From 2f76277a281d5dfca0c5a2f74978baafb26fb16c Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Fri, 4 Jan 2013 16:35:51 +0100
Subject: [PATCH] Added wp-useronline Persistent XSS & FPD

---
 data/plugin_vulns.xml | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index f39d668c..7d8deb72 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -30,54 +30,66 @@ ryandewhurst at gmail
 
 -->
 <vulnerabilities>
+  <plugin name="wp-useronline">
+    <vulnerability>
+      <title>WP-UserOnline Full Path Disclosure</title>
+      <reference>http://seclists.org/fulldisclosure/2010/Jul/8</reference>
+      <type>FPD</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Wp-UserOnline &lt;= 0.62 Persistent XSS</title>
+      <reference>http://seclists.org/fulldisclosure/2010/Jul/8</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
   <plugin name="levelfourstorefront">
     <vulnerability>
       <title>Shopping Cart 8.1.14 Shell Upload / SQL Injection</title>
       <reference>http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt</reference>
       <type>MULTI</type>
-    <vulnerability>
+    </vulnerability>
   </plugin>
   <plugin name="reflex-gallery">
     <vulnerability>
       <title>ReFlex Gallery &lt;= 1.4 Shell Upload</title>
       <reference>http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt</reference>
       <type>UPLOAD</type>
-    <vulnerability>
+    </vulnerability>
   </plugin>
   <plugin name="uploader">
     <vulnerability>
       <title>Uploader 1.0.4 Shell Upload</title>
       <reference>http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt</reference>
       <type>UPLOAD</type>
-    <vulnerability>
+    </vulnerability>
   </plugin>
   <plugin name="xerte-online">
     <vulnerability>
       <title>Xerte Online 0.32 Shell Upload</title>
       <reference>http://packetstormsecurity.com/files/119220/wpxerteonline-shell.txt</reference>
       <type>UPLOAD</type>
-    <vulnerability>
+    </vulnerability>
   </plugin>
   <plugin name="advanced-custom-fields">
     <vulnerability>
       <title>Advanced Custom Fields &lt;= 3.5.1 Remote File Inclusion</title>
       <reference>http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt</reference>
       <type>RFI</type>
-    <vulnerability>
+    </vulnerability>
   </plugin>
   <plugin name="sitepress-multilingual-cms">
     <vulnerability>
       <title>Wordpress sitepress-multilingual-cms Full Path Disclosure</title>
       <reference>http://1337day.com/exploit/20067</reference>
       <type>FPD</type>
-    <vulnerability>
+    </vulnerability>
   </plugin>
   <plugin name="asset-manager">
     <vulnerability>
       <title>WordPress plugin Asset manager upload.php Arbitrary Code Execution</title>
       <reference>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</reference>
       <type>UPLOAD</type>
-    <vulnerability>
+    </vulnerability>
   </plugin>
   <plugin name="apptha-banner">
     <vulnerability>