This repository was archived by the owner on Oct 22, 2020. It is now read-only.
This repository was archived by the owner on Oct 22, 2020. It is now read-only.
Search Exploit Modules using WPScan Vulnerability Database ID (WPVDB ID) #58
Description
Exploit modules in WordPress Exploit Framework often have a name which is similar to what is recorded in the WPScan Vulnerability Database, but not exactly the same.
Here is an example:
The name in the module is Creative Contact Form Shell Upload whereas the name in the WPScan Vulnerability Database is Creative Contact Form <= 0.9.7 Shell Upload. This makes searching by name difficult...
Every vulnerability recorded in the WPScan Vulnerability Database has a unique ID. The author of module in my example has included the ID under references:
references: [
['EDB', '35057'],
['WPVDB', '7652']
], So what I'm proposing is the ability to search WordPress Exploit Framework using the WPScan Vulnerability Database ID (WPVDB ID).
Searching by ID has several advantages, such as:
- IDs are immutable (they should never change) whereas a title might change, for example if a vulnerability is submitted with a typo/spelling mistake.
- If a vulnerability includes punctuation in the name such as a hyphen, it is easy for this to be reproduced incorrectly (‒, –, —, ―). There's no such ambiguity with a numeric ID.
- If in the future the WPScan Vulnerability Database decides to support multiple languages, the ID remains consistent across languages.