diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
deleted file mode 100644
index 3712d83a..00000000
--- a/data/plugin_vulns.xml
+++ /dev/null
@@ -1,13608 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                 xsi:noNamespaceSchemaLocation="vuln.xsd">
-
-  <plugin name="theme-my-login">
-    <vulnerability>
-      <title>Theme My Login 6.3.9 - Local File Inclusion</title>
-      <references>
-        <osvdb>108517</osvdb>
-        <url>http://packetstormsecurity.com/files/127302/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Jun/172</url>
-        <url>http://www.securityfocus.com/bid/68254</url>
-        <url>https://security.dxw.com/advisories/lfi-in-theme-my-login/</url>
-      </references>
-      <type>LFI</type>
-      <fixed_in>6.3.10</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="login-rebuilder">
-    <vulnerability>
-      <title>Login Rebuilder &lt; 1.2.0 - Cross Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>108364</osvdb>
-        <cve>2014-3882</cve>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.2.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-share-buttons-adder">
-    <vulnerability>
-      <title>Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF</title>
-      <references>
-        <osvdb>108444</osvdb>
-        <cve>2014-4717</cve>
-        <exploitdb>33896</exploitdb>
-        <url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/</url>
-        <url>http://packetstormsecurity.com/files/127238/</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>4.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Simple Share Buttons Adder 4.4 - options-general.php ssba_share_text Parameter Stored XSS Weakness</title>
-      <references>
-        <osvdb>108445</osvdb>
-        <exploitdb>33896</exploitdb>
-        <url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/</url>
-        <url>http://packetstormsecurity.com/files/127238/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="content-slide">
-    <vulnerability>
-      <title>Content Slide &lt;= 1.4.2 - Cross Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>93871</osvdb>
-        <cve>2013-2708</cve>
-        <secunia>52949</secunia>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-cron-dashboard">
-    <vulnerability>
-      <title>WP Cron DashBoard &lt;= 1.1.5 - wp-cron-dashboard.php procname Parameter Reflected XSS</title>
-      <references>
-        <osvdb>100660</osvdb>
-        <cve>2013-6991</cve>
-        <url>http://packetstormsecurity.com/files/124602/</url>
-        <url>https://www.htbridge.com/advisory/HTB23189</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordpress-simple-paypal-shopping-cart">
-    <vulnerability>
-      <title>Simple Paypal Shopping Cart 3.5 - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>93953</osvdb>
-        <cve>2013-2705</cve>
-        <secunia>52963</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>3.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-sendsms">
-    <vulnerability>
-      <title>WP-SendSMS 1.0 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>94209</osvdb>
-        <secunia>53796</secunia>
-        <exploitdb>26124</exploitdb>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-SendSMS 1.0 - wp-admin/admin.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>94210</osvdb>
-        <exploitdb>26124</exploitdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mail-subscribe-list">
-    <vulnerability>
-      <title>Mail Subscribe List - Script Insertion Vulnerability</title>
-      <references>
-        <secunia>53732</secunia>
-        <osvdb>94197</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="s3-video">
-    <vulnerability>
-      <title>S3 Video &lt;= 0.97 - VideoJS Cross Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53437</secunia>
-        <url>http://seclists.org/fulldisclosure/2013/May/66</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.98</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>S3 Video 0.982 - preview_video.php base Parameter XSS</title>
-      <references>
-        <osvdb>101388</osvdb>
-        <secunia>56167</secunia>
-        <cve>2013-7279</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.983</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="video-embed-thumbnail-generator">
-    <vulnerability>
-      <title>VideoJS Cross - Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53426</secunia>
-        <url>http://seclists.org/fulldisclosure/2013/May/66</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="1player">
-    <vulnerability>
-      <title>VideoJS Cross - Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53445</secunia>
-        <url>http://seclists.org/fulldisclosure/2013/May/66</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="external-video-for-everybody">
-    <vulnerability>
-      <title>VideoJS Cross - Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53396</secunia>
-        <url>http://seclists.org/fulldisclosure/2013/May/66</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="EasySqueezePage">
-    <vulnerability>
-      <title>VideoJS Cross - Site Scripting Vulnerability</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2013/May/66</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="crayon-syntax-highlighter">
-    <vulnerability>
-      <title>Crayon Syntax Highlighter - Remote File Inclusion Vulnerability</title>
-      <references>
-        <secunia>50804</secunia>
-        <url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/</url>
-      </references>
-      <type>RFI</type>
-      <fixed_in>1.13</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ungallery">
-    <vulnerability>
-      <title>UnGallery &lt;= 1.5.8 - Local File Disclosure Vulnerability</title>
-      <references>
-        <exploitdb>17704</exploitdb>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>UnGallery - Arbitrary Command Execution</title>
-      <references>
-        <secunia>50875</secunia>
-        <url>http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/</url>
-      </references>
