pass", "target": "plugin", "slug": "wpdirectorykit", "versions": "<=1.4.4", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:auto-login", "type": "exists"}, {"name": "ARGS:user_id", "type": "exists"}, {"name": "ARGS:token", "type": "regex", "value": "~^[a-f0-9]{10}$~i"}], "severity": 9.8}, "RULE-CVE-2025-13534-01": {"cve": "CVE-2025-13534", "mode": "pass", "target": "plugin", "slug": "elex-helpdesk-customer-support-ticket-system", "versions": "<=3.3.2", "method": "POST", "ajax_action": "eh_crm_edit_agent", "conditions": [{"type": "missing_capability", "value": "manage_options"}, {"name": "ARGS:user_id", "type": "regex", "value": "~.+~"}, {"name": "ARGS:rights", "type": "regex", "value": "~.+~"}], "severity": 8.8}, "RULE-CVE-2025-13646-01": {"cve": "CVE-2025-13646", "description": "Modula Image Gallery <=2.13.2 authenticated arbitrary file upload via modula_unzip_file AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13646", "severity": 6.6, "tags": ["arbitrary-file-upload", "race-condition", "authenticated"], "mode": "pass", "target": "plugin", "slug": "modula-best-grid-gallery", "versions": "<=2.13.2", "method": "POST", "ajax_action": "modula_unzip_file", "conditions": [{"name": "ARGS:fileID", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-13679-01": {"cve": "CVE-2025-13679", "description": "Tutor LMS <=3.9.3 missing authorization on tutor_order_details AJAX action allows subscriber+ to exfiltrate order PII", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13679", "severity": 6.5, "tags": ["missing-authorization", "idor", "sensitive-data-exposure"], "mode": "pass", "target": "plugin", "slug": "tutor", "versions": "<=3.9.3", "ajax_action": "tutor_order_details", "conditions": [{"name": "ARGS:order_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-13693-01": {"cve": "CVE-2025-13693", "description": "Final Tiles Grid Gallery <=3.6.8 authenticated (Author+) stored XSS via ftg_script parameter in save_gallery AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13693", "severity": 6.4, "tags": ["xss", "stored-xss", "missing-capability"], "mode": "pass", "target": "plugin", "slug": "final-tiles-grid-gallery-lite", "versions": "<=3.6.8", "method": "POST", "ajax_action": "save_gallery", "conditions": [{"name": "ARGS:ftg_script", "type": "detectXSS"}, {"type": "missing_capability", "value": "unfiltered_html"}]}, "RULE-CVE-2025-13859-01": {"cve": "CVE-2025-13859", "description": "AffiliateX <=1.3.9.3 missing authorization on save_customization_settings AJAX action allowing Subscriber+ stored XSS", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13859", "severity": 6.4, "tags": ["missing-authorization", "stored-xss", "broken-access-control"], "mode": "pass", "target": "plugin", "slug": "affiliatex", "versions": "<=1.3.9.3", "method": "POST", "ajax_action": "save_customization_settings", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "save_customization_settings"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-13897-01": {"cve": "CVE-2025-13897", "description": "Client Testimonial Slider <=2.0 stored XSS via aft_testimonial_meta_name metabox field", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13897", "severity": 6.4, "tags": ["xss", "stored-xss", "contributor-plus"], "mode": "pass", "target": "plugin", "slug": "wp-client-testimonial", "versions": "<=2.0", "method": "POST", "action": "admin_init", "conditions": [{"name": "REQUEST_URI", "type": "contains", "value": "/wp-admin/post.php"}, {"name": "ARGS:aft_testimonial_meta_name", "type": "detectXSS"}]}, "RULE-CVE-2025-13897-02": {"cve": "CVE-2025-13897", "description": "Client Testimonial Slider <=2.0 stored XSS via aft_testimonial_meta_company metabox field", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-13897", "severity": 6.4, "tags": ["xss", "stored-xss", "contributor-plus"], "mode": "pass", "target": "plugin", "slug": "wp-client-testimonial", "versions": "<=2.0", "method": "POST", "action": "admin_init", "conditions": [{"name": "REQUEST_URI", "type": "contains", "value": "/wp-admin/post.php"}, {"name": "ARGS:aft_testimonial_meta_company", "type": "detectXSS"}]}, "RULE-CVE-2025-14064-01": {"cve": "CVE-2025-14064", "description": "BuddyTask <=1.3.0 missing authorization on get_board AJAX endpoint allows unauthorized access to any group task board", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14064", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "buddytask", "versions": "<=1.3.0", "method": "POST", "ajax_action": "get_board", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14064-02": {"cve": "CVE-2025-14064", "description": "BuddyTask <=1.3.0 missing authorization on add_new_task AJAX endpoint allows unauthorized task creation", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14064", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "buddytask", "versions": "<=1.3.0", "method": "POST", "ajax_action": "add_new_task", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14064-03": {"cve": "CVE-2025-14064", "description": "BuddyTask <=1.3.0 missing authorization on edit_task AJAX endpoint allows unauthorized task modification", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14064", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "buddytask", "versions": "<=1.3.0", "method": "POST", "ajax_action": "edit_task", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14064-04": {"cve": "CVE-2025-14064", "description": "BuddyTask <=1.3.0 missing authorization on delete_task AJAX endpoint allows unauthorized task deletion", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14064", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "buddytask", "versions": "<=1.3.0", "method": "POST", "ajax_action": "delete_task", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14064-05": {"cve": "CVE-2025-14064", "description": "BuddyTask <=1.3.0 missing authorization on reorder_task AJAX endpoint allows unauthorized task reordering", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14064", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "buddytask", "versions": "<=1.3.0", "method": "POST", "ajax_action": "reorder_task", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14064-06": {"cve": "CVE-2025-14064", "description": "BuddyTask <=1.3.0 missing authorization on get_tasks AJAX endpoint allows unauthorized task data access", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14064", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "buddytask", "versions": "<=1.3.0", "method": "POST", "ajax_action": "get_tasks", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14064-07": {"cve": "CVE-2025-14064", "description": "BuddyTask <=1.3.0 missing authorization on edit_list AJAX endpoint allows unauthorized list modification", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14064", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "buddytask", "versions": "<=1.3.0", "method": "POST", "ajax_action": "edit_list", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14064-08": {"cve": "CVE-2025-14064", "description": "BuddyTask <=1.3.0 missing authorization on users_autocomplete AJAX endpoint allows unauthorized user enumeration", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14064", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "info-disclosure"], "mode": "pass", "target": "plugin", "slug": "buddytask", "versions": "<=1.3.0", "method": "POST", "ajax_action": "users_autocomplete", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14064-09": {"cve": "CVE-2025-14064", "description": "BuddyTask <=1.3.0 missing authorization on add_users_to_assign_list AJAX endpoint allows unauthorized user assignment", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14064", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control"], "mode": "pass", "target": "plugin", "slug": "buddytask", "versions": "<=1.3.0", "method": "POST", "ajax_action": "add_users_to_assign_list", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14069-01": {"cve": "CVE-2025-14069", "description": "Schema & Structured Data for WP & AMP <=1.54 Stored XSS via saswp_custom_schema_field on profile self-update", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14069", "severity": 6.4, "tags": ["xss", "stored-xss", "authenticated"], "mode": "pass", "target": "plugin", "slug": "schema-and-structured-data-for-wp", "versions": "<=1.54", "method": "POST", "action": "admin_init", "conditions": [{"name": "REQUEST_URI", "type": "contains", "value": "/wp-admin/profile.php"}, {"name": "ARGS:saswp_custom_schema_field", "type": "detectXSS"}]}, "RULE-CVE-2025-14069-02": {"cve": "CVE-2025-14069", "description": "Schema & Structured Data for WP & AMP <=1.54 Stored XSS via saswp_custom_schema_field on user-edit profile update", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14069", "severity": 