Level up your WordPress security game! This project's got a treasure trove of fresh Nuclei templates for WordPress. Scan for weaknesses in Core, plugins, and themes – all based on the latest intel from Wordfence.com.
Here's why this is your new best friend:
- Massive collection: No more hunting for individual templates, you've got a whole arsenal at your fingertips.
- Always on point: These templates stay updated with the freshest threats, so you're never behind the curve.
- Open source magic: Need to tweak a template for a specific situation? No problem, you've got full control.
If you're guarding a WordPress site, this project is your secret weapon to identify vulnerabilities before the bad guys do. Stop wasting time and secure your sites like a pro!
Tip
If you found this project helpful, please consider giving it a star on GitHub. Your support helps to make this project even better. 🌟
| category | total |
|---|---|
| wp-plugins | 56,827 |
| wp-themes | 3,337 |
| wp-core | 720 |
| other | 0 |
| severity | total |
|---|---|
| info | 0 |
| low | 27,370 |
| medium | 19,805 |
| high | 8,844 |
| critical | 4,859 |
To install this nuclei-wordfence-cve repository for use with Nuclei, you can use the following commands:
export GITHUB_TEMPLATE_REPO=topscoder/nuclei-wordfence-cve
nuclei -update-templatesOnce you have installed this template repo using the commands above, you can run the following command to scan for vulnerabilities using Nuclei:
nuclei -t github/topscoder/nuclei-wordfence-cve -u https://target.comWordfence provides two separate feeds for vulnerabilities. The first feed includes only production vulnerabilities, each with an assigned CVE. The second feed contains candidate vulnerabilities, which do not yet have a CVE assigned and may or may not be promoted to the production feed. To differentiate templates generated from these feeds, a tag is assigned to each template—either production or candidate—allowing you to target them using a tag filter. Read more about the feeds at https://www.wordfence.com/help/wordfence-intelligence/v2-accessing-and-consuming-the-vulnerability-data-feed/
Include only production templates:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags production -u https://target.comInclude only candidate templates:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags candidate -u https://target.comHere are some examples how to use the templates:
- To scan for all known vulnerabilities in WordPress, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -u https://target.com- To scan for a CVE specific vulnerability, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -template-id cve-2023-32961 -u https://target.com- To scan only for critical vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -severity critical -u https://target.com- To scan only for WordPress core vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-core -u https://target.com- To scan only for WordPress plugin vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-plugin -u https://target.com- To scan only for WordPress theme vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-theme -u https://target.com- To go wild, you can combine and combine and combine:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-plugin,wp-theme -severity critical,high- To go even wilder, you can use the template condition flag (
-tc) that allows complex expressions like the following ones:
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'cross-site scripting') || contains(to_upper(name),'XSS')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'sql injection') || contains(to_lower(description),'sql injection')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'file inclusion') || contains(to_lower(description),'file inclusion')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_upper(name),'CSRF') || contains(to_upper(description),'CSRF')" -u https://target.comIf you would like to contribute to this project, please feel free to fork the repository and submit a pull request.
To prevent accidental overwrites, you can mark templates you've manually customized with a comment at the end. Add the line # Enhanced as the last line of the template file.
This project is licensed under the MIT License.
Note
~~ Please use it responsibly!