From 27a6aed7441db9ba27f22cf8218f7653aa4e4e98 Mon Sep 17 00:00:00 2001
From: ethicalhack3r <ryandewhurst@gmail.com>
Date: Sun, 27 Jan 2013 16:12:23 +0100
Subject: [PATCH] Added plupload XSS issue to older versions of wp.

---
 data/wp_vulns.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index 1f4bc32b..9661998f 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -40,6 +40,11 @@
   </wordpress>
 
   <wordpress version="3.4.2">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>WordPress 3.4.2 Cross Site Request Forgery</title>
       <reference>http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html</reference>
@@ -58,6 +63,11 @@
   </wordpress>
 
   <wordpress version="3.4.1">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>XMLRPC Pingback API Internal/External Port Scanning</title>
       <reference>https://github.com/FireFart/WordpressPingbackPortScanner</reference>
@@ -71,6 +81,11 @@
   </wordpress>
 
   <wordpress version="3.4">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>XMLRPC Pingback API Internal/External Port Scanning</title>
       <reference>https://github.com/FireFart/WordpressPingbackPortScanner</reference>
@@ -84,6 +99,11 @@
   </wordpress>
 
   <wordpress version="3.4-beta4">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
       <reference>http://www.exploit-db.com/exploits/18791/</reference>
@@ -102,6 +122,11 @@
   </wordpress>
 
   <wordpress version="3.3.3">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>XMLRPC Pingback API Internal/External Port Scanning</title>
       <reference>https://github.com/FireFart/WordpressPingbackPortScanner</reference>
@@ -115,6 +140,11 @@
   </wordpress>
 
   <wordpress version="3.3.2">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
       <reference>http://www.exploit-db.com/exploits/18791/</reference>