ProjectDiscovery Adds Nuclei Checks for WordPress, Synway, and XSS Flaws
ProjectDiscovery's nuclei-templates repository received several pull requests adding or refining detection logic for newly disclosed web vulnerabilities. Proposed templates covered CVE-2026-0561 for cross-site scripting, CVE-2025-69411 for a high-severity path traversal/local file read in the WordPress plugin ioncube-tester-plus, CVE-2026-1405 for a critical SSRF issue in a WordPress REST API endpoint, and an unauthenticated remote command execution flaw in Synway SMG Gateway via 9-2radius.php. The submissions generally reported validation against vulnerable and patched targets to reduce false positives, with several marked ready for merge pending maintainer review.
The WordPress ioncube-tester-plus template demonstrated file disclosure through loader-wizard.php by abusing the ininame parameter to retrieve /etc/passwd, while the slider-future WordPress template showed SSRF by sending an external image_url to /wp-json/slider-future/v1/upload-image/ and confirming outbound DNS interaction through OAST. The Synway SMG Gateway submission described command injection through the radius_address parameter reaching a system() call, but automated review flagged template quality problems including weak matching logic and missing metadata. Separately, a fix was proposed for the CVE-2025-71243 template after reports of frequent false positives, replacing reflection-based checks with md5-based proof of code execution to improve accuracy.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
10 events from the most recent confirmed update back to the earliest known activity.
Five WordPress plugin CVE Nuclei templates submitted and refined
A GitHub pull request added five unauthenticated Nuclei templates for WordPress plugin CVEs covering PHP object injection, path traversal, SSRF, and SQL injection. During review, several templates were revised to improve safety and reliability, including converting some checks to version-detection-only, adding stronger path traversal validation, and changing one SQL injection test to a time-based blind technique.
Nuclei template submitted for CVE-2025-2558 The Wound file-read flaw
A pull request introduced a Nuclei template for CVE-2025-2558 affecting the WordPress theme 'The Wound.' The included validation showed path traversal in force_download.php could retrieve ../../../wp-config.php, exposing WordPress configuration data and authentication salts.
Nuclei template submitted for CVE-2025-14437 WordPress log exposure
A pull request proposed a Nuclei template for CVE-2025-14437, targeting public exposure of a WordPress debug log file at /wp-content/wphb-logs/api-debug.log. Validation output showed the log could disclose sensitive Cloudflare credentials, including an X-Auth-Key, X-Auth-Email, and Bearer token, and the submitter said the template was tested against vulnerable and patched setups.
Nuclei template submitted for CVE-2025-68043 LottieFiles auth flaw
A pull request proposed a Nuclei template for CVE-2025-68043, a missing authorization vulnerability in the LottieFiles WordPress plugin up to version 3.0.0. The template targeted the unauthenticated /wp-json/lottiefiles/v1/settings/ endpoint and attempted to extract exposed tokens or API keys from the JSON response.
Nuclei template submitted for CVE-2026-1405 WordPress SSRF
A pull request added a Nuclei template for CVE-2026-1405, with validation output showing an unauthenticated WordPress REST API endpoint accepting an external image_url and triggering an outbound DNS lookup. The evidence demonstrated SSRF behavior and the issue was marked critical in the scan output.
Automated review flags quality issues in Synway SMG Gateway RCE template
An automated ProjectDiscovery review reported one high-severity and four medium-severity issues in the Synway SMG Gateway RCE template submission. The review cited an ID mismatch, non-English fields, missing metadata, and a weak regex matcher that could increase false positives, and recommended corrective changes before merge.
Synway SMG Gateway RCE detection template proposed
A pull request proposed a Nuclei template for an unauthenticated remote command execution flaw in Synway SMG Gateway through 9-2radius.php, where the radius_address parameter allegedly reached a system() call. The submitter said the template was tested against both vulnerable and patched targets.
Nuclei template submitted for CVE-2025-69411 WordPress file-read flaw
A pull request introduced a Nuclei template for CVE-2025-69411 in the WordPress plugin ioncube-tester-plus. The included proof of concept showed a crafted request to loader-wizard.php retrieving /etc/passwd via path traversal/local file read.
CVE-2025-71243 Nuclei template fix proposed to reduce false positives
A pull request proposed changes to the existing CVE-2025-71243 detection template after the contributor found that SPIP could reflect user input and cause many false positives. The update switched to using md5-based evidence of code execution and reduced repeated http(1) execution to improve accuracy.
Nuclei template submitted for CVE-2026-0561 XSS vulnerability
Contributor Sechunt3r opened a pull request to add a Nuclei template for CVE-2026-0561, described as an XSS vulnerability. The submission said the template was validated against both vulnerable and patched targets to confirm true positives and reduce false positives.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
9 references tracked. Mallory keeps watching after this page renders.