6.4, "tags": ["xss", "stored-xss", "authenticated"], "mode": "pass", "target": "plugin", "slug": "schema-and-structured-data-for-wp", "versions": "<=1.54", "method": "POST", "action": "admin_init", "conditions": [{"name": "REQUEST_URI", "type": "contains", "value": "/wp-admin/user-edit.php"}, {"name": "ARGS:saswp_custom_schema_field", "type": "detectXSS"}]}, "RULE-CVE-2025-14383-01": {"cve": "CVE-2025-14383", "description": "Booking Calendar <=10.14.8 unauthenticated SQL injection via dates_to_check parameter in WPBC_AJX_CALENDAR_LOAD AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14383", "severity": 7.5, "tags": ["sql-injection", "unauthenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "booking", "versions": "<=10.14.8", "ajax_action": "WPBC_AJX_CALENDAR_LOAD", "conditions": [{"name": "ARGS:dates_to_check", "type": "detectSQLi"}]}, "RULE-CVE-2025-14386-01": {"cve": "CVE-2025-14386", "description": "Search Atlas SEO (metasync) <=2.5.11 missing authorization on generate_sso_url AJAX handler allows Subscriber+ to extract admin SSO token", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14386", "severity": 8.8, "tags": ["missing-authorization", "authentication-bypass", "privilege-escalation"], "mode": "pass", "target": "plugin", "slug": "metasync", "versions": ">=2.4.4 <=2.5.11", "method": "POST", "ajax_action": "generate_sso_url", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14386-02": {"cve": "CVE-2025-14386", "description": "Search Atlas SEO (metasync) <=2.5.11 missing authorization on validate_sso_token AJAX handler allows Subscriber+ to validate/consume admin SSO token", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14386", "severity": 8.8, "tags": ["missing-authorization", "authentication-bypass", "privilege-escalation"], "mode": "pass", "target": "plugin", "slug": "metasync", "versions": ">=2.4.4 <=2.5.11", "method": "POST", "ajax_action": "validate_sso_token", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14386-03": {"cve": "CVE-2025-14386", "description": "Search Atlas SEO (metasync) <=2.5.11 missing authorization on check_sso_status AJAX handler allows Subscriber+ to query SSO status", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14386", "severity": 8.8, "tags": ["missing-authorization", "authentication-bypass", "privilege-escalation"], "mode": "pass", "target": "plugin", "slug": "metasync", "versions": ">=2.4.4 <=2.5.11", "method": "POST", "ajax_action": "check_sso_status", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-14440-01": {"cve": "CVE-2025-14440", "mode": "pass", "target": "plugin", "slug": "jay-login-register", "versions": "<=2.4.01", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "jay_login_register_switch_back"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2025-14533-01": {"cve": "CVE-2025-14533", "mode": "pass", "target": "plugin", "slug": "acf-extended", "versions": "<=0.9.2.1", "method": "POST", "ajax_action": "nopriv_endpoint/form/shortcode", "conditions": [{"type": "missing_capability", "value": "promote_users"}, {"name": "ARGS", "type": "regex", "value": "~^(?:administrator|super_admin)$~"}], "severity": 9.8}, "RULE-CVE-2025-14554-01": {"cve": "CVE-2025-14554", "description": "Sell BTC - Cryptocurrency Selling Calculator <=1.5 unauthenticated stored XSS via orderform_data AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14554", "severity": 7.2, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "sell-btc-by-hayyatapps", "versions": "<=1.5", "method": "POST", "ajax_action": "orderform_data", "conditions": [{"name": "ARGS", "type": "regex", "value": "~<[a-z/!?]~i"}]}, "RULE-CVE-2025-14891-01": {"cve": "CVE-2025-14891", "description": "Customer Reviews for WooCommerce <=5.93.1 Stored XSS via displayName in cr_local_forms_submit AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14891", "severity": 6.4, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "customer-reviews-woocommerce", "versions": "<=5.93.1", "method": "POST", "ajax_action": "cr_local_forms_submit", "conditions": [{"name": "ARGS:displayName", "type": "detectXSS"}]}, "RULE-CVE-2025-14893-01": {"cve": "CVE-2025-14893", "description": "IndieWeb <=4.0.5 Stored XSS via Telephone profile field", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14893", "severity": 6.4, "tags": ["xss", "stored-xss", "user-profile"], "mode": "pass", "target": "plugin", "slug": "indieweb", "versions": "<=4.0.5", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:tel", "type": "regex", "value": "~<[a-zA-Z/!]~"}]}, "RULE-CVE-2025-14973-01": {"cve": "CVE-2025-14973", "description": "Recipe Card Blocks by WPZOOM <=3.4.12 authenticated SQL injection via recipes[0][recipe_id] in wpzoom_import_recipes AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14973", "severity": 6.8, "tags": ["sql-injection", "authenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "recipe-card-blocks-by-wpzoom", "versions": "<=3.4.12", "method": "POST", "ajax_action": "wpzoom_import_recipes", "conditions": [{"name": "ARGS:recipes[0][recipe_id]", "type": "detectSQLi"}]}, "RULE-CVE-2025-14973-02": {"cve": "CVE-2025-14973", "description": "Recipe Card Blocks by WPZOOM <=3.4.12 authenticated SQL injection via recipes[1][recipe_id] in wpzoom_import_recipes AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14973", "severity": 6.8, "tags": ["sql-injection", "authenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "recipe-card-blocks-by-wpzoom", "versions": "<=3.4.12", "method": "POST", "ajax_action": "wpzoom_import_recipes", "conditions": [{"name": "ARGS:recipes[1][recipe_id]", "type": "detectSQLi"}]}, "RULE-CVE-2025-14973-03": {"cve": "CVE-2025-14973", "description": "Recipe Card Blocks by WPZOOM <=3.4.12 authenticated SQL injection via recipes[2][recipe_id] in wpzoom_import_recipes AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-14973", "severity": 6.8, "tags": ["sql-injection", "authenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "recipe-card-blocks-by-wpzoom", "versions": "<=3.4.12", "method": "POST", "ajax_action": "wpzoom_import_recipes", "conditions": [{"name": "ARGS:recipes[2][recipe_id]", "type": "detectSQLi"}]}, "RULE-CVE-2025-1513-01": {"cve": "CVE-2025-1513", "description": "Contest Gallery <=26.0.0.1 unauthenticated stored XSS via Name field in comment submission", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-1513", "severity": 6.1, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "contest-gallery", "versions": "<=26.0.0.1", "method": "POST", "ajax_action": "post_cg_set_comment_v10", "conditions": [{"name": "ARGS:Name", "type": "detectXSS"}]}, "RULE-CVE-2025-1513-02": {"cve": "CVE-2025-1513", "description": "Contest Gallery <=26.0.0.1 unauthenticated stored XSS via Comment field in comment submission", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-1513", "severity": 6.1, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "contest-gallery", "versions": "<=26.0.0.1", "method": "POST", "ajax_action": "post_cg_set_comment_v10", "conditions": [{"name": "ARGS:Comment", "type": "detectXSS"}]}, "RULE-CVE-2025-15260-01": {"cve": "CVE-2025-15260", "description": "MyRewards \u2013 Loyalty Points and Rewards for WooCommerce <=5.6.0 missing authorization on lws_adminpanel_editlist allowing subscriber+ to modify loyalty rules", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-15260", "severity": 6.5, "tags": ["missing-authorization", "broken-access-control", "privilege-escalation"], "mode": "pass", "target": "plugin", "slug": "woorewards", "versions": "<=5.6.0", "method": "POST", "ajax_action": "lws_adminpanel_editlist", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-15396-01": {"cve": "CVE-2025-15396", "description": "Library Viewer <3.2.0 reflected XSS via library-viewer-error-message GET parameter", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-15396", "severity": 7.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "library-viewer", "versions": "<3.2.0", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:library-viewer-error-message", "type": "detectXSS"}]}, "RULE-CVE-2025-15396-02": {"cve": "CVE-2025-15396", "description": "Library Viewer <3.2.0 reflected XSS via library-viewer-success-message GET parameter", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-15396", "severity": 7.