-      <type>RCE</type>
-      <fixed_in>2.1.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="thanks-you-counter-button">
-    <vulnerability>
-      <title>Thank You Counter Button 1.8.7 - wp-admin/options.php Multiple Parameter Stored XSS</title>
-      <references>
-        <osvdb>103778</osvdb>
-        <url>http://packetstormsecurity.com/files/125397/</url>
-        <url>http://www.securityfocus.com/bid/65805</url>
-        <cve>2014-2315</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Thank You Counter Button &lt;= 1.8.2 - XSS</title>
-      <references>
-        <secunia>50977</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.8.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bookings">
-    <vulnerability>
-      <title>Bookings &lt;= 1.8.2 - controlpanel.php error Parameter XSS</title>
-      <references>
-        <osvdb>86613</osvdb>
-        <secunia>50975</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.8.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cimy-user-manager">
-    <vulnerability>
-      <title>Cimy User Manager &lt;= 1.4.2 - Arbitrary File Disclosure</title>
-      <references>
-        <secunia>50834</secunia>
-        <url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.4.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fs-real-estate-plugin">
-    <vulnerability>
-      <title>FireStorm Professional Real Estate 2.06.01 - xml/marker_listings.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>86686</osvdb>
-        <secunia>51107</secunia>
-        <exploitdb>22071</exploitdb>
-        <url>http://packetstormsecurity.com/files/118232/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80261</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.06.04</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>FireStorm Professional Real Estate - Multiple SQL Injection</title>
-      <references>
-        <secunia>50873</secunia>
-        <url>http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.06.03</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp125">
-    <vulnerability>
-      <title>WP125 &lt;= 1.4.4 - Multiple XSS</title>
-      <references>
-        <secunia>50976</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP125 &lt;= 1.4.9 - CSRF</title>
-      <references>
-        <osvdb>92113</osvdb>
-        <cve>2013-2700</cve>
-        <secunia>52876</secunia>
-        <url>http://www.securityfocus.com/bid/58934</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.5.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="all-video-gallery">
-    <vulnerability>
-      <title>All Video Gallery - Multiple SQL Injection Vulnerabilities</title>
-      <references>
-        <secunia>50874</secunia>
-        <exploitdb>22427</exploitdb>
-        <url>http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="buddystream">
-    <vulnerability>
-      <title>BuddyStream - XSS</title>
-      <references>
-        <secunia>50972</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="post-views">
-    <vulnerability>
-      <title>Post views 2.6.1 - wp-content/plugins/post-views/post-views.php search_input Parameter XSS</title>
-      <references>
-        <osvdb>87349</osvdb>
-        <secunia>50982</secunia>
-        <url>http://www.securityfocus.com/bid/56555</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80076</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="floating-social-media-links">
-    <vulnerability>
-      <title>Floating Social Media Links &lt;= 1.4.2 - fsml-admin.js.php wpp Parameter Remote File Inclusion</title>
-      <references>
-        <osvdb>88383</osvdb>
-        <secunia>51346</secunia>
-        <url>http://www.securityfocus.com/bid/56913</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80641</url>
-        <url>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/</url>
-      </references>
-      <type>RFI</type>
-      <fixed_in>1.4.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Floating Social Media Links &lt;= 1.4.2 - fsml-hideshow.js.php wpp Parameter Remote File Inclusion</title>
-      <references>
-        <osvdb>88385</osvdb>
-        <secunia>51346</secunia>
-        <url>http://www.securityfocus.com/bid/56913</url>
-        <url>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/</url>
-      </references>
-      <type>RFI</type>
-      <fixed_in>1.4.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="zingiri-forum">
-    <vulnerability>
-      <title>Zingiri Forum 1.4.2 - forum.php zing_forum_output Function url Parameter XSS</title>
-      <references>
-        <osvdb>89069</osvdb>
-        <cve>2012-4920</cve>
-        <secunia>50833</secunia>
-        <url>http://www.securityfocus.com/bid/57224</url>
-        <url>http://xforce.iss.net/xforce/xfdb/81156</url>
-        <url>http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="google-document-embedder">
-    <vulnerability>
-      <title>Google Document Embedder - Arbitrary File Disclosure</title>
-      <references>
-        <cve>2012-4915</cve>
-        <exploitdb>23970</exploitdb>
-        <secunia>50832</secunia>
-        <url>http://www.securityfocus.com/bid/57133</url>
-        <url>http://packetstormsecurity.com/files/119329/</url>
-        <url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</url>
-        <metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="extended-user-profile">
-    <vulnerability>
-      <title>extended-user-profile - Full Path Disclosure vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20118</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="superslider-show">
-    <vulnerability>
-      <title>superslider-show - Full Path Disclosure vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20117</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordpress-multibox-plugin">
-    <vulnerability>
-      <title>multibox - Full Path Disclosure vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20119</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="openinviter-for-wordpress">
-    <vulnerability>
