Leftover template

[james-b-1]

Hi,

I recently gone through a lot of the templates here to look for any duplication. I found several valid cases for duplication, either because they had multiple affected plugins/themes so each repeated template was actually looking for a different plugin/theme. I did however find some true duplicates, but that was on WordFence's part, since we only create templates according their database.

• CVE-2015-10122-wp_donate: 5ef36265-bf71-4b6a-ae76-9318d6896aac | 58bd4a75-8e24-4810-8b9d-c9ffad1c2208
• CVE-2025-46248-frontend_dashboard: 689c2af7-026e-46a1-8a26-9b909ba930b0 | 85fdf21b-0d16-4404-aad0-a2eae12f5db5
• CVE-2023-0761-clock_in_portal: 51ce7b71-0a19-48ef-8748-3848742c542b | d8ec03c6-6ea9-4017-915a-e10b757d98ff
• CVE-2023-0762-clock_in_portal: c6b17e90-42df-47ed-9e92-f5f1b990f921 | cc97109c-187f-43b7-b5ed-5afeec5ea8fd
• CVE-2023-0763-clock_in_portal: ddc0261d-56ed-47a6-a0b2-0ab5f9dee815 | 5c852fa1-698b-4e72-b781-095e2a98df81
• CVE-2023-35776-sermone_online_sermons_management: 08b5f399-018c-4e0b-aefc-55463d4ac48d | 0e1bfb29-80e7-4122-ab61-ef7c1dd8ebaa
• CVE-2023-32237-thegem: 6134c76d-754b-4e54-aa4e-b791d9321b8e | fc4d4103-a19a-45a5-9059-23eb7f72c84b
• CVE-2023-0272-nex_forms_express_wp_form_builder: 0485eed3-4ee9-4b22-99d6-67e6eec1c0ff | fd817fe9-b7be-4252-877a-e9843d62a0a9
• CVE-2022-37405-better_font_awesome: 2d70b9b6-a1f0-4449-8d1a-ae16dbcc844d | 0f7f9d85-c376-45c5-91ab-559864f598c5
• CVE-2022-44631-1app_business_forms: 65ab07e8-4cba-4d81-8e80-8c6c96c1095e | 30295480-3d20-412f-a7fd-3f18d425fdc0
• CVE-2022-47612-participants_database: 44d61e62-436f-4731-b447-a2adbbb96e55 | e764e567-524e-40b9-aa9f-653a5553375d
• CVE-2022-2271-wp_database_backup: 5ccd7f4e-46c6-4783-9a3f-30c72bbc981e | 5f49670e-6a7f-46f9-ad1e-44f66dc32f7b
• CVE-2022-3908-helloprint: c7cdfa6a-1555-494f-9802-bf92b90e7d9a | c508d38c-f5e3-4193-8209-0083a8a18da4
• CVE-2018-12534-quick_chat: d4095518-0daf-4cfe-a521-86fb1c927f51 | c8effa36-de47-4a24-af76-fb10e9f6da0b
• CVE-2024-54242-simple_notification: 191521ba-817e-4a7f-99df-3fe9cc1c5de3 | 8d6637f7-7035-4355-9c9d-193ea87c6e62
• CVE-2024-54240-blaze_online_eparcel_for_woocommerce: da58f0d5-1608-4c45-89a5-bc5bd358263e | eeca3208-2cab-4c03-935f-8f657d7ca87f
• CVE-2024-13116-crelly_slider: 1c94b876-0cc2-49bc-82e5-2c64bbf4e088 | d3945a60-6be2-4ce5-850e-a214523fb584
• CVE-2024-10560-form_maker: 7350bb9f-8c75-4292-9769-bccb3805292e | 77032f07-c9c1-417f-980c-df4029aadb66
• CVE-2024-5287-wp_affiliate_platform: 6c4ae561-85f6-4fc5-bbd6-a4946dc1a714 | d1354ba0-bc2b-40ff-bcfa-61987afba87b
• CVE-2024-23505-dearpdf_lite: 317b2035-e5c7-47a9-a76c-11157127b6c2 | 4b9aa41e-34bf-4bfb-a341-e101e3771f7a

So I reported these to wordfence, and it seems some action has been taken on the first one, you'll see 1 link is only working. Plus, 8f2020b seems to have reflected this. The others still exist. But now, the duplicate CVE template remains as you can see CVE-2015-10122-wp_donate-5ef36265-bf71-4b6a-ae76-9318d6896aac.yaml, CVE-2015-10122-wp_donate-58bd4a75-8e24-4810-8b9d-c9ffad1c2208.yaml. So I don't know how this will turn out, but letting you know, maybe others will be taken care of and get removed and leave artifacts.

[topscoder]

Thanks James. I will take a look into it when I have time and will report back here.

[edx-sayed-salem]

Hi, WordFence replied and said they had the duplicates removed. I saw some recent commits here about the removal indeed i.e. d26b523, a4a2c80 .

The artifacts remain, as pointed out before. Thanks for your time.

[topscoder]

@edx-sayed-salem can you please verify if it's fixed now? :)

[topscoder]

CVE-2015-10122-wp_donate-5ef36265-bf71-4b6a-ae76-9318d6896aac.yaml, CVE-2015-10122-wp_donate-58bd4a75-8e24-4810-8b9d-c9ffad1c2208.yaml

Regarding the two templates you mentioned, I see they are both reported by Wordfence as separate issues. You can see it as they both have a different ID in the Wordfence URL:

1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5ef36265-bf71-4b6a-ae76-9318d6896aac?source=api-prod
2. https://www.wordfence.com/threat-intel/vulnerabilities/id/58bd4a75-8e24-4810-8b9d-c9ffad1c2208?source=api-prod

So if it's a duplication, it's up to Wordfence to deduplicate :)

[james-b-1]

Yes, and they did remove the duplicates. I'm saying after they removed them, this repo still had them as multiple templates (leftovers/artifacts).

[edx-sayed-salem]

@edx-sayed-salem can you please verify if it's fixed now? :)

Hello :)

Hmm, if it is about the leftovers then it is still there.

See these 2 based on the list above mentioned. Both same CVE:

• CVE-2023-0761-clock_in_portal-51ce7b71-0a19-48ef-8748-3848742c542b.yaml , and this is the advisory.

• CVE-2023-0761-clock_in_portal-d8ec03c6-6ea9-4017-915a-e10b757d98ff.yaml, and its advisory now shows 404 and original cve-less template was auto-removed (e6ea0e9) some commits ago.

Conclusion, duplicate advisory got removed, github actions removed it from cve-less, but the duplicate template based on it stayed.

[topscoder]

All templates are now removed every day and regenerated entirely based on what Wordfence publishes. So I hope the duplicate-gate will be fixed now 💃