From cfc53f67f989a000a1172378c0e134a8fbbf2b3a Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 5 Nov 2013 20:19:41 +0100
Subject: [PATCH 1/5] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 37 ++++++++++++++++++++++++++-----------
 1 file changed, 26 insertions(+), 11 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index d06857ee..292570c3 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -4612,13 +4612,11 @@
 
   <plugin name="wp-super-cache">
     <vulnerability>
-      <title>WP-Super-Cache - Remote Code Execution</title>
+      <title>WP-Super-Cache 1.3 - Remote Code Execution</title>
       <references>
         <url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
         <url>http://wordpress.org/support/topic/pwn3d</url>
-        <url>
-          http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
-        </url>
+        <url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
       </references>
       <type>RCE</type>
       <fixed_in>1.3.1</fixed_in>
@@ -6308,8 +6306,10 @@
 
   <plugin name="related-posts-by-zemanta">
     <vulnerability>
-      <title>Related Posts by Zemanta - Cross-Site Request Forgery Vulnerability</title>
+      <title>Related Posts by Zemanta 1.3.1 - Cross-Site Request Forgery Vulnerability</title>
       <references>
+        <osvdb>93364</osvdb>
+        <cve>2013-3477</cve>
         <secunia>53321</secunia>
       </references>
       <type>CSRF</type>
@@ -6319,19 +6319,22 @@
 
   <plugin name="wordpress-23-related-posts-plugin">
     <vulnerability>
-      <title>WordPress Related Posts - Cross-Site Request Forgery Vulnerability</title>
+      <title>WordPress Related Posts 2.6.1 - Cross-Site Request Forgery Vulnerability</title>
       <references>
+        <osvdb>93362</osvdb>
+        <cve>2013-3476</cve>
         <secunia>53279</secunia>
       </references>
       <type>CSRF</type>
-      <fixed_in>2.6.2</fixed_in>
+      <fixed_in>2.7.2</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="related-posts">
     <vulnerability>
-      <title>Related Posts - Cross-Site Request Forgery Vulnerability</title>
+      <title>Related Posts 2.7.1 - Cross-Site Request Forgery Vulnerability</title>
       <references>
+        <osvdb>93363</osvdb>
         <secunia>53122</secunia>
       </references>
       <type>CSRF</type>
@@ -6444,12 +6447,14 @@
 
   <plugin name="funcaptcha">
     <vulnerability>
-      <title>FunCaptcha - CSRF</title>
+      <title>FunCaptcha 0.3.2- Setting Manipulation CSRF</title>
       <references>
+        <osvdb>92272</osvdb>
+        <secunia>53021</secunia>
         <url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
       </references>
-      <type>UNKNOWN</type>
-      <fixed_in>0.33</fixed_in>
+      <type>CSRF</type>
+      <fixed_in>0.3.3</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -7892,4 +7897,14 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="live-comment-preview">
+    <vulnerability>
+      <title>Live Comment Preview 2.0.2 - Comment Field Preview XSS</title>
+      <references>
+        <osvdb>92944</osvdb>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

From a825774341e8a730057a1b4f3002f6ae66548643 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 6 Nov 2013 08:56:35 +0100
Subject: [PATCH 2/5] Added OSVDB #99345

---
 data/plugin_vulns.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 292570c3..4cbd9f16 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7847,6 +7847,17 @@
       <type>UNKNOWN</type>
       <fixed_in>2.0.20</fixed_in>
     </vulnerability>
+    <vulnerability>
+      <title>Gallery Bank 2.0.19 - album-gallery-bank-class.php recordsArray Parameter Reflected XSS</title>
+      <references>
+        <osvdb>99345</osvdb>
+        <secunia>55443</secunia>
+        <url>http://www.securityfocus.com/bid/63385</url>
+        <url>http://seclists.org/fulldisclosure/2013/Nov/38</url>
+      </references>
+      <type>XSS</type>
+      <fixed_in>2.0.20</fixed_in>
+    </vulnerability>
   </plugin>
 
   <plugin name="rockhoist-ratings">

From 7122ca872ab3df82219be91ab9058a13ecec313b Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 6 Nov 2013 09:09:22 +0100
Subject: [PATCH 3/5] Added Exploit-DB #29150

---
 data/theme_vulns.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 3b6e583d..27591241 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1881,6 +1881,7 @@
       <references>
         <osvdb>99043</osvdb>
         <url>http://packetstormsecurity.com/files/123799/</url>
+        <url>http://packetstormsecurity.com/files/123820/</url>
       </references>
       <type>CSRF</type>
     </vulnerability>
@@ -1897,6 +1898,16 @@
     </vulnerability>
   </theme>
 
+  <theme name="saico">
+    <vulnerability>
+      <title>Saico - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <exploitdb>29150</exploitdb>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
   <theme name="ThisWay">
     <vulnerability>
       <title>ThisWay - remote shell upload vulnerability</title>

From c751009130c058dfc8376cea86f66500a5978c40 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 6 Nov 2013 09:28:17 +0100
Subject: [PATCH 4/5] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 4cbd9f16..9293a3c9 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7592,6 +7592,7 @@
         <osvdb>98668</osvdb>
         <secunia>55296</secunia>
         <exploitdb>28970</exploitdb>
+        <url>http://packetstormsecurity.com/files/123597/</url>
         <url>http://www.securityfocus.com/bid/63021</url>
       </references>
       <type>XSS</type>

From b14ded29947a6437926ed75366228405b8a4e33c Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 6 Nov 2013 09:39:05 +0100
Subject: [PATCH 5/5] Update wp_vulns.xml

---
 data/wp_vulns.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index 45ea1596..e98941fc 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -34,6 +34,7 @@
         <osvdb>97212</osvdb>
         <cve>2013-4339</cve>
         <secunia>54803</secunia>
+        <url>http://packetstormsecurity.com/files/123589/</url>
         <url>http://core.trac.wordpress.org/changeset/25323</url>
       </references>
       <type>UNKNOWN</type>