-      <title>OpenInviter - Information Disclosure</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119265/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp_rokbox">
-    <vulnerability>
-      <title>RokBox - Multiple Vulnerabilities</title>
-      <references>
-        <url>http://1337day.com/exploit/19981</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>RokBox &lt;= 2.13 - thumb.php src Parameter Malformed Input Path Disclosure</title>
-      <references>
-        <osvdb>88604</osvdb>
-        <url>http://packetstormsecurity.com/files/118884/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80732</url>
-        <url>http://www.securityfocus.com/bid/56953</url>
-        <url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>RokBox &lt;= 2.13 - thumb.php src Parameter XSS</title>
-      <references>
-        <osvdb>88605</osvdb>
-        <url>http://packetstormsecurity.com/files/118884/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80731</url>
-        <url>http://www.securityfocus.com/bid/56953</url>
-        <url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>RokBox &lt;= 2.13 - rokbox.php Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>88606</osvdb>
-        <url>http://packetstormsecurity.com/files/118884/</url>
-        <url>http://www.securityfocus.com/bid/56953</url>
-        <url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>RokBox &lt;= 2.13 - error_log Direct Request Error Log Information Disclosure</title>
-      <references>
-        <osvdb>88607</osvdb>
-        <url>http://packetstormsecurity.com/files/118884/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80761</url>
-        <url>http://www.securityfocus.com/bid/56953</url>
-        <url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>RokBox &lt;= 2.13 - jwplayer/jwplayer.swf abouttext Parameter XSS</title>
-      <references>
-        <osvdb>88608</osvdb>
-        <url>http://packetstormsecurity.com/files/118884/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80731</url>
-        <url>http://www.securityfocus.com/bid/56953</url>
-        <url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>RokBox &lt;= 2.13 - thumb.php src Parameter Arbitrary File Upload</title>
-      <references>
-        <osvdb>88609</osvdb>
-        <url>http://packetstormsecurity.com/files/118884/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80733</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80739</url>
-        <url>http://www.securityfocus.com/bid/56953</url>
-        <url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp_rokintroscroller">
-    <vulnerability>
-      <title>RokIntroScroller &lt;= 1.8 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
-      <references>
-        <osvdb>97418</osvdb>
-        <secunia>54801</secunia>
-        <url>http://packetstormsecurity.com/files/123302/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Sep/121</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp_rokmicronews">
-    <vulnerability>
-      <title>RokMicroNews &lt;= 1.5 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
-      <references>
-        <osvdb>97418</osvdb>
-        <secunia>54801</secunia>
-        <url>http://packetstormsecurity.com/files/123312/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Sep/124</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp_roknewspager">
-    <vulnerability>
-      <title>RokNewsPager &lt;= 1.17 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
-      <references>
-        <osvdb>97418</osvdb>
-        <secunia>54801</secunia>
-        <url>http://packetstormsecurity.com/files/123271/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Sep/109</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp_rokstories">
-    <vulnerability>
-      <title>RokStories &lt;= 1.25 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
-      <references>
-        <osvdb>97418</osvdb>
-        <secunia>54801</secunia>
-        <url>http://packetstormsecurity.com/files/123270/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Sep/108</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="grou-random-image-widget">
-    <vulnerability>
-      <title>grou-random-image-widget - Full Path Disclosure</title>
-      <references>
-        <url>http://1337day.com/exploit/20047</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sintic_gallery">
-    <vulnerability>
-      <title>sintic_gallery - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/19993</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>sintic_gallery - Path Disclosure Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20020</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-useronline">
-    <vulnerability>
-      <title>WP-UserOnline - Full Path Disclosure</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2010/Jul/8</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wp-UserOnline &lt;= 0.62 - Persistent XSS</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2010/Jul/8</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="levelfourstorefront">
-    <vulnerability>
-      <title>Shopping Cart 8.1.14 - Shell Upload, SQL Injection</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119217/</url>
-        <secunia>51690</secunia>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>8.1.15</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Level Four Storefront - levelfourstorefront/getsortmanufacturers.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>91680</osvdb>
-        <url>http://packetstormsecurity.com/files/120950/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="reflex-gallery">
-    <vulnerability>
-      <title>ReFlex Gallery 1.4.2 - Unspecified XSS</title>
-      <references>
-        <osvdb>102585</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>88869</osvdb>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>ReFlex Gallery 1.3 - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119218/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="uploader">
-    <vulnerability>
-      <title>Uploader 1.0.4 - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119219/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Uploader 1.0.4 - notify.php blog Parameter XSS</title>