[New Templates] Add 5 WordPress Plugin CVE Templates (Round 3) by eyangfeng88-arch · Pull Request #15915 · projectdiscovery/nuclei-templates · GitHub
github.com
Open sourceCreate CVE-2025-2558.yaml by pussycat0x · Pull Request #15851 · projectdiscovery/nuclei-templates · GitHub
github.com
Open sourceCreate CVE-2025-14437.yaml by pussycat0x · Pull Request #15703 · projectdiscovery/nuclei-templates · GitHub
github.com
Open sourceCreate CVE-2025-68043.yaml by pussycat0x · Pull Request #15671 · projectdiscovery/nuclei-templates · GitHub
github.com
Open sourcefix(CVE-2025-71243): many false positives for pages that echo back input by p-l- · Pull Request #15665 · projectdiscovery/nuclei-templates · GitHub
github.com
Open sourceCreate CVE-2025-69411.yaml by pussycat0x · Pull Request #15659 · projectdiscovery/nuclei-templates · GitHub
github.com
Open sourceAdd Synway SMG Gateway 9-2radius.php RCE template by whatyourname12345 · Pull Request #15661 · projectdiscovery/nuclei-templates · GitHub
github.com
Open sourceCreate CVE-2026-1405.yaml by pussycat0x · Pull Request #15662 · projectdiscovery/nuclei-templates · GitHub
github.com
Open sourceAdd CVE-2026-0561.yaml for XSS Vulnerability by Sechunt3r · Pull Request #15649 · projectdiscovery/nuclei-templates · GitHub
github.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Nuclei Templates Added for WordPress SSTI and Nginx UI Access Control Flaws
ProjectDiscovery contributors opened and advanced Nuclei template pull requests for two newly tracked vulnerabilities: **`CVE-2026-4257`**, a **server-side template injection** issue in the **WordPress Contact Form by Supsystic** plugin, and **`CVE-2026-33032`**, a **broken access control** flaw in **Nginx UI**. The GitHub activity shows template development intended to support detection of both issues, with one pull request referencing a new `CVE-2026-4257.yaml` file and another marked ready to merge for the Nginx UI vulnerability. The available records are limited to repository metadata and do not include technical write-ups, affected version ranges, exploitation details, or vendor remediation guidance. Even so, the publication of detection content for these CVEs indicates that security researchers are operationalizing checks for exposed systems, and defenders using Nuclei should watch for template releases covering both the WordPress plugin SSTI and the Nginx UI authorization weakness.
Apr 16, 2026
Nuclei Templates Added for Exposed WordPress JetBackup and FastDup Directories
ProjectDiscovery received pull requests adding new Nuclei detection templates for **CVE-2023-7165** and **CVE-2023-6592**, both covering information disclosure flaws in WordPress components that expose sensitive directories over HTTP. The `CVE-2023-7165` template identified publicly accessible JetBackup files under `/wp-content/uploads/jetbackup/`, where directory listing was enabled and backup artifacts included a SQL database dump and `wp-config.php`. Validation output showed successful detection on a live target returning `200 OK`, highlighting the risk of attackers retrieving full site backups and configuration data. A second template for `CVE-2023-6592` targeted the FastDup plugin, detecting an exposed logs directory at `/wp-content/plugins/fastdup/logs/` with directory indexing enabled and a visible `fastdup_log.txt` file. The contributor reported testing against both vulnerable and patched setups to limit false positives, while ProjectDiscovery’s automated review found no security issues in either template itself, though it flagged metadata inconsistencies in the FastDup submission such as mismatched search dorks and an inaccurate request count.
May 24, 2026
ProjectDiscovery Reviews New Nuclei Checks for Odoo Disclosure and CVE-2026-3055
ProjectDiscovery's `nuclei-templates` repository received two new vulnerability detection submissions: one for an **Odoo website information disclosure** issue and another for **`CVE-2026-3055`**. The Odoo template, submitted in pull request `#15693` by `aushack`, adds a check intended to identify exposed information on Odoo websites. The contributor said the template was validated against both a vulnerable target and a patched or non-vulnerable target to confirm detection accuracy and reduce false positives. A separate pull request, `#15721`, submitted by `shaikhyaser`, proposes a Nuclei template for `CVE-2026-3055`, a flaw discussed as potentially requiring a **SAML-enabled environment** and possibly involving **memory leakage**. Review comments in the repository show maintainers questioned whether the memory leak had been successfully reproduced, indicating the template's effectiveness and exploitability were still being evaluated and that the submission had not yet been merged at the time of review.
Mar 30, 2026