From 3d8f3df8f1950ae36a692bbdb0e9e997916255e6 Mon Sep 17 00:00:00 2001
From: Peter <vanderlaan.pm@gmail.com>
Date: Thu, 10 Apr 2014 08:40:48 +0200
Subject: [PATCH] Update CVE-2014-0165 and CVE-2014-0166 (Ref #448)

---
 data/wp_vulns.xml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index f0edd3c5..f72aef54 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -14,18 +14,22 @@
     <vulnerability>
       <title>Potential Authentication Cookie Forgery</title>
       <references>
+        <osvdb>105620</osvdb>
         <url>https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be</url>
         <cve>2014-0166</cve>
       </references>
       <type>AUTHBYPASS</type>
+      <fixed_in>3.8.2</fixed_in>
     </vulnerability>
     <vulnerability>
       <title>Privilege escalation: contributors publishing posts</title>
       <references>
+        <osvdb>105630</osvdb>
         <url>https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165</url>
         <cve>2014-0165</cve>
       </references>
       <type>BYPASS</type>
+      <fixed_in>3.8.2</fixed_in>
     </vulnerability>
   </wordpress>
 
@@ -41,6 +45,26 @@
   </wordpress>
 
   <wordpress version="3.7.1">
+    <vulnerability>
+      <title>Potential Authentication Cookie Forgery</title>
+      <references>
+        <osvdb>105620</osvdb>
+        <url>https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be</url>
+        <cve>2014-0166</cve>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>3.7.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Privilege escalation: contributors publishing posts</title>
+      <references>
+        <osvdb>105630</osvdb>
+        <url>https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165</url>
+        <cve>2014-0165</cve>
+      </references>
+      <type>BYPASS</type>
+      <fixed_in>3.7.2</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>wp-admin/options-writing.php Cleartext Admin Credentials Disclosure</title>
       <references>