-      <references>
-        <osvdb>90840</osvdb>
-        <cve>2013-2287</cve>
-        <secunia>52465</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="xerte-online">
-    <vulnerability>
-      <title>Xerte Online 0.32 - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119220/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="advanced-custom-fields">
-    <vulnerability>
-      <title>Advanced Custom Fields &lt;= 3.5.1 - Remote File Inclusion</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119221/</url>
-        <secunia>51037</secunia>
-        <exploitdb>23856</exploitdb>
-        <osvdb>87353</osvdb>
-        <metasploit>exploit/unix/webapp/wp_advanced_custom_fields_exec</metasploit>
-      </references>
-      <type>RFI</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sitepress-multilingual-cms">
-    <vulnerability>
-      <title>sitepress-multilingual-cms - Full Path Disclosure</title>
-      <references>
-        <url>http://1337day.com/exploit/20067</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="asset-manager">
-    <vulnerability>
-      <title>Asset Manager 0.2 - Arbitrary File Upload</title>
-      <references>
-        <osvdb>82653</osvdb>
-        <exploitdb>18993</exploitdb>
-        <exploitdb>23652</exploitdb>
-        <secunia>49378</secunia>
-        <url>http://www.securityfocus.com/bid/53809</url>
-        <url>http://packetstormsecurity.com/files/119133/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Asset Manager - upload.php Arbitrary Code Execution</title>
-      <references>
-        <osvdb>82653</osvdb>
-        <url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</url>
-        <url>http://packetstormsecurity.com/files/113285/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80823</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="apptha-banner">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="apptha-slider-gallery">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="blaze-slide-show-for-wordpress">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Blaze Slideshow 2.1 - Unspecified Security Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/52677</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="comment-extra-field">
-    <vulnerability>
-      <title>Comment Extra Field 1.7 - CSRF / XSS</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/122625/</url>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fluid-accessible-rich-inline-edit">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fluid-accessible-pager">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fluid-accessible-uploader">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fluid-accessible-ui-options">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fresh-page">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="pdw-file-browser">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>PDW File Browser - upload.php Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/53895</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="power-zoomer">
-    <vulnerability>
-      <title>powerzoomer - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20253</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="slide-show-pro">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="smart-slide-show">
-    <vulnerability>
-      <title>Smart Slideshow - upload.php Multiple File Extension Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>87373</osvdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="spotlightyour">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sprapid">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ultimate-tinymce">
-    <vulnerability>
-      <title>TinyMCE 3.5 - swfupload Cross-Site Scripting Vulnerability</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-        <secunia>51224</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-3dbanner-rotator">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-3dflick-slideshow">
-    <vulnerability>
-      <title>wp-3dflick-slideshow - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20255</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-bliss-gallery">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-carouselslideshow">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-        <secunia>51250</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Carousel Slideshow - Unspecified Vulnerabilities</title>
-      <references>
-        <secunia>50377</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.10</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-dreamworkgallery">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-ecommerce-cvs-importer">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-extended">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-flipslideshow">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-homepage-slideshow">
-    <vulnerability>
-      <title>wp-homepage-slideshow - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20260</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-image-news-slider">
-    <vulnerability>
-      <title>Image News Slider 3.3 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <osvdb>87375</osvdb>
-        <url>http://1337day.com/exploit/20259</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Image News Slider 3.3 - Unspecified Vulnerabilities</title>
-      <references>
-        <osvdb>84935</osvdb>
-        <secunia>50390</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Image News Slider 3.2 - Multiple Unspecified Remote Issues</title>
-      <references>
-        <osvdb>81314</osvdb>
-        <cve>2012-4327</cve>
-        <secunia>48747</secunia>
-        <url>http://www.securityfocus.com/bid/52977</url>
-        <url>http://xforce.iss.net/xforce/xfdb/74788</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Image News Slider 3.1 - Multiple Unspecified Remote Issues</title>
-      <references>
-        <osvdb>80310</osvdb>