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "library-viewer", "versions": "<3.2.0", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:library-viewer-success-message", "type": "detectXSS"}]}, "RULE-CVE-2025-15521-01": {"cve": "CVE-2025-15521", "mode": "pass", "target": "plugin", "slug": "academy", "versions": "<=3.5.0", "method": "POST", "ajax_action": "academy/shortcode/password_reset_handler", "severity": 9.8}, "RULE-CVE-2025-2009-01": {"cve": "CVE-2025-2009", "description": "Newsletters <=4.9.9.7 unauthenticated stored XSS via subscriber name field in wpmlsubscribe AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2009", "severity": 7.2, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "newsletters-lite", "versions": "<=4.9.9.7", "method": "POST", "ajax_action": "wpmlsubscribe", "conditions": [{"name": "ARGS:name", "type": "detectXSS"}]}, "RULE-CVE-2025-2009-02": {"cve": "CVE-2025-2009", "description": "Newsletters <=4.9.9.7 unauthenticated stored XSS via subscriber email field in wpmlsubscribe AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2009", "severity": 7.2, "tags": ["xss", "stored-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "newsletters-lite", "versions": "<=4.9.9.7", "method": "POST", "ajax_action": "wpmlsubscribe", "conditions": [{"name": "ARGS:email", "type": "detectXSS"}]}, "RULE-CVE-2025-2025-01": {"cve": "CVE-2025-2025", "mode": "pass", "target": "plugin", "slug": "give", "versions": "<=3.22.0", "method": "GET", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "give-reports"}, {"name": "ARGS:view", "type": "equals", "value": "earnings"}, {"type": "missing_capability", "value": "view_give_reports"}], "severity": 7.5}, "RULE-CVE-2025-2025-02": {"cve": "CVE-2025-2025", "mode": "pass", "target": "plugin", "slug": "give", "versions": "<=3.22.0", "method": "GET", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "give-reports"}, {"name": "ARGS:tab", "type": "equals", "value": "earnings"}, {"type": "missing_capability", "value": "view_give_reports"}], "severity": 7.5}, "RULE-CVE-2025-2111-02": {"cve": "CVE-2025-2111", "description": "WP Headers And Footers <=3.1.1 CSRF to arbitrary options update via debug page POST request (set_option_name/option_value)", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2111", "severity": 7.5, "tags": ["csrf", "arbitrary-option-update", "privilege-escalation"], "mode": "pass", "target": "plugin", "slug": "wp-headers-and-footers", "versions": "<=3.1.1", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:set_option_name", "type": "exists"}, {"name": "ARGS:option_value", "type": "exists"}, {"name": "ARGS:page", "type": "equals", "value": "wpb-debug"}]}, "RULE-CVE-2025-2221-01": {"cve": "CVE-2025-2221", "description": "WPCOM Member <=1.7.6 unauthenticated time-based SQL injection via user_phone parameter in wpcom_login AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2221", "severity": 7.5, "tags": ["sql-injection", "unauthenticated", "time-based-blind"], "mode": "pass", "target": "plugin", "slug": "wpcom-member", "versions": "<=1.7.6", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpcom_login"}, {"name": "ARGS:user_phone", "type": "detectSQLi"}]}, "RULE-CVE-2025-2221-02": {"cve": "CVE-2025-2221", "description": "WPCOM Member <=1.7.6 unauthenticated SQL injection via user_phone parameter in wpcom_register AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2221", "severity": 7.5, "tags": ["sql-injection", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "wpcom-member", "versions": "<=1.7.6", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpcom_register"}, {"name": "ARGS:user_phone", "type": "detectSQLi"}]}, "RULE-CVE-2025-2221-03": {"cve": "CVE-2025-2221", "description": "WPCOM Member <=1.7.6 unauthenticated SQL injection via user_phone parameter in wpcom_send_sms_code AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2221", "severity": 7.5, "tags": ["sql-injection", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "wpcom-member", "versions": "<=1.7.6", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpcom_send_sms_code"}, {"name": "ARGS:user_phone", "type": "detectSQLi"}]}, "RULE-CVE-2025-2221-04": {"cve": "CVE-2025-2221", "description": "WPCOM Member <=1.7.6 unauthenticated SQL injection via user_phone parameter in wpcom_lostpassword AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2221", "severity": 7.5, "tags": ["sql-injection", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "wpcom-member", "versions": "<=1.7.6", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpcom_lostpassword"}, {"name": "ARGS:user_phone", "type": "detectSQLi"}]}, "RULE-CVE-2025-2221-05": {"cve": "CVE-2025-2221", "description": "WPCOM Member <=1.7.6 unauthenticated SQL injection via user_phone parameter in wpcom_resetpassword AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2221", "severity": 7.5, "tags": ["sql-injection", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "wpcom-member", "versions": "<=1.7.6", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpcom_resetpassword"}, {"name": "ARGS:user_phone", "type": "detectSQLi"}]}, "RULE-CVE-2025-2221-06": {"cve": "CVE-2025-2221", "description": "WPCOM Member <=1.7.6 unauthenticated SQL injection via user_phone parameter in wpcom_accountbind AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2221", "severity": 7.5, "tags": ["sql-injection", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "wpcom-member", "versions": "<=1.7.6", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpcom_accountbind"}, {"name": "ARGS:user_phone", "type": "detectSQLi"}]}, "RULE-CVE-2025-22800-01": {"cve": "CVE-2025-22800", "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": ">=2.8.3 <=2.9.11", "action": "admin_post_regenerate-qrcode", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "regenerate-qrcode"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-24000-01": {"cve": "CVE-2025-24000", "description": "Post SMTP <= 3.2.0 post-smtp/v1/logs REST endpoint accessible to non-admin users, exposing email log contents.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24000", "severity": 8.8, "tags": ["auth-bypass", "privilege-escalation", "rest-api", "email-logs"], "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.2.0", "method": "GET", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/post-smtp/v1/logs(?:/[^/]+)?(?:[/?]|$)~i"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-24000-02": {"cve": "CVE-2025-24000", "description": "Post SMTP <= 3.2.0 post-smtp/v1/logs/{id} REST endpoint accessible to non-admin users, exposing email details.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24000", "severity": 8.8, "tags": ["auth-bypass", "privilege-escalation", "rest-api", "email-logs"], "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.2.0", "method": "GET", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/post-smtp/v1/logs(?:/[^/]+)?(?:[/?]|$)~i"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-24000-03": {"cve": "CVE-2025-24000", "description": "Post SMTP <= 3.2.0 post-smtp/v1/logs/{id}/resend REST endpoint callable by non-admin users, allowing abuse of password reset emails.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24000", "severity": 8.8, "tags": ["auth-bypass", "privilege-escalation", "rest-api", "email-logs", "resend"], "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.2.0", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/post-smtp/v1/logs/[^/]+/resend(?:[/?]|$)~i"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-24000-04": {"cve": "CVE-2025-24000", "description": "Post SMTP <= 3.2.0 psd/v1/email-count REST endpoint accessible to non-admin users.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24000", "severity": 6.5, "tags": ["auth-bypass", "privilege-escalation", "rest-api", "email-logs"], "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.2.0", "method": "GET", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/psd/v1/email-count(?:[/?]|$)~i"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-24000-05": {"cve": "CVE-2025-24000", "description": "Post SMTP <= 3.2.0 psd/v1/minimize-maximize-ad REST endpoint accessible to non-admin users.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24000", "severity": 4.3, "tags": ["auth-bypass", "rest-api"], "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.2.0", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/psd/v1/minimize-maximize-ad(?:[/?]|$)~i"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-24000-06": {"cve": "CVE-2025-24000", "description": "Post SMTP <= 3.2.0 psd/v1/get-failed-logs REST endpoint accessible to non-admin users, exposing failed email log contents.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24000", "severity": 8.8, "tags": ["auth-bypass", "privilege-escalation", "rest-api", "email-logs"], "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.2.0", "method": "GET", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/psd/v1/get-failed-logs(?:[/?]|$)~i"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-24000-07": {"cve": "CVE-2025-24000", "description": "Post SMTP <= 3.2.0 psd/v1/open-notification REST endpoint accessible to non-admin users.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24000", "severity": 4.3, "tags": ["auth-bypass", "rest-api"], "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.2.0", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/psd/v1/open-notification(?:[/?]