Added CVE-2020-36731 (vKEV)

[popcorn94]

Template / PR Information

• Added CVE-2020-36731
  This CVE is actually CSRF to stored XSS, so is authenticated . Have send manual and debug data over email. Thanks.
• References: https://github.com/WPPlugins/flexible-checkout-fields/archive/refs/heads/master.zip (plugin)

Template Validation

I've validated this template locally?

• YES
• NO

Additional Details (leave it blank if not applicable)

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[DhiyaneshGeek]

Validated Locally

LGTM !

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.10

		projectdiscovery.io

[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.2.9 (latest)
[INF] New templates added in latest release: 182
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[CVE-2020-36731] Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update (@popcorn94) [high]
[CVE-2020-36731] [http] [high] http://localhost:8080/wp-admin/admin.php?page=inspire_checkout_fields_settings&tab=fields_order

[algora-pbc]

🎉🎈 @popcorn94 has been awarded $200 by ProjectDiscovery! 🎈🎊