Level up your WordPress security game! This project's got a treasure trove of fresh Nuclei templates for WordPress. Scan for weaknesses in Core, plugins, and themes - all based on the latest intel from Wordfence.com.
Here's why this is your new best friend:
- Massive collection: No more hunting for individual templates, you've got a whole arsenal at your fingertips.
- Always on point: These templates stay updated with the freshest threats, so you're never behind the curve.
- Open source magic: Need to tweak a template for a specific situation? No problem, you've got full control.
If you're guarding a WordPress site, this project is your secret weapon to identify vulnerabilities before the bad guys do. Stop wasting time and secure your sites like a pro!
Tip
If you found this project helpful, please consider giving it a star on GitHub. Your support helps to make this project even better.
What's in it?!
|
|
Quick Start
To install this nuclei-wordfence-cve repository for use with Nuclei, you can use the following commands:
nuclei -update-templates
Once you have installed this template repo using the commands above, you can run the following command to scan for vulnerabilities using Nuclei:
Wordfence provides two separate feeds for vulnerabilities. The first feed includes only production vulnerabilities, each with an assigned CVE. The second feed contains candidate vulnerabilities, which do not yet have a CVE assigned and may or may not be promoted to the production feed. To differentiate templates generated from these feeds, a tag is assigned to each template--either production or candidate--allowing you to target them using a tag filter. Read more about the feeds at https://www.wordfence.com/help/wordfence-intelligence/v2-accessing-and-consuming-the-vulnerability-data-feed/
Include only production templates:
Include only candidate templates:
Examples
Here are some examples how to use the templates:
- To scan for all known vulnerabilities in WordPress, you can run the following command:
- To scan for a CVE specific vulnerability, you can run the following command:
- To scan only for critical vulnerabilities, you can run the following command:
- To scan only for WordPress core vulnerabilities, you can run the following command:
- To scan only for WordPress plugin vulnerabilities, you can run the following command:
- To scan only for WordPress theme vulnerabilities, you can run the following command:
- To go wild, you can combine and combine and combine:
- To go even wilder, you can use the template condition flag (
-tc) that allows complex expressions like the following ones:
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'sql injection') || contains(to_lower(description),'sql injection')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'file inclusion') || contains(to_lower(description),'file inclusion')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_upper(name),'CSRF') || contains(to_upper(description),'CSRF')" -u https://target.com
Severity recalculation
Template severity is adjusted by the parser to better reflect real-world impact. The determine_severity function in src/lib/wordfence_api_parser.py inspects the vulnerability title and description and will downscale issues that are limited to authenticated users (e.g., require login or elevated roles).
Example (simplified):
- If the title or description contains the word
authenticated(and notunauthenticated), the function treats the issue as lower risk and returnsLowinstead of a higher CVSS label.
This helps avoid assigning Medium/High severities to vulnerabilities that only affect logged-in users, which reduces noise when scanning publicly accessible sites.
Contributing
If you would like to contribute to this project, please feel free to fork the repository and submit a pull request.
License
This project is licensed under the MIT License.
Note
~~ Please use it responsibly!