|$)~i"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-24000-08": {"cve": "CVE-2025-24000", "description": "Post SMTP <= 3.2.0 psd/v1/remove-notification REST endpoint accessible to non-admin users.", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24000", "severity": 4.3, "tags": ["auth-bypass", "rest-api"], "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.2.0", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/psd/v1/remove-notification(?:[/?]|$)~i"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-24563-01": {"cve": "CVE-2025-24563", "description": "Cleanup \u2013 Directory Listing & Classifieds <=1.0.4 reflected XSS via user_name_search parameter in author-search.php template", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24563", "severity": 7.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "cleanup-light", "versions": "<=1.0.4", "method": "GET", "action": "template_redirect", "conditions": [{"name": "ARGS:user_name_search", "type": "detectXSS"}]}, "RULE-CVE-2025-24563-02": {"cve": "CVE-2025-24563", "description": "Cleanup \u2013 Directory Listing & Classifieds <=1.0.4 reflected XSS via latitude parameter in listing_search.php template", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24563", "severity": 7.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "cleanup-light", "versions": "<=1.0.4", "method": "GET", "action": "template_redirect", "conditions": [{"name": "ARGS:latitude", "type": "detectXSS"}]}, "RULE-CVE-2025-24563-03": {"cve": "CVE-2025-24563", "description": "Cleanup \u2013 Directory Listing & Classifieds <=1.0.4 reflected XSS via longitude parameter in listing_search.php template", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24563", "severity": 7.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "cleanup-light", "versions": "<=1.0.4", "method": "GET", "action": "template_redirect", "conditions": [{"name": "ARGS:longitude", "type": "detectXSS"}]}, "RULE-CVE-2025-24563-04": {"cve": "CVE-2025-24563", "description": "Cleanup \u2013 Directory Listing & Classifieds <=1.0.4 reflected XSS via address_latitude parameter in listing_search.php template", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24563", "severity": 7.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "cleanup-light", "versions": "<=1.0.4", "method": "GET", "action": "template_redirect", "conditions": [{"name": "ARGS:address_latitude", "type": "detectXSS"}]}, "RULE-CVE-2025-24563-05": {"cve": "CVE-2025-24563", "description": "Cleanup \u2013 Directory Listing & Classifieds <=1.0.4 reflected XSS via address_longitude parameter in listing_search.php template", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24563", "severity": 7.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "cleanup-light", "versions": "<=1.0.4", "method": "GET", "action": "template_redirect", "conditions": [{"name": "ARGS:address_longitude", "type": "detectXSS"}]}, "RULE-CVE-2025-24563-06": {"cve": "CVE-2025-24563", "description": "Cleanup \u2013 Directory Listing & Classifieds <=1.0.4 reflected XSS via dir_id parameter in claim.php template", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24563", "severity": 7.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "cleanup-light", "versions": "<=1.0.4", "method": "GET", "action": "template_redirect", "conditions": [{"name": "ARGS:dir_id", "type": "detectXSS"}]}, "RULE-CVE-2025-24563-07": {"cve": "CVE-2025-24563", "description": "Cleanup \u2013 Directory Listing & Classifieds <=1.0.4 reflected XSS via package_id parameter in wizard-style-2.php template", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-24563", "severity": 7.1, "tags": ["xss", "reflected-xss", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "cleanup-light", "versions": "<=1.0.4", "method": "GET", "action": "template_redirect", "conditions": [{"name": "ARGS:package_id", "type": "detectXSS"}]}, "RULE-CVE-2025-2563-01": {"cve": "CVE-2025-2563", "mode": "pass", "target": "plugin", "slug": "user-registration", "versions": "<=4.1.1", "method": "POST", "ajax_action": "user_registration_user_form_submit", "conditions": [{"name": "ARGS:role", "type": "regex", "value": "~^(?!subscriber$).+~i"}], "severity": 8.1}, "RULE-CVE-2025-2685-01": {"cve": "CVE-2025-2685", "description": "TablePress <=3.0.4 Authenticated (Author+) Stored XSS via table-name parameter on admin form POST", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2685", "severity": 5.4, "tags": ["xss", "stored-xss", "authenticated"], "mode": "pass", "target": "plugin", "slug": "tablepress", "versions": "<=3.0.4", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "tablepress"}, {"name": "ARGS:action", "type": "equals", "value": "add"}, {"name": "ARGS:table-name", "type": "detectXSS"}]}, "RULE-CVE-2025-2807-01": {"cve": "CVE-2025-2807", "description": "Motors - Car Dealership & Classified Listings <= 1.4.64 missing authorization on mvl_setup_wizard_install_plugin allowing Subscriber+ arbitrary plugin installation", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2807", "severity": 8.8, "tags": ["missing-authorization", "privilege-escalation", "arbitrary-plugin-install"], "mode": "pass", "target": "plugin", "slug": "motors-car-dealership-classified-listings", "versions": "<=1.4.64", "method": "POST", "ajax_action": "mvl_setup_wizard_install_plugin", "conditions": [{"name": "ARGS:plugin", "type": "regex", "value": "~.+~"}, {"type": "missing_capability", "value": "install_plugins"}]}, "RULE-CVE-2025-2816-01": {"cve": "CVE-2025-2816", "description": "Page View Count <=2.8.4 missing authorization on pvc_yellow_message_dontshow AJAX handler allows arbitrary option update", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2816", "severity": 8.1, "tags": ["missing-authorization", "broken-access-control", "option-update"], "mode": "pass", "target": "plugin", "slug": "page-views-count", "versions": "<=2.8.4", "method": "POST", "ajax_action": "pvc_yellow_message_dontshow", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-2940-01": {"cve": "CVE-2025-2940", "description": "Ninja Tables <= 5.0.18 unauthenticated SSRF via WPFluent async request handler args[url] parameter", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-2940", "severity": 7.2, "tags": ["ssrf", "unauthenticated", "server-side-request-forgery"], "mode": "pass", "target": "plugin", "slug": "ninja-tables", "versions": "<=5.0.18", "action": "admin_init", "conditions": [{"name": "REQUEST_URI", "type": "contains", "value": "admin-post.php"}, {"name": "ARGS:action", "type": "contains", "value": "wpf-async-request-"}, {"name": "ARGS:args[url]", "type": "exists"}]}, "RULE-CVE-2025-31560-01": {"cve": "CVE-2025-31560", "mode": "pass", "target": "plugin", "slug": "salon-booking-system", "versions": "<=10.11", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "salon-customers"}, {"name": "ARGS:role", "type": "regex", "value": "~(?:administrator|editor|author|contributor|shop_manager)~i"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 7.2}, "RULE-CVE-2025-31560-02A": {"cve": "CVE-2025-31560", "mode": "pass", "target": "plugin", "slug": "salon-booking-system", "versions": "<=10.11", "method": "POST", "ajax_action": "salon", "conditions": [{"name": "ARGS:role", "type": "regex", "value": "~(?:administrator|editor|author|contributor|shop_manager)~i"}], "severity": 7.2}, "RULE-CVE-2025-31560-02B": {"cve": "CVE-2025-31560", "mode": "pass", "target": "plugin", "slug": "salon-booking-system", "versions": "<=10.11", "method": "POST", "ajax_action": "salon", "conditions": [{"name": "ARGS:user_role", "type": "regex", "value": "~(?:administrator|editor|author|contributor|shop_manager)~i"}], "severity": 7.2}, "RULE-CVE-2025-32597-01": {"cve": "CVE-2025-32597", "description": "Connect Daily Web Calendar <=1.5.4 reflected XSS via unsanitized JSONP callback parameter in cdaily AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-32597", "severity": 7.1, "tags": ["xss", "csrf", "jsonp-injection", "unauthenticated"], "mode": "pass", "target": "plugin", "slug": "connect-daily-web-calendar", "versions": "<=1.5.4", "ajax_action": "cdaily", "conditions": [{"name": "ARGS:callback", "type": "regex", "value": "~[^A-Za-z0-9_.