From 61001c2aefac8dd3afdb0fdbcc628a2adc2a2fbe Mon Sep 17 00:00:00 2001
From: Zaki Akhmad <za@students.ee.itb.ac.id>
Date: Fri, 13 Sep 2013 14:16:07 +0700
Subject: [PATCH] Add PHP Object Injection vulnerability disclosed by Tom Van
 Goethem

---
 data/wp_vulns.xml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index b05c0139..f9154631 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -3,6 +3,19 @@
 <vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:noNamespaceSchemaLocation="vuln.xsd">
 
+  <wordpress version="3.6">
+    <vulnerability>
+      <title>PHP Object Injection</title>
+      <references>
+        <url>http://vagosec.org/2013/09/wordpress-php-object-injection/</url>
+        <url>http://www.openwall.com/lists/oss-security/2013/09/12/1</url>
+        <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340</url>
+        <cve>2013-4340</cve>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+  </wordpress>
+
   <wordpress version="3.5.2">
     <vulnerability>
       <title>SWFUpload Content Spoofing</title>