From 3a53936a882fc3af1dfa74269b1eb9aa8f979c46 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Fri, 2 Aug 2013 16:10:17 +0200
Subject: [PATCH] Aded WP vuln: 3.4 - 3.5.1 wp-admin/users.php FPD

---
 data/wp_vulns.xml | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index e25f10c6..b72ab01e 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -13,6 +13,13 @@
   </wordpress>
 
   <wordpress version="3.5.1">
+    <vulnerability>
+      <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
+      <reference>http://osvdb.org/95060</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/Jul/70</reference>
+      <type>FPD</type>
+      <fixed_in>3.5.2</fidex_in>
+    </vulnerability>
     <vulnerability>
       <title>CVE-2013-2173: WordPress 3.4-3.5.1 DoS in class-phpass.php</title>
       <reference>http://seclists.org/fulldisclosure/2013/Jun/65</reference>
@@ -34,7 +41,7 @@
       <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
-      <title> WordPress File Upload Unspecified Path Disclosure</title>
+      <title>WordPress File Upload Unspecified Path Disclosure</title>
       <reference>http://osvdb.org/94788</reference>
       <type>UNKNOWN</type>
     </vulnerability>
@@ -56,6 +63,13 @@
   </wordpress>
 
   <wordpress version="3.5">
+    <vulnerability>
+      <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
+      <reference>http://osvdb.org/95060</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/Jul/70</reference>
+      <type>FPD</type>
+      <fixed_in>3.5.2</fidex_in>
+    </vulnerability>
     <vulnerability>
       <title>CVE-2013-2173: WordPress 3.4-3.5.1 DoS in class-phpass.php</title>
       <reference>http://seclists.org/fulldisclosure/2013/Jun/65</reference>
@@ -81,6 +95,13 @@
   </wordpress>
 
   <wordpress version="3.4.2">
+    <vulnerability>
+      <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
+      <reference>http://osvdb.org/95060</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/Jul/70</reference>
+      <type>FPD</type>
+      <fixed_in>3.5.2</fidex_in>
+    </vulnerability>
     <vulnerability>
       <title>CVE-2013-2173: WordPress 3.4-3.5.1 DoS in class-phpass.php</title>
       <reference>http://seclists.org/fulldisclosure/2013/Jun/65</reference>
@@ -111,6 +132,13 @@
   </wordpress>
 
   <wordpress version="3.4.1">
+    <vulnerability>
+      <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
+      <reference>http://osvdb.org/95060</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/Jul/70</reference>
+      <type>FPD</type>
+      <fixed_in>3.5.2</fidex_in>
+    </vulnerability>
     <vulnerability>
       <title>CVE-2013-2173: WordPress 3.4-3.5.1 DoS in class-phpass.php</title>
       <reference>http://seclists.org/fulldisclosure/2013/Jun/65</reference>
@@ -136,6 +164,13 @@
   </wordpress>
 
   <wordpress version="3.4">
+    <vulnerability>
+      <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
+      <reference>http://osvdb.org/95060</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/Jul/70</reference>
+      <type>FPD</type>
+      <fixed_in>3.5.2</fidex_in>
+    </vulnerability>
     <vulnerability>
       <title>CVE-2013-2173: WordPress 3.4-3.5.1 DoS in class-phpass.php</title>
       <reference>http://seclists.org/fulldisclosure/2013/Jun/65</reference>