$]~"}]}, "RULE-CVE-2025-32648-01": {"cve": "CVE-2025-32648", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "projectopia-core", "versions": "<=5.1.23", "method": "POST", "ajax_action": "pto_ajax_register", "conditions": [{"name": "ARGS:role", "type": "regex", "value": "~^(?:administrator|editor|author|contributor|admin)$~i"}]}, "RULE-CVE-2025-3418-01": {"cve": "CVE-2025-3418", "mode": "pass", "target": "plugin", "slug": "wpc-admin-columns", "versions": ">=2.0.6 <=2.1.0", "method": "POST", "ajax_action": "wpcac_edit_save", "conditions": [{"name": "ARGS:field", "type": "regex", "value": "~^(wp_capabilities|wp_user_level|role)$~i"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-3780-01": {"cve": "CVE-2025-3780", "description": "WCFM Frontend Manager <=6.7.16 unauthenticated plugin settings modification via admin_init setup redirect", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-3780", "severity": 6.5, "tags": ["missing-authorization", "unauthenticated", "settings-tampering"], "mode": "pass", "target": "plugin", "slug": "wc-frontend-manager", "versions": "<=6.7.16", "action": "admin_init", "conditions": [{"name": "ARGS:page", "type": "equals", "value": "wcfm-setup"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-3876-01": {"cve": "CVE-2025-3876", "mode": "pass", "target": "plugin", "slug": "sms-alert", "versions": "<=3.8.1", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:option", "type": "equals", "value": "smsalert_ajax_form_validate"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-3952-01": {"cve": "CVE-2025-3952", "description": "Projectopia <=5.1.16 missing authorization on pto_remove_logo AJAX handler allows authenticated users (Subscriber+) to clear arbitrary WordPress options via the type parameter", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-3952", "severity": 8.1, "tags": ["missing-authorization", "broken-access-control", "arbitrary-option-update"], "mode": "pass", "target": "plugin", "slug": "projectopia-core", "versions": "<=5.1.16", "method": "POST", "ajax_action": "pto_remove_logo", "conditions": [{"name": "ARGS:type", "type": "exists"}, {"type": "missing_capability", "value": "edit_cqpim_settings"}]}, "RULE-CVE-2025-4104-01": {"cve": "CVE-2025-4104", "mode": "pass", "target": "plugin", "slug": "frontend-dashboard", "versions": "<=2.2.6", "method": "POST", "ajax_action": "fed_login_form_post", "conditions": [{"name": "ARGS:submit", "type": "equals", "value": "register"}, {"name": "ARGS:ID", "type": "exists"}], "severity": 9.8}, "RULE-CVE-2025-4474-01": {"cve": "CVE-2025-4474", "mode": "pass", "target": "plugin", "slug": "frontend-dashboard", "versions": "<=2.2.7", "method": "POST", "ajax_action": "fed_admin_setting_form", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-46244-01": {"cve": "CVE-2025-46244", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "linked-variation", "versions": "<=1.0.3", "method": "POST", "ajax_action": "dsalv_save_settings", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-46244-02": {"cve": "CVE-2025-46244", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "linked-variation", "versions": "<=1.0.3", "method": "POST", "ajax_action": "dsalv_add_new_variation", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-46244-03": {"cve": "CVE-2025-46244", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "linked-variation", "versions": "<=1.0.3", "ajax_action": "dsalv_searchalltags", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-47601-01": {"cve": "CVE-2025-47601", "mode": "pass", "target": "plugin", "slug": "maxi-blocks", "versions": "<=2.1.0", "method": "POST", "ajax_action": "maxi_get_option", "conditions": [{"name": "ARGS:option_value", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-47688-01": {"cve": "CVE-2025-47688", "mode": "pass", "target": "plugin", "slug": "file-manager-advanced", "versions": "<=5.3.1", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/file-manager-advanced/v1/hide-banner(?:[/?]|$)~i"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2025-47688-02": {"cve": "CVE-2025-47688", "mode": "pass", "target": "plugin", "slug": "file-manager-advanced", "versions": "<=5.3.1", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~^/wp-json/file-manager-advanced/v1/minimize-maximize-banner(?:[/?]|$)~i"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2025-47690-01": {"cve": "CVE-2025-47690", "mode": "pass", "target": "plugin", "slug": "wp-leads-builder-any-crm", "versions": "<=3.1", "method": "POST", "ajax_action": "adminAllActionsPRO", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-47690-02": {"cve": "CVE-2025-47690", "mode": "pass", "target": "plugin", "slug": "wp-leads-builder-any-crm", "versions": "<=3.1", "method": "POST", "ajax_action": "SaveCRMconfig", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-47690-03": {"cve": "CVE-2025-47690", "mode": "pass", "target": "plugin", "slug": "wp-leads-builder-any-crm", "versions": "<=3.1", "method": "POST", "ajax_action": "saveZohoSettings", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-47690-04": {"cve": "CVE-2025-47690", "mode": "pass", "target": "plugin", "slug": "wp-leads-builder-any-crm", "versions": "<=3.1", "method": "POST", "ajax_action": "saveSFSettings", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-47690-05": {"cve": "CVE-2025-47690", "mode": "pass", "target": "plugin", "slug": "wp-leads-builder-any-crm", "versions": "<=3.1", "method": "POST", "ajax_action": "SaveSuiteconfig", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-47690-06": {"cve": "CVE-2025-47690", "mode": "pass", "target": "plugin", "slug": "wp-leads-builder-any-crm", "versions": "<=3.1", "method": "POST", "ajax_action": "save_apikey", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-52824-01": {"cve": "CVE-2025-52824", "mode": "pass", "target": "plugin", "slug": "mobile-dj-manager", "versions": "<=1.7.8.1", "method": "POST", "ajax_action": "update_event_cost_from_package", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "update_event_cost_from_package"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-52825-01": {"cve": "CVE-2025-52825", "mode": "pass", "target": "plugin", "slug": "real-estate-manager", "versions": "<=7.3", "method": "POST", "ajax_action": "wcp_rem_save_settings", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wcp_rem_save_settings"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-52825-02": {"cve": "CVE-2025-52825", "mode": "pass", "target": "plugin", "slug": "real-estate-manager", "versions": "<=7.3", "method": "GET", "ajax_action": "wcp_rem_save_settings", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wcp_rem_save_settings"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-5304-01": {"cve": "CVE-2025-5304", "mode": "pass", "target": "plugin", "slug": "project-notebooks", "versions": ">=1.0.0 <=1.1.3", "method": "POST", "ajax_action": "wpnb_pto_new_users_add", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2025-5304-02": {"cve": "CVE-2025-5304", "mode": "pass", "target": "plugin", "slug": "project-notebooks", "versions": ">=1.0.0 <=1.1.3", "method": "POST", "ajax_action": "wpnb_pto_users_deletd", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2025-5304-03": {"cve": "CVE-2025-5304", "mode": "pass", "target": "plugin", "slug": "project-notebooks", "versions": ">=1.0.0 <=1.1.3", "method": "POST", "ajax_action": "wpnb_pto_new_email_system_save", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2025-53454-01": {"cve": "CVE-2025-53454", "mode": "pass", "target": "plugin", "slug": "ultimate-wp-mail", "versions": "<=1.3.8", "method": "POST", "action": "save_post", "conditions": [{"name": "ARGS:ewd_uwpm_email_content", "type": "detectXSS"}], "severity": 6.5}, "RULE-CVE-2025-54734-01": {"cve": "CVE-2025-54734", "mode": "pass", "target": "plugin", "slug": "b-slider", "versions": "<=1.1.30", "ajax_action": "activated_plugin", "conditions": [{"type": "missing_capability", "value": "install_plugins"}], "severity": 5.8}, "RULE-CVE-2025-54734-02": {"cve": "CVE-2025-54734", "mode": "pass", "target": "plugin", "slug": "b-slider", "versions": "<=1.1.30", "ajax_action": "get_popular_plugins", "conditions": [{"type": "missing_capability", "value": "install_plugins"}], "severity": 5.8}, "RULE-CVE-2025-54734-03": {"cve": "CVE-2025-54734", "mode": "pass", "target": "plugin", "slug": "b-slider", "versions": "<=1.1.30", "ajax_action": "get_active_plugins", "conditions": [{"type": "missing_capability", "value": "install_plugins"}], "severity": 5.8}, "RULE-CVE-2025-5588-01": {"cve": "CVE-2025-5588", "description": "Image Editor by Pixo <=2.3.6 Authenticated (Contributor+) Stored XSS via download parameter in [pixoeditor] shortcode", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-5588", "severity": 6.4, "tags": ["xss", "stored-xss", "shortcode"], "mode": "pass", "target": "plugin", "slug": "image-editor-by-pixo", "versions": "<=2.3.6", "action": "init", "conditions": [{"name": "ARGS:download", "type": "detectXSS"}]}, "RULE-CVE-2025-60041-01": {"cve": "CVE-2025-60041", "mode": "pass", "target": "plugin", "slug": "emails-catch-all", "versions": "<=3.5.3", "ajax_action": "secas_navigate_to_page", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-6184-01": {"cve": "CVE-2025-6184", "description": "Tutor LMS Pro <=3.7.0 authenticated SQL injection via order parameter in assignment listing", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-6184", "severity": 8.8, "tags": ["sql-injection", "authenticated"], "mode": "pass", "target": "plugin", "slug": "tutor", "versions": "<=3.7.0", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:order", "type": "detectSQLi"}]}, "RULE-CVE-2025-6207-01": {"cve": "CVE-2025-6207", "description": "WP Import Export Lite <=3.9.28 authenticated arbitrary file upload via wpie_tempalte_import AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-6207", "severity": 