Level up your WordPress security game! This project's got a treasure trove of fresh Nuclei templates for WordPress. Scan for weaknesses in Core, plugins, and themes โ all based on the latest intel from Wordfence.com.
Here's why this is your new best friend:
- Massive collection: No more hunting for individual templates, you've got a whole arsenal at your fingertips.
- Always on point: These templates stay updated with the freshest threats, so you're never behind the curve.
- Open source magic: Need to tweak a template for a specific situation? No problem, you've got full control.
If you're guarding a WordPress site, this project is your secret weapon to identify vulnerabilities before the bad guys do. Stop wasting time and secure your sites like a pro!
Tip
If you found this project helpful, please consider giving it a star on GitHub. Your support helps to make this project even better. ๐
| category | total |
|---|---|
| wp-plugins | 37,452 |
| wp-themes | 2,045 |
| wp-core | 742 |
| other | 16 |
| severity | total |
|---|---|
| info | 7 |
| low | 16,415 |
| medium | 13,002 |
| high | 7,776 |
| critical | 3,045 |
To install this nuclei-wordfence-cve repository for use with Nuclei, you can use the following commands:
export GITHUB_TEMPLATE_REPO=topscoder/nuclei-wordfence-cve
nuclei -update-templatesOnce you have installed this template repo using the commands above, you can run the following command to scan for vulnerabilities using Nuclei:
nuclei -t github/topscoder/nuclei-wordfence-cve -u https://target.comHere are some examples how to use the templates:
- To scan for all known vulnerabilities in WordPress, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -u https://target.com- To scan for a CVE specific vulnerability, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -template-id cve-2023-32961 -u https://target.com- To scan only for critical vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -severity critical -u https://target.com- To scan only for WordPress core vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-core -u https://target.com- To scan only for WordPress plugin vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-plugin -u https://target.com- To scan only for WordPress theme vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-theme -u https://target.com- To go wild, you can combine and combine and combine:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-plugin,wp-theme -severity critical,high- To go even wilder, you can use the template condition flag (
-tc) that allows complex expressions like the following ones:
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'cross-site scripting') || contains(to_upper(name),'XSS')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'sql injection') || contains(to_lower(description),'sql injection')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'file inclusion') || contains(to_lower(description),'file inclusion')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_upper(name),'CSRF') || contains(to_upper(description),'CSRF')" -u https://target.comIf you would like to contribute to this project, please feel free to fork the repository and submit a pull request.
To prevent accidental overwrites, you can mark templates you've manually customized with a comment at the end. Add the line # Enhanced as the last line of the template file.
This project is licensed under the MIT License.
If you have any questions or feedback, please feel free to contact the project maintainers.
~~ Please use it responsibly!
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent