False positive CVE-2020-35489

[akincibor]

Nuclei Version:

Latest

Template file:

cves/2020/CVE-2020-35489.yaml

Command to reproduce:

I got positive for this, there is ^ before = in the regex :

== Changelog ==

For more information, see Releases.

= 5.5.4 =

https://contactform7.com/contact-form-7-554/

= 5.5.3 =

https://contactform7.com/contact-form-7-553/

= 5.5.2 =

• REST API: Removes argument schema reference that causes error when the form has 'id' field.
• Changes method names that are reserved in PHP 5.6.

= 5.5.1 =

• Fixed: Reserved keyword was used in PHP class constant name.
• Fixed: Uncaught TypeError on in_array() call.

= 5.5 =

https://contactform7.com/contact-form-7-55/

= 5.4.2 =

https://contactform7.com/contact-form-7-542/

= 5.4.1 =

https://contactform7.com/contact-form-7-541/

= 5.4 =

https://contactform7.com/contact-form-7-54/

== Upgrade Notice ==

[ehsandeep]

@2pifinance can you share the example respose?

[akincibor]

nuclei -l target.txt -t cves/2020/CVE-2020-35489.yaml

I got a lot of false positive but only one of them was positive:

[2022-02-23 13:11:35] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:11:36] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt

This CVE impact Contact Form 7 plugin before 5.3.2 and here you will see below that the version is 5.5.3.

echo https://REDACTED/wp-content/plugins/contact-form-7/readme.txt | httpx -debug-resp

HTTP/1.1 200 OK Connection: close Accept-Ranges: bytes Content-Type: text/plain Date: Wed, 23 Feb 2022 12:11:35 GMT Etag: "119c-5d88452622640-gzip" Keep-Alive: timeout=5, max=297 Last-Modified: Mon, 21 Feb 2022 10:01:53 GMT Vary: Accept-Encoding X-Cache-Info: cached

=== Contact Form 7 === Contributors: takayukister Donate link: https://contactform7.com/donate/ Tags: contact, form, contact form, feedback, email, ajax, captcha, akismet, multilingual Requires at least: 5.7 Tested up to: 5.8 Stable tag: 5.5.3 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html

Just another contact form plugin. Simple but flexible.

== Description ==

Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.

= Docs and support =

You can find docs, FAQ and more detailed information about Contact Form 7 on contactform7.com. When you can't find the answer to your question on the FAQ or in any of the documentation, check the support forum on WordPress.org. If you can't locate any topics that pertain to your particular issue, post a new topic for it.

= Contact Form 7 needs your support =

It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using Contact Form 7 and find it useful, please consider making a donation. Your donation will help encourage and support the plugin's continued development and better user support.

= Privacy notices =

With the default configuration, this plugin, in itself, does not:

• track users by stealth;
• write any user personal data to the database;
• send any data to external servers;
• use cookies.

If you activate certain features in this plugin, the contact form submitter's personal data, including their IP address, may be sent to the service provider. Thus, confirming the provider's privacy policy is recommended. These features include:

• reCAPTCHA (Google)
• Akismet (Automattic)
• Constant Contact (Endurance International Group)
• Sendinblue
• Stripe

= Recommended plugins =

The following plugins are recommended for Contact Form 7 users:

• Flamingo by Takayuki Miyoshi - With Flamingo, you can save submitted messages via contact forms in the database.
• Bogo by Takayuki Miyoshi - Bogo is a straight-forward multilingual plugin that doesn't cause headaches.

= Translations =

You can translate Contact Form 7 on translate.wordpress.org.

== Installation ==

1. Upload the entire contact-form-7 folder to the /wp-content/plugins/ directory.
2. Activate the plugin through the Plugins screen (Plugins > Installed Plugins).

You will find Contact menu in your WordPress admin screen.

For basic usage, have a look at the plugin's website.

== Frequently Asked Questions ==

Do you have questions or issues with Contact Form 7? Use these support channels appropriately.

1. Docs
2. FAQ
3. Support forum

Support

== Screenshots ==

1. screenshot-1.png

== Changelog ==

For more information, see Releases.

= 5.5.3 =

https://contactform7.com/contact-form-7-553/

= 5.5.2 =

• REST API: Removes argument schema reference that causes error when the form has 'id' field.
• Changes method names that are reserved in PHP 5.6.

= 5.5.1 =

• Fixed: Reserved keyword was used in PHP class constant name.
• Fixed: Uncaught TypeError on in_array() call.

= 5.5 =

https://contactform7.com/contact-form-7-55/

= 5.4.2 =

https://contactform7.com/contact-form-7-542/

= 5.4.1 =

https://contactform7.com/contact-form-7-541/

= 5.4 =

https://contactform7.com/contact-form-7-54/

== Upgrade Notice == https://REDACTED/wp-content/plugins/contact-form-7/readme.txt

[akincibor]

Here with an other target list :

[2022-02-23 13:24:39] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:24:41] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:24:42] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:24:47] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:24:48] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt [2022-02-23 13:24:49] [CVE-2020-35489] [http] [critical] https://REDACTED/wp-content/plugins/contact-form-7/readme.txt

HTTP response for some:

The first one is real positive with version 5.1.1

HTTP/1.1 200 OK Connection: close Accept-Ranges: bytes Age: 197 Cache-Control: max-age=31622400 Content-Type: text/plain Date: Wed, 23 Feb 2022 12:27:56 GMT Etag: W/"6214dfdc-1de0" Expires: Fri, 24 Feb 2023 12:24:39 GMT Last-Modified: Tue, 22 Feb 2022 13:06:36 GMT Server: nginx Strict-Transport-Security: max-age=300 Traceparent: 00-e5b21efdf0d748fc8fe5ce9634bccfc8-36d9b21ba9594f7f-00 Vary: Accept-Encoding Via: 1.1 varnish, 1.1 varnish X-Cache: MISS, HIT X-Cache-Hits: 0, 1 X-Cloud-Trace-Context: e5b21efdf0d748fc8fe5ce9634bccfc8/3952385979869384575;o=0 X-Pantheon-Styx-Hostname: styx-fe2-b-d8dd6bb59-zlf6l X-Served-By: cache-mdw17349-MDW, cache-cdg20767-CDG X-Styx-Req-Id: 92215681-94a3-11ec-a750-26ee24a5d31a X-Timer: S1645619276.105325,VS0,VE6

=== Contact Form 7 === Contributors: takayukister Donate link: https://contactform7.com/donate/ Tags: contact, form, contact form, feedback, email, ajax, captcha, akismet, multilingual Requires at least: 4.9 Tested up to: 5.0 Stable tag: 5.1.1 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html

Just another contact form plugin. Simple but flexible.

== Description ==

Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.

= Docs & Support =

You can find docs, FAQ and more detailed information about Contact Form 7 on contactform7.com. If you were unable to find the answer to your question on the FAQ or in any of the documentation, you should check the support forum on WordPress.org. If you can't locate any topics that pertain to your particular issue, post a new topic for it.

= Contact Form 7 Needs Your Support =

It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using Contact Form 7 and find it useful, please consider making a donation. Your donation will help encourage and support the plugin's continued development and better user support.

= Privacy Notices =

With the default configuration, this plugin, in itself, does not:

• track users by stealth;
• write any user personal data to the database;
• send any data to external servers;
• use cookies.

If you activate certain features in this plugin, the contact form submitter's personal data, including their IP address, may be sent to the service provider. Thus, confirming the provider's privacy policy is recommended. These features include:

• reCAPTCHA (Google)
• Akismet (Automattic)
• Constant Contact (Endurance International Group)

= Recommended Plugins =

The following plugins are recommended for Contact Form 7 users:

• Flamingo by Takayuki Miyoshi - With Flamingo, you can save submitted messages via contact forms in the database.
• Bogo by Takayuki Miyoshi - Bogo is a straight-forward multilingual plugin that doesn't cause headaches.

= Translations =

You can translate Contact Form 7 on translate.wordpress.org.

== Installation ==

1. Upload the entire contact-form-7 folder to the /wp-content/plugins/ directory.
2. Activate the plugin through the 'Plugins' menu in WordPress.

You will find 'Contact' menu in your WordPress admin panel.

For basic usage, you can also have a look at the plugin web site.

== Frequently Asked Questions ==

Do you have questions or issues with Contact Form 7? Use these support channels appropriately.

1. Docs
2. FAQ
3. Support Forum

Support

== Screenshots ==

1. screenshot-1.png

== Changelog ==

For more information, see Releases.

= 5.1.1 =

• reCAPTCHA: Modifies the reaction to empty response tokens.

= 5.1 =

• Introduces the Constant Contact integration module.
• Updates the reCAPTCHA module to support reCAPTCHA v3.
• Adds Dark Mode style rules.

= 5.0.5 =

• Fixes the inconsistency problem between get_data_option() and get_default_option() in the WPCF7_FormTag class.
• Suppresses PHP errors occur on unlink() calls.
• Introduces wpcf7_is_file_path_in_content_dir() to support the use of the UPLOADS constant.

= 5.0.4 =

• Specifies the capability_type argument explicitly in the register_post_type() call to fix the privilege escalation vulnerability issue.
• Local File Attachment – disallows the specifying of absolute file paths referring to files outside the wp-content directory.
• Config Validator – adds a test item to detect invalid file attachment settings.
• Fixes a bug in the JavaScript fallback function for legacy browsers that do not support the HTML5 placeholder attribute.
• Acceptance Checkbox – unsets the form-tag's do-not-store feature.

= 5.0.3 =

• CSS: Applies the "not-allowed" cursor style to submit buttons in the "disabled" state.
• Acceptance Checkbox: Revises the tag-generator UI to encourage the use of better options in terms of personal data protection.
• Introduces wpcf7_anonymize_ip_addr() function.
• Introduces the consent_for:storage option for all types of form-tags.

= 5.0.2 =

• Added the Privacy Notices section to the readme.txt file.
• Updated the Information meta-box content.
• Use get_user_locale() instead of get_locale() where it is more appropriate.
• Acceptance Checkbox: Reset submit buttons’ disabled status after a successful submission.

= 5.0.1 =

• Fixed incorrect uses of _n().
• Config validation: Fixed incorrect count of alerts in the Additional Settings tab panel.
• Config validation: Fixed improper treatment for the [_site_admin_email] special mail-tag in the From mail header field.
• Acceptance checkbox: The class and id attributes specified were applied to the wrong HTML element.
• Config validation: When there is an additional mail header for mailboxes like Cc or Reply-To, but it has a possible empty value, “Invalid mailbox syntax is used” error will be returned.
• Explicitly specify the fourth parameter of add_action() to avoid passing unintended parameter values.
• Check if the target directory is empty before removing the directory.

= 5.0 =

• Additional settings: on_sent_ok and on_submit have been removed.
• New additional setting: skip_mail
• Flamingo: Inbound channel title changes in conjunction with a change in the title of the corresponding contact form.
• DOM events: Make an entire API response object accessible through the event.detail.apiResponse property.
• HTML mail: Adds language-related attributes to the HTML header.
• File upload: Sets the accept attribute to an uploading field.
• Introduces the WPCF7_MailTag class.
• Allows aborting a mail-sending attempt using the wpcf7_before_send_mail action hook. Also, you can set a custom status and a message through the action hook.
• Acceptance checkbox: Allows the specifying of a statement of conditions in the form-tag’s content part.
• Acceptance checkbox: Supports the optional option.
• New special mail tags: [_site_title], [_site_description], [_site_url], [_site_admin_email], [_invalid_fields], [_user_login], [_user_email], [_user_url], [_user_first_name], [_user_last_name], [_user_nickname], and [_user_display_name]
• New filter hooks: wpcf7_upload_file_name, wpcf7_autop_or_not, wpcf7_posteddata{$type}, and wpcf7_mail_tagreplaced{$type}
• New form-tag features: zero-controls-container and not-for-mail

== Upgrade Notice ==

= 5.1.1 =

Read the release announcement post before upgrading. There is an important notice.

= 5.0.4 =

This is a security and maintenance release and we strongly encourage you to update to it immediately. For more information, refer to the release announcement post. https://REDACTED/wp-content/plugins/contact-form-7/readme.txt

[akincibor]

This one have 5.3.2 it's a false positive:

HTTP/1.1 200 OK Connection: close Accept-Ranges: bytes Content-Type: text/plain Date: Wed, 23 Feb 2022 12:32:55 GMT Etag: "18ff-5b7af34d543a0-gzip" Last-Modified: Wed, 30 Dec 2020 14:20:17 GMT Server: Apache Upgrade: h2,h2c Vary: Accept-Encoding

=== Contact Form 7 === Contributors: takayukister Donate link: https://contactform7.com/donate/ Tags: contact, form, contact form, feedback, email, ajax, captcha, akismet, multilingual Requires at least: 5.4 Tested up to: 5.6 Stable tag: 5.3.2 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html

Just another contact form plugin. Simple but flexible.

== Description ==

Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.

= Docs and support =

You can find docs, FAQ and more detailed information about Contact Form 7 on contactform7.com. When you can't find the answer to your question on the FAQ or in any of the documentation, check the support forum on WordPress.org. If you can't locate any topics that pertain to your particular issue, post a new topic for it.

= Contact Form 7 needs your support =

It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using Contact Form 7 and find it useful, please consider making a donation. Your donation will help encourage and support the plugin's continued development and better user support.

= Privacy notices =

With the default configuration, this plugin, in itself, does not:

• track users by stealth;
• write any user personal data to the database;
• send any data to external servers;
• use cookies.

If you activate certain features in this plugin, the contact form submitter's personal data, including their IP address, may be sent to the service provider. Thus, confirming the provider's privacy policy is recommended. These features include:

• reCAPTCHA (Google)
• Akismet (Automattic)
• Constant Contact (Endurance International Group)

= Recommended plugins =

The following plugins are recommended for Contact Form 7 users:

• Flamingo by Takayuki Miyoshi - With Flamingo, you can save submitted messages via contact forms in the database.
• Bogo by Takayuki Miyoshi - Bogo is a straight-forward multilingual plugin that doesn't cause headaches.

= Translations =

You can translate Contact Form 7 on translate.wordpress.org.

== Installation ==

1. Upload the entire contact-form-7 folder to the /wp-content/plugins/ directory.
2. Activate the plugin through the Plugins screen (Plugins > Installed Plugins).

You will find Contact menu in your WordPress admin screen.

For basic usage, have a look at the plugin's website.

== Frequently Asked Questions ==

Do you have questions or issues with Contact Form 7? Use these support channels appropriately.

1. Docs
2. FAQ
3. Support forum

Support

== Screenshots ==

1. screenshot-1.png

== Changelog ==

For more information, see Releases.

= 5.3.2 =

• Removes control, separator, and other types of special characters from filename to fix the unrestricted file upload vulnerability issue.
• Akismet: Sets ISO 8601 date/time format for the comment_date_gmt parameter.

= 5.3.1 =

• Flamingo: Passes the last_contacted parameter based on the submission timestamp.

= 5.3 =

• Block Editor: Introduces the contact form selector block type.
• Renames the 'images' directory to 'assets'.
• New filter hook: wpcf7_form_tag_date_option.
• Date: Makes all DateTime date formats available for min and max options.
• Date: Converts the default value to Y-m-d date format string.
• Disallowed list: Deprecates the wpcf7_submission_is_blacklisted filter hook in favor of wpcf7_submission_has_disallowed_words.
• Accessibility: Sets the aria-describedby attribute for invalid fields.
• Default form template: Removes the "(required)" labels from required fields. Adds "(optional)" to optional fields instead.
• Default mail template: Uses site-related special mail-tags.

= 5.2.2 =

• Fixed: A REST API call aborted with a PHP fatal error when the WPCF7_USE_PIPE constant value was false.
• Introduces the wpcf7_doing_it_wrong() function.
• Sets the trigger_error() function’s $error_type parameter explicitly.
• Makes the wpcf7_special_mail_tags filter functions’ $mail_tag parameter optional.

= 5.2.1 =

• Makes the [contact-form-7 404 "Not Found"] message localizable.
• REST API: Adds the permission_callback argument to every endpoint definition.
• Flamingo: Uses id() instead of id, if available.
• Fixed: The free_text option did not work correctly with the exclusive option.
• Applies wpcf7_mail_tag_replaced filters even when the $posted_data is null.
• Adds custom mail-tag replacement for quiz fields.
• Admin: Updates the date column format in the list table.

= 5.2 =

• Submission: Introduces the $posted_data_hash and $skip_spam_check properties.
• Submission: Introduces the wpcf7_skip_spam_check filter hook.
• Contact form: Introduces the pref() method.
• REST API: Adds parsed form-tags data to the response.
• REST API: Deprecates the wpcf7_ajax_json_echo and wpcf7_ajax_onload filter hooks and introduces the wpcf7_feedback_response and wpcf7_refill_response filter hooks as alternatives.
• Frontend CSS: Style rules for the response output refer to the form element’s class attribute.
• Frontend JavaScript: Abolishes the use of jQuery events.
• reCAPTCHA: Moves script code to a separate file.
• reCAPTCHA: Changes the name of the field for reCAPTCHA response token from g-recaptcha-response to _wpcf7_recaptcha_response.

== Upgrade Notice == https://REDACTED/wp-content/plugins/contact-form-7/readme.txt