8.8, "tags": ["arbitrary-file-upload", "dangerous-file-type", "authenticated"], "mode": "pass", "target": "plugin", "slug": "wp-import-export-lite", "versions": "<=3.9.28", "method": "POST", "ajax_action": "wpie_tempalte_import", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-62906-01": {"cve": "CVE-2025-62906", "mode": "pass", "target": "plugin", "slug": "referral-link-tracker", "versions": "<=1.1.4", "method": "POST", "ajax_action": "delete_all_log_link", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "delete_all_log_link"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2025-62915-01": {"cve": "CVE-2025-62915", "mode": "pass", "target": "plugin", "slug": "clicksend-contactform7", "versions": "<=1.4.0", "method": "POST", "ajax_action": "clicksend_send_sms", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "clicksend_send_sms"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2025-62915-02": {"cve": "CVE-2025-62915", "mode": "pass", "target": "plugin", "slug": "clicksend-contactform7", "versions": "<=1.4.0", "method": "POST", "ajax_action": "delete_message", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "delete_message"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2025-62918-01": {"cve": "CVE-2025-62918", "mode": "pass", "target": "plugin", "slug": "ignitiondeck", "versions": "<=2.0.13", "ajax_action": "idf_stock_item_click", "method": "POST", "conditions": [{"name": "ARGS:idf_stock_item_click", "type": "exists"}, {"type": "missing_capability", "value": "read"}], "severity": 8.8}, "RULE-CVE-2025-62925-01": {"cve": "CVE-2025-62925", "mode": "pass", "target": "plugin", "slug": "enhanced-e-commerce-for-woocommerce-store", "versions": "<=7.2.13", "method": "POST", "ajax_action": "save_analytics_data", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2025-62925-02": {"cve": "CVE-2025-62925", "mode": "pass", "target": "plugin", "slug": "enhanced-e-commerce-for-woocommerce-store", "versions": "<=7.2.13", "method": "POST", "ajax_action": "get_analytics_web_properties", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2025-62925-03": {"cve": "CVE-2025-62925", "mode": "pass", "target": "plugin", "slug": "enhanced-e-commerce-for-woocommerce-store", "versions": "<=7.2.13", "method": "POST", "ajax_action": "get_analytics_account_list", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2025-62932-01": {"cve": "CVE-2025-62932", "mode": "pass", "target": "plugin", "slug": "riovizual", "versions": "<=3.0.0", "method": "POST", "ajax_action": "riovizual_divi_preview", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-62938-01": {"cve": "CVE-2025-62938", "mode": "pass", "target": "plugin", "slug": "reoon-email-verifier", "versions": "<=2.0.1", "method": "POST", "ajax_action": "validate_reoon_api", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "validate_reoon_api"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2025-62938-02": {"cve": "CVE-2025-62938", "mode": "pass", "target": "plugin", "slug": "reoon-email-verifier", "versions": "<=2.0.1", "method": "POST", "ajax_action": "validate_reoon_email", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "validate_reoon_email"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2025-62938-03": {"cve": "CVE-2025-62938", "mode": "pass", "target": "plugin", "slug": "reoon-email-verifier", "versions": "<=2.0.1", "method": "POST", "ajax_action": "reoon_remove_api_key", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "reoon_remove_api_key"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.1}, "RULE-CVE-2025-62952-01": {"cve": "CVE-2025-62952", "mode": "pass", "target": "plugin", "slug": "chatbot", "versions": "<=7.7.3", "method": "POST", "ajax_action": "wpbo_search_response_catlist", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "wpbo_search_response_catlist"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-62967-01": {"cve": "CVE-2025-62967", "mode": "pass", "target": "plugin", "slug": "directorypress", "versions": "<=3.6.25", "method": "POST", "ajax_action": "directorypress_save_category_fields_ajax", "conditions": [{"type": "missing_capability", "value": "manage_options"}, {"name": "ARGS:term_id", "type": "exists"}], "severity": 6.5}, "RULE-CVE-2025-62980-01": {"cve": "CVE-2025-62980", "mode": "pass", "target": "plugin", "slug": "persian-admin-fonts", "versions": "<=4.1.03", "method": "POST", "ajax_action": "pfmsz_emptyOptions_AjaxConf", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "pfmsz_emptyOptions_AjaxConf"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-62980-02": {"cve": "CVE-2025-62980", "mode": "pass", "target": "plugin", "slug": "persian-admin-fonts", "versions": "<=4.1.03", "method": "POST", "ajax_action": "pfmdz_writetocssfile_ajax", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "pfmdz_writetocssfile_ajax"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-62980-03": {"cve": "CVE-2025-62980", "mode": "pass", "target": "plugin", "slug": "persian-admin-fonts", "versions": "<=4.1.03", "method": "POST", "ajax_action": "pfmdz_nightMode_ajax", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "pfmdz_nightMode_ajax"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-62980-04": {"cve": "CVE-2025-62980", "mode": "pass", "target": "plugin", "slug": "persian-admin-fonts", "versions": "<=4.1.03", "method": "POST", "ajax_action": "pfmdz_addgoog_fonts", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "pfmdz_addgoog_fonts"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-64352-01": {"cve": "CVE-2025-64352", "mode": "pass", "target": "plugin", "slug": "essential-addons-for-elementor-lite", "versions": "<=6.2.4", "action": "admin_action_eae_duplicate", "conditions": [{"name": "ARGS:post", "type": "exists"}, {"type": "missing_capability", "value": "edit_others_posts"}], "severity": 2.7}, "RULE-CVE-2025-6586-01": {"cve": "CVE-2025-6586", "description": "Download Plugin <=2.2.8 authenticated (Administrator+) arbitrary file upload via dpwap_plugin_locInstall", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-6586", "severity": 7.2, "tags": ["arbitrary-file-upload", "file-upload", "remote-code-execution"], "mode": "pass", "target": "plugin", "slug": "download-plugin", "versions": "<=2.2.8", "method": "POST", "action": "admin_init", "conditions": [{"name": "ARGS:dpwap_locInstall", "type": "exists"}, {"name": "FILES:dpwap_locFiles", "type": "exists"}]}, "RULE-CVE-2025-6717-01": {"cve": "CVE-2025-6717", "description": "B1.lt for WooCommerce <=2.2.56 authenticated SQL injection via id parameter in b1_view_detail_log AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-6717", "severity": 6.5, "tags": ["sql-injection", "authenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "b1-accounting", "versions": "<=2.2.56", "method": "POST", "ajax_action": "b1_view_detail_log", "conditions": [{"name": "ARGS:id", "type": "detectSQLi"}]}, "RULE-CVE-2025-6717-02": {"cve": "CVE-2025-6717", "description": "B1.lt for WooCommerce <=2.2.56 authenticated SQL injection via id parameter in b1_view_detail_validation_log AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-6717", "severity": 6.5, "tags": ["sql-injection", "authenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "b1-accounting", "versions": "<=2.2.56", "method": "POST", "ajax_action": "b1_view_detail_validation_log", "conditions": [{"name": "ARGS:id", "type": "detectSQLi"}]}, "RULE-CVE-2025-67563-01": {"cve": "CVE-2025-67563", "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.6.1", "method": "GET", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "gmail_oauth_redirect"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 5.3}, "RULE-CVE-2025-67574-01": {"cve": "CVE-2025-67574", "mode": "pass", "target": "plugin", "slug": "booking-calendar", "versions": "<=3.2.30", "action": "admin_init", "conditions": [{"name": "ARGS:task", "type": "equals", "value": "recreate_db"}], "severity": 5.3}, "RULE-CVE-2025-68027-01": {"cve": "CVE-2025-68027", "mode": "pass", "target": "plugin", "slug": "hydra-booking", "versions": "<=1.1.32", "method": "POST", "ajax_action": "tfhb_registration", "conditions": [{"name": "ARGS:role", "type": "regex", "value": "~(?:administrator|editor|author|contributor)~i"}], "severity": 7.3}, "RULE-CVE-2025-68027-02": {"cve": "CVE-2025-68027", "mode": "pass", "target": "plugin", "slug": "hydra-booking", "versions": "<=1.1.32", "method": "POST", "ajax_action": "tfhb_registration", "conditions": [{"name": "ARGS:user_role", "type": "regex", "value": "~(?:administrator|editor|author|contributor)~i"}], "severity": 7.3}, "RULE-CVE-2025-68027-03": {"cve": "CVE-2025-68027", "mode": "pass", "target": "plugin", "slug": "hydra-booking", "versions": "<=1.1.32", "method": "POST", "ajax_action": "tfhb_registration", "conditions": [{"name": "ARGS:tfhb_role", "type": "regex", "value": "~(?:administrator|editor|author|contributor)~i"}], "severity": 