This project provides a massive up-to-date collection of Nuclei templates that can be used to scan for vulnerabilities in WordPress. The templates are based on the vulnerability reports of Wordfence.com.

This project is a valuable resource for anyone who wants to scan for vulnerabilities in WordPress-based websites. The templates are easy to use and up-to-date, and they are open source so you can modify them to fit your specific needs. If you are responsible for the security of a website that uses WordPress, I highly recommend using this project to scan for vulnerabilities.

• The templates are easy to use and can be run with a single command.
• The templates are based on the vulnerability reports of Wordfence.com.
• The templates are updated regularly to ensure that they are always up-to-date with the latest vulnerabilities.
• The templates are open source, so you can modify them to fit your specific needs.
• Manually enhanced templates can be marked to avoid overwriting them.

To use the templates, you will need to install Nuclei and this nuclei-wordfence-cve repository. Once you have installed Nuclei, you can run the following command to scan for vulnerabilities:

nuclei -t github/topscoder/nuclei-wordfence-cve -u https://target.com

To install this nuclei-wordfence-cve repository, you can use the following command:

export GITHUB_TEMPLATE_REPO=topscoder/nuclei-wordfence-cve
nuclei -update-templates

Here are some examples how to use the templates:

• To scan for all known vulnerabilities in WordPress, you can run the following command:

nuclei -t github/topscoder/nuclei-wordfence-cve -u https://target.com

• To scan for a CVE specific vulnerability, you can run the following command:

nuclei -t github/topscoder/nuclei-wordfence-cve -template-id cve-2023-32961 -u https://target.com

• To scan only for critical vulnerabilities, you can run the following command:

nuclei -t github/topscoder/nuclei-wordfence-cve -severity critical -u https://target.com

• To scan only for WordPress core vulnerabilities, you can run the following command:

nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-core -u https://target.com

• To scan only for WordPress plugin vulnerabilities, you can run the following command:

nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-plugin -u https://target.com

• To scan only for WordPress theme vulnerabilities, you can run the following command:

nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-theme -u https://target.com

• To go wild, you can combine and combine and combine:

nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-plugin,wp-theme -severity critical,high

• To go even wilder, you can use the template condition flag (-tc) that allows complex expressions like the following ones:

nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'cross-site scripting') || contains(to_upper(name),'XSS')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'sql injection') || contains(to_lower(description),'sql injection')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'file inclusion') || contains(to_lower(description),'file inclusion')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_upper(name),'CSRF') || contains(to_upper(description),'CSRF')" -u https://target.com

If you would like to contribute to this project, please feel free to fork the repository and submit a pull request.

Manually enhanced templates can be marked with # Enhanced in last line of the template to avoid the template to be overwritten by accident.

This project is licensed under the MIT License.

If you have any questions or feedback, please feel free to contact the project maintainers.

~~ Please use it responsibly!