garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #356 from pvdl/vulns

Browse Source 
Update WordPress Vulnerabilities
This commit is contained in:
Ryan Dewhurst
2013-11-06 01:21:21 -08:00
parent 24466b779b b14ded2994
commit 01c45afa10
3 changed files with 50 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
data/plugin_vulns.xml
View File

@@ -4612,13 +4612,11 @@
<plugin name="wp-super-cache"> <plugin name="wp-super-cache">
<vulnerability> <vulnerability>
<title>WP-Super-Cache - Remote Code Execution</title> <title>WP-Super-Cache 1.3 - Remote Code Execution</title>
<references> <references>
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url> <url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
<url>http://wordpress.org/support/topic/pwn3d</url> <url>http://wordpress.org/support/topic/pwn3d</url>
<url> <url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
</url>
</references> </references>
<type>RCE</type> <type>RCE</type>
<fixed_in>1.3.1</fixed_in> <fixed_in>1.3.1</fixed_in>
@@ -6308,8 +6306,10 @@
<plugin name="related-posts-by-zemanta"> <plugin name="related-posts-by-zemanta">
<vulnerability> <vulnerability>
<title>Related Posts by Zemanta - Cross-Site Request Forgery Vulnerability</title> <title>Related Posts by Zemanta 1.3.1 - Cross-Site Request Forgery Vulnerability</title>
<references> <references>
<osvdb>93364</osvdb>
<cve>2013-3477</cve>
<secunia>53321</secunia> <secunia>53321</secunia>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
@@ -6319,19 +6319,22 @@
<plugin name="wordpress-23-related-posts-plugin"> <plugin name="wordpress-23-related-posts-plugin">
<vulnerability> <vulnerability>
<title>WordPress Related Posts - Cross-Site Request Forgery Vulnerability</title> <title>WordPress Related Posts 2.6.1 - Cross-Site Request Forgery Vulnerability</title>
<references> <references>
<osvdb>93362</osvdb>
<cve>2013-3476</cve>
<secunia>53279</secunia> <secunia>53279</secunia>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
<fixed_in>2.6.2</fixed_in> <fixed_in>2.7.2</fixed_in>
</vulnerability> </vulnerability>
</plugin> </plugin>
<plugin name="related-posts"> <plugin name="related-posts">
<vulnerability> <vulnerability>
<title>Related Posts - Cross-Site Request Forgery Vulnerability</title> <title>Related Posts 2.7.1 - Cross-Site Request Forgery Vulnerability</title>
<references> <references>
<osvdb>93363</osvdb>
<secunia>53122</secunia> <secunia>53122</secunia>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
@@ -6444,12 +6447,14 @@
<plugin name="funcaptcha"> <plugin name="funcaptcha">
<vulnerability> <vulnerability>
<title>FunCaptcha - CSRF</title> <title>FunCaptcha 0.3.2- Setting Manipulation CSRF</title>
<references> <references>
<osvdb>92272</osvdb>
<secunia>53021</secunia>
<url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url> <url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
</references> </references>
<type>UNKNOWN</type> <type>CSRF</type>
<fixed_in>0.33</fixed_in> <fixed_in>0.3.3</fixed_in>
</vulnerability> </vulnerability>
</plugin> </plugin>
@@ -7587,6 +7592,7 @@
<osvdb>98668</osvdb> <osvdb>98668</osvdb>
<secunia>55296</secunia> <secunia>55296</secunia>
<exploitdb>28970</exploitdb> <exploitdb>28970</exploitdb>
<url>http://packetstormsecurity.com/files/123597/</url>
<url>http://www.securityfocus.com/bid/63021</url> <url>http://www.securityfocus.com/bid/63021</url>
</references> </references>
<type>XSS</type> <type>XSS</type>
@@ -7842,6 +7848,17 @@
<type>UNKNOWN</type> <type>UNKNOWN</type>
<fixed_in>2.0.20</fixed_in> <fixed_in>2.0.20</fixed_in>
</vulnerability> </vulnerability>
<vulnerability>
<title>Gallery Bank 2.0.19 - album-gallery-bank-class.php recordsArray Parameter Reflected XSS</title>
<references>
<osvdb>99345</osvdb>
<secunia>55443</secunia>
<url>http://www.securityfocus.com/bid/63385</url>
<url>http://seclists.org/fulldisclosure/2013/Nov/38</url>
</references>
<type>XSS</type>
<fixed_in>2.0.20</fixed_in>
</vulnerability>
</plugin> </plugin>
<plugin name="rockhoist-ratings"> <plugin name="rockhoist-ratings">
@@ -7892,4 +7909,14 @@
</vulnerability> </vulnerability>
</plugin> </plugin>
<plugin name="live-comment-preview">
<vulnerability>
<title>Live Comment Preview 2.0.2 - Comment Field Preview XSS</title>
<references>
<osvdb>92944</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
</vulnerabilities> </vulnerabilities>

11
data/theme_vulns.xml
View File

@@ -1881,6 +1881,7 @@
<references> <references>
<osvdb>99043</osvdb> <osvdb>99043</osvdb>
<url>http://packetstormsecurity.com/files/123799/</url> <url>http://packetstormsecurity.com/files/123799/</url>
<url>http://packetstormsecurity.com/files/123820/</url>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
</vulnerability> </vulnerability>
@@ -1897,6 +1898,16 @@
</vulnerability> </vulnerability>
</theme> </theme>
<theme name="saico">
<vulnerability>
<title>Saico - Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>29150</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="ThisWay"> <theme name="ThisWay">
<vulnerability> <vulnerability>
<title>ThisWay - remote shell upload vulnerability</title> <title>ThisWay - remote shell upload vulnerability</title>

1
data/wp_vulns.xml
View File

@@ -34,6 +34,7 @@
<osvdb>97212</osvdb> <osvdb>97212</osvdb>
<cve>2013-4339</cve> <cve>2013-4339</cve>
<secunia>54803</secunia> <secunia>54803</secunia>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url> <url>http://core.trac.wordpress.org/changeset/25323</url>
</references> </references>
<type>UNKNOWN</type> <type>UNKNOWN</type>