7.3}, "RULE-CVE-2025-6813-01": {"cve": "CVE-2025-6813", "mode": "pass", "target": "plugin", "slug": "aapanel-wp-toolkit", "versions": "<=1.1", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:_aap_action", "type": "regex", "value": "~(?i)^auto_login$~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-6813-02": {"cve": "CVE-2025-6813", "mode": "pass", "target": "plugin", "slug": "aapanel-wp-toolkit", "versions": "<=1.1", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:_aap_action", "type": "regex", "value": "~(?i)^security_key_info$~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-6815-01": {"ajax_action": "latepoint_route_call", "conditions": [{"type": "detectXSS", "name": "ARGS:service[name]"}], "cve": "CVE-2025-6815", "method": "POST", "mode": "pass", "severity": 5.5, "slug": "latepoint", "target": "plugin", "versions": "<=5.1.94"}, "RULE-CVE-2025-6895-01": {"cve": "CVE-2025-6895", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "melapress-login-security", "versions": ">=2.1.0 <=2.1.1", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:mls_temp_user_token", "type": "exists"}]}, "RULE-CVE-2025-6895-02": {"cve": "CVE-2025-6895", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "melapress-login-security", "versions": ">=2.1.0 <2.1.1", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "delete_link"}, {"name": "ARGS:user_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-6895-03": {"cve": "CVE-2025-6895", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "melapress-login-security", "versions": ">=2.1.0 <2.1.1", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "disable_link"}, {"name": "ARGS:user_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-6895-04": {"cve": "CVE-2025-6895", "severity": 9.8, "mode": "pass", "target": "plugin", "slug": "melapress-login-security", "versions": ">=2.1.0 <2.1.1", "action": "admin_init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "enable_link"}, {"name": "ARGS:user_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-68999-01": {"cve": "CVE-2025-68999", "mode": "pass", "target": "plugin", "slug": "happy-elementor-addons", "versions": "<=3.20.4", "action": "admin_action_ha_duplicate_thing", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.5}, "RULE-CVE-2025-6993-01": {"cve": "CVE-2025-6993", "severity": 8.8, "mode": "pass", "target": "plugin", "slug": "ultimate-wp-mail", "versions": ">=1.0.17 <=1.3.6", "method": "POST", "ajax_action": "ewd_uwpm_get_email_log_details", "conditions": [{"name": "ARGS:post_id", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-7038-01": {"cve": "CVE-2025-7038", "mode": "pass", "target": "plugin", "slug": "latepoint", "versions": "<=5.1.94", "method": "POST", "ajax_action": "latepoint_route_call", "conditions": [{"name": "ARGS:route_name", "type": "regex", "value": "~^steps__load_step$~i"}, {"name": "ARGS:customer[email]", "type": "regex", "value": "~.+~"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 8.2}, "RULE-CVE-2025-7040-01": {"cve": "CVE-2025-7040", "mode": "pass", "target": "plugin", "slug": "cloud-sso-single-sign-on", "versions": "<=1.0.19", "method": "POST", "action": "admin_post_nopriv_set_organization_settings", "severity": 8.2, "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-7040", "tags": ["cwe-862", "missing-authorization", "csrf", "sso"], "conditions": [{"name": "ARGS:action", "type": "equals", "value": "set_organization_settings"}]}, "RULE-CVE-2025-7040-02": {"cve": "CVE-2025-7040", "mode": "pass", "target": "plugin", "slug": "cloud-sso-single-sign-on", "versions": "<=1.0.19", "method": "POST", "action": "admin_post_set_organization_settings", "severity": 8.2, "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-7040", "tags": ["cwe-862", "missing-authorization", "csrf", "sso"], "conditions": [{"name": "ARGS:action", "type": "equals", "value": "set_organization_settings"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-7045-01": {"cve": "CVE-2025-7045", "mode": "pass", "target": "plugin", "slug": "cloud-sso-single-sign-on", "versions": "<=1.0.19", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:csso_action", "type": "equals", "value": "delete_config"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 6.5}, "RULE-CVE-2025-7052-01": {"cve": "CVE-2025-7052", "mode": "pass", "target": "plugin", "slug": "latepoint", "versions": "<=5.1.94", "method": "POST", "ajax_action": "latepoint_route_call", "conditions": [{"name": "ARGS:route_name", "type": "equals", "value": "customer_cabinet__change_password"}], "severity": 8.8}, "RULE-CVE-2025-7052-02": {"cve": "CVE-2025-7052", "mode": "pass", "target": "plugin", "slug": "latepoint", "versions": "<=5.1.94", "method": "POST", "action": "init", "conditions": [{"name": "REQUEST_URI", "type": "contains", "value": "admin-post.php"}, {"name": "ARGS:action", "type": "equals", "value": "latepoint_route_call"}, {"name": "ARGS:route_name", "type": "equals", "value": "customer_cabinet__change_password"}], "severity": 8.8}, "RULE-CVE-2025-8268-01": {"cve": "CVE-2025-8268", "mode": "pass", "target": "plugin", "slug": "ai-engine", "versions": "<=2.9.5", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:/wp-json/mwai-ui/v1/files/list|[?&]rest_route=/mwai-ui/v1/files/list)~i"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 6.5}, "RULE-CVE-2025-8268-02": {"cve": "CVE-2025-8268", "mode": "pass", "target": "plugin", "slug": "ai-engine", "versions": "<=2.9.5", "method": "POST", "action": "rest_api_init", "conditions": [{"name": "REQUEST_URI", "type": "regex", "value": "~(?:/wp-json/mwai-ui/v1/files/delete|[?&]rest_route=/mwai-ui/v1/files/delete)~i"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 6.5}, "RULE-CVE-2025-8425-01": {"cve": "CVE-2025-8425", "mode": "pass", "target": "plugin", "slug": "my-wp-translate", "versions": "<=1.1.0", "ajax_action": "ajax_import_strings", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 8.8}, "RULE-CVE-2025-8489-01": {"cve": "CVE-2025-8489", "mode": "pass", "target": "plugin", "slug": "king-addons", "versions": ">=24.12.92 <=51.1.14", "ajax_action": "king_addons_register", "method": "POST", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "king_addons_register"}, {"name": "ARGS:user_role", "type": "regex", "value": "~^(administrator|editor|author|contributor|shop_manager)$~i"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2025-8680-01": {"cve": "CVE-2025-8680", "mode": "pass", "target": "plugin", "slug": "b-slider", "versions": "<=2.0.0", "method": "POST", "ajax_action": "fs_api_request", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 4.3}, "RULE-CVE-2025-8977-01": {"cve": "CVE-2025-8977", "description": "Simple Download Monitor <=3.9.33 authenticated SQL injection via order parameter in sdm_export_logs AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-8977", "severity": 6.5, "tags": ["sql-injection", "authenticated", "broken-access-control"], "mode": "pass", "target": "plugin", "slug": "simple-download-monitor", "versions": "<=3.9.33", "method": "POST", "ajax_action": "sdm_export_logs", "conditions": [{"name": "ARGS:order", "type": "detectSQLi"}]}, "RULE-CVE-2025-8977-02": {"cve": "CVE-2025-8977", "description": "Simple Download Monitor <=3.9.33 authenticated SQL injection via orderby parameter in sdm_export_logs AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-8977", "severity": 6.5, "tags": ["sql-injection", "authenticated", "broken-access-control"], "mode": "pass", "target": "plugin", "slug": "simple-download-monitor", "versions": "<=3.9.33", "method": "POST", "ajax_action": "sdm_export_logs", "conditions": [{"name": "ARGS:orderby", "type": "detectSQLi"}]}, "RULE-CVE-2025-9216-01": {"cve": "CVE-2025-9216", "description": "StoreEngine <=1.5.0 authenticated arbitrary file upload via storeengine_csv/import AJAX action", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2025-9216", "severity": 8.8, "tags": ["arbitrary-file-upload", "missing-authorization", "remote-code-execution", "authenticated"], "mode": "pass", "target": "plugin", "slug": "storeengine", "versions": "<=1.5.0", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "storeengine_csv/import"}, {"name": "FILES:file", "type": "exists"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2025-9219-01": {"cve": "CVE-2025-9219", "mode": "pass", "target": "plugin", "slug": "post-smtp", "versions": "<=3.4.1", "method": "POST", "ajax_action": "update_post_smtp_pro_option", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 4.3}, "RULE-CVE-2025-9485-01": {"cve": "CVE-2025-9485", "mode": "pass", "target": "plugin", "slug": "miniorange-login-with-eve-online-google-facebook", "versions": "<=6.26.12", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:id_token", "type": "regex", "value": "~^eyJhbGciOiJub25lI~"}], "severity": 9.8}, "RULE-CVE-2025-9485-02": {"cve": "CVE-2025-9485", "mode": "pass", "target": "plugin", "slug": "miniorange-login-with-eve-online-google-facebook", "versions": "<=6.26.12", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:id_token", "type": "regex", "value": "~^eyJhbGciOiJub25lI~"}], "severity": 9.8}, "RULE-CVE-2025-9539-01": {"cve": "CVE-2025-9539", "severity": 8.0, "mode": "pass", "target": "plugin", "slug": "automatorwp", "versions": "<=5.3.6", "ajax_action": "automatorwp_ajax_import_automation_from_url", "method": "POST", "conditions": [{"name": "ARGS:action", "type": "equals", "value": "automatorwp_ajax_import_automation_from_url"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2026-0555-01": {"cve": "CVE-2026-0555", "description": "Premmerce <=1.3.20 authenticated stored XSS via premmerce_wizard_actions state parameter (all update sub-actions)", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2026-0555", "severity": 6.4, "tags": ["xss", "stored-xss", "missing-authorization"], "mode": "pass", "target": "plugin", "slug": "premmerce", "versions": "<=1.3.20", "method": "POST", "ajax_action": "premmerce_wizard_actions", "conditions": [{"name": "ARGS:state", "type": "detectXSS"}, {"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2026-0656-01": {"cve": "CVE-2026-0656", "severity": 8.2, "mode": "pass", "target": "plugin", "slug": "ipaymu-for-woocommerce", "versions": "<=2.0.2", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:wc-api", "type": "regex", "value": "~(?i)^Ipaymu_WC_Gateway$~"}, {"name": "ARGS:id_order", "type": "exists"}, {"name": "ARGS:status", "type": "exists"}]}, "RULE-CVE-2026-0656-02": {"cve": "CVE-2026-0656", "severity": 8.2, "mode": "pass", "target": "plugin", "slug": "ipaymu-for-woocommerce", "versions": "<=2.0.2", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:wc-api", "type": "regex", "value": "~(?i)^Ipaymu_WC_Gateway$~"}, {"name": "ARGS:id_order", "type": "exists"}]}, "RULE-CVE-2026-0656-03": {"cve": "CVE-2026-0656", "severity": 8.2, "mode": "pass", "target": "plugin", "slug": "ipaymu-for-woocommerce", "versions": "<=2.0.2", "method": "POST", "action": "init", "conditions": [{"name": "ARGS:wc-api", "type": "regex", "value": "~(?i)^WC_Gateway_Ipaymu$~"}, {"name": "ARGS:id_order", "type": "exists"}, {"name": "ARGS:status", "type": "exists"}]}, "RULE-CVE-2026-0656-04": {"cve": "CVE-2026-0656", "severity": 8.2, "mode": "pass", "target": "plugin", "slug": "ipaymu-for-woocommerce", "versions": "<=2.0.2", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:wc-api", "type": "regex", "value": "~(?i)^WC_Gateway_Ipaymu$~"}, {"name": "ARGS:id_order", "type": "exists"}]}, "RULE-CVE-2026-0753-01": {"cve": "CVE-2026-0753", "description": "Super Simple Contact Form <=1.6.2 Reflected Cross-Site Scripting via sscf_name parameter", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2026-0753", "severity": 7.2, "tags": ["xss", "reflected-xss", "unauthenticated", "shortcode"], "mode": "pass", "target": "plugin", "slug": "super-simple-contact-form", "versions": "<=1.6.2", "action": "init", "conditions": [{"name": "ARGS:sscf_name", "type": "detectXSS"}]}, "RULE-CVE-2026-0974-01": {"cve": "CVE-2026-0974", "mode": "pass", "target": "plugin", "slug": "orderable", "versions": "<=1.20.0", "method": "POST", "ajax_action": "iconic_onboard_orderable_install_plugin", "conditions": [{"type": "missing_capability", "value": "install_plugins"}], "severity": 8.8}, "RULE-CVE-2026-0996-01": {"cve": "CVE-2026-0996", "severity": 6.4, "mode": "pass", "target": "plugin", "slug": "fluentform", "versions": "<=6.1.14", "method": "POST", "ajax_action": "fluentform_ai_create_form", "conditions": [{"type": "missing_capability", "value": "manage_options"}]}, "RULE-CVE-2026-1054-01": {"cve": "CVE-2026-1054", "description": "RegistrationMagic <= 6.0.7.4 broken authentication in OTP verification bypassing email ownership", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2026-1054", "mode": "pass", "target": "plugin", "slug": "custom-registration-form-builder-with-submission-manager", "versions": "<=6.0.7.4", "method": "POST", "ajax_action": "rm_set_otp", "conditions": [{"name": "ARGS:otp_type", "type": "equals", "value": "google"}, {"type": "missing_capability", "value": "manage_options"}], "severity": 5.3}, "RULE-CVE-2026-1319-01": {"cve": "CVE-2026-1319", "description": "Robin Image Optimizer <=2.0.2 reflected XSS via id parameter in wio_ng_reoptimize_image AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2026-1319", "severity": 6.4, "tags": ["xss", "reflected-xss", "ajax"], "mode": "pass", "target": "plugin", "slug": "robin-image-optimizer", "versions": "<=2.0.2", "method": "POST", "ajax_action": "wio_ng_reoptimize_image", "conditions": [{"name": "ARGS:id", "type": "detectXSS"}]}, "RULE-CVE-2026-1319-02": {"cve": "CVE-2026-1319", "description": "Robin Image Optimizer <=2.0.2 reflected XSS via id parameter in wio_ng_restore_image AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2026-1319", "severity": 6.4, "tags": ["xss", "reflected-xss", "ajax"], "mode": "pass", "target": "plugin", "slug": "robin-image-optimizer", "versions": "<=2.0.2", "method": "POST", "ajax_action": "wio_ng_restore_image", "conditions": [{"name": "ARGS:id", "type": "detectXSS"}]}, "RULE-CVE-2026-1581-01": {"cve": "CVE-2026-1581", "mode": "pass", "target": "plugin", "slug": "wpforo", "versions": "<=2.4.14", "method": "GET", "action": "init", "conditions": [{"name": "ARGS:wpfob", "type": "detectSQLi"}], "severity": 7.5}, "RULE-CVE-2026-1931-01": {"cve": "CVE-2026-1931", "severity": 7.2, "mode": "pass", "target": "plugin", "slug": "rentfetch", "versions": "<=0.32.6", "method": "POST", "ajax_action": "propertysearch", "conditions": [{"name": "ARGS:keyword", "type": "detectXSS"}]}, "RULE-CVE-2026-1931-02": {"cve": "CVE-2026-1931", "severity": 7.2, "mode": "pass", "target": "plugin", "slug": "rentfetch", "versions": "<=0.32.6", "method": "POST", "ajax_action": "floorplansearch", "conditions": [{"name": "ARGS:keyword", "type": "detectXSS"}]}, "RULE-CVE-2026-1931-03": {"cve": "CVE-2026-1931", "severity": 7.2, "mode": "pass", "target": "plugin", "slug": "rentfetch", "versions": "<=0.32.6", "method": "POST", "ajax_action": "rentfetch_track_search_view", "conditions": [{"name": "ARGS:keyword", "type": "detectXSS"}]}, "RULE-CVE-2026-1937-01": {"cve": "CVE-2026-1937", "mode": "pass", "target": "plugin", "slug": "yaymail", "versions": "<=4.3.2", "method": "POST", "ajax_action": "yaymail_import_state", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 9.8}, "RULE-CVE-2026-2001-01": {"cve": "CVE-2026-2001", "mode": "pass", "target": "plugin", "slug": "revenue", "versions": "<=2.1.3", "method": "POST", "ajax_action": "revx_install", "conditions": [{"type": "missing_capability", "value": "install_plugins"}], "severity": 8.8}, "RULE-CVE-2026-23800-01": {"cve": "CVE-2026-23800", "severity": 10.0, "mode": "pass", "target": "plugin", "slug": "modular-connector", "versions": "<=2.5.2", "action": "plugins_loaded", "method": "GET", "conditions": [{"name": "ARGS:origin", "type": "equals", "value": "mo"}, {"name": "ARGS:type", "type": "equals", "value": "request"}, {"name": "ARGS:mrid", "type": "regex", "value": "~.+~"}, {"name": "ARGS:sig", "type": "regex", "value": "~.+~"}]}, "RULE-CVE-2026-2416-01": {"cve": "CVE-2026-2416", "description": "Geo Mashup <=1.13.17 unauthenticated SQL injection via sort parameter in geo_mashup_query AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2026-2416", "severity": 7.5, "tags": ["sql-injection", "unauthenticated", "ajax"], "mode": "pass", "target": "plugin", "slug": "geo-mashup", "versions": "<=1.13.17", "ajax_action": "geo_mashup_query", "conditions": [{"name": "ARGS:sort", "type": "detectSQLi"}]}, "RULE-CVE-2026-2416-02": {"cve": "CVE-2026-2416", "description": "Geo Mashup <=1.13.17 authenticated SQL injection via sort parameter in geo_mashup_suggest_custom_keys AJAX handler", "cve_link": "https://nvd.nist.gov/vuln/detail/CVE-2026-2416", "severity": 7.5, "tags": ["sql-injection", "ajax"], "mode": "pass", "target": "plugin", "slug": "geo-mashup", "versions": "<=1.13.17", "ajax_action": "geo_mashup_suggest_custom_keys", "conditions": [{"name": "ARGS:sort", "type": "detectSQLi"}]}, "RULE-CVE-2026-24374-01": {"cve": "CVE-2026-24374", "mode": "pass", "target": "plugin", "slug": "custom-registration-form-builder-with-submission-manager", "versions": "<=6.0.6.9", "method": "POST", "ajax_action": "rm_activate_rm_user", "conditions": [{"name": "ARGS:user_id", "type": "exists"}], "severity": 5.4}, "RULE-CVE-2026-24990-01": {"cve": "CVE-2026-24990", "mode": "pass", "target": "plugin", "slug": "wp-docs", "versions": "<=2.2.8", "method": "POST", "ajax_action": "wpdocs_create_folder", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 5.4}, "RULE-CVE-2026-24990-02": {"cve": "CVE-2026-24990", "mode": "pass", "target": "plugin", "slug": "wp-docs", "versions": "<=2.2.8", "method": "POST", "ajax_action": "wpdocs_delete_folder", "conditions": [{"type": "missing_capability", "value": "manage_options"}], "severity": 5.4}}}', true );