-        <secunia>48538</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-image-resizer">
-    <vulnerability>
-      <title>Image Resizer - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/123651/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-levoslideshow">
-    <vulnerability>
-      <title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20250</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-matrix-gallery">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-powerplaygallery">
-    <vulnerability>
-      <title>wp-powerplaygallery - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20252</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-royal-gallery">
-    <vulnerability>
-      <title>wp-royal-gallery - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20261</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-superb-slideshow">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp superb Slideshow - Full Path Disclosure</title>
-      <references>
-        <url>http://1337day.com/exploit/19979</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-vertical-gallery">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-yasslideshow">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cardoza-ajax-search">
-    <vulnerability>
-      <title>Ajax - Post Search Sql Injection</title>
-      <references>
-        <url>http://seclists.org/bugtraq/2012/Nov/33</url>
-        <secunia>51205</secunia>
-        <url>http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="answer-my-question">
-    <vulnerability>
-      <title>Answer My Question 1.1 - record_question.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>85567</osvdb>
-        <secunia>50655</secunia>
-        <url>http://www.securityfocus.com/archive/1/524625/30/0/threaded</url>
-        <url>http://seclists.org/bugtraq/2012/Nov/24</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="catalog">
-    <vulnerability>
-      <title>Spider Catalog - HTML Code Injection and Cross-site scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/117820/</url>
-        <secunia>51143</secunia>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/60079</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog 1.4.6 - Multiple Shortcode id Parameter SQL Injection</title>
-      <references>
-        <osvdb>93589</osvdb>
-        <exploitdb>25724</exploitdb>
-        <secunia>53491</secunia>
-        <url>http://seclists.org/bugtraq/2013/May/79</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog 1.4.6 - catalog.php catalog_after_search_results Function s Parameter SQL Injection</title>
-      <references>
-        <osvdb>93590</osvdb>
-        <exploitdb>25724</exploitdb>
-        <secunia>53491</secunia>
-        <url>http://seclists.org/bugtraq/2013/May/79</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog 1.4.6 - Categories.php Multiple Function id Parameter SQL Injection</title>
-      <references>
-        <osvdb>93591</osvdb>
-        <exploitdb>25724</exploitdb>
-        <secunia>53491</secunia>
-        <url>http://seclists.org/bugtraq/2013/May/79</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog 1.4.6 - products.php Multiple Function Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>93592</osvdb>
-        <exploitdb>25724</exploitdb>
-        <secunia>53491</secunia>
-        <url>http://seclists.org/bugtraq/2013/May/79</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog 1.4.6 - Category Entry Multiple Field XSS</title>
-      <references>
-        <osvdb>93593</osvdb>
-        <exploitdb>25723</exploitdb>
-        <secunia>53491</secunia>
-        <url>http://seclists.org/bugtraq/2013/May/79</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog 1.4.6 - Categories.html.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>93594</osvdb>
-        <exploitdb>25724</exploitdb>
-        <secunia>53491</secunia>
-        <url>http://seclists.org/bugtraq/2013/May/79</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog 1.4.6 - Products.html.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>93595</osvdb>
-        <exploitdb>25724</exploitdb>
-        <secunia>53491</secunia>
-        <url>http://seclists.org/bugtraq/2013/May/79</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog 1.4.6 - spiderBox/spiderBox.js.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>93596</osvdb>
-        <exploitdb>25724</exploitdb>
-        <secunia>53491</secunia>
-        <url>http://seclists.org/bugtraq/2013/May/79</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog 1.4.6 - catalog.php spider_box_js_php Function Multiple Parameter XSS</title>
-      <references>
-        <osvdb>93597</osvdb>
-        <exploitdb>25724</exploitdb>
-        <secunia>53491</secunia>
-        <url>http://seclists.org/bugtraq/2013/May/79</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Catalog 1.4.6 - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>93598</osvdb>
-        <exploitdb>25724</exploitdb>
-        <secunia>53491</secunia>
-        <url>http://seclists.org/bugtraq/2013/May/79</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordfence">
-    <vulnerability>
-      <title>Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS</title>
-      <references>
-        <osvdb>102445</osvdb>
-        <secunia>56558</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.8.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordfence 3.8.1 - lib/wordfenceClass.php isStrongPasswd Function Password Creation Restriction Bypass Weakness</title>
-      <references>
-        <osvdb>102478</osvdb>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.8.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS</title>
-      <references>
-        <osvdb>97884</osvdb>
-        <url>http://packetstormsecurity.com/files/122993/</url>
-        <url>http://www.securityfocus.com/bid/62053</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.8.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordfence 3.3.5 - XSS and IAA</title>
-      <references>
-        <osvdb>86557</osvdb>
-        <secunia>51055</secunia>
-        <url>http://seclists.org/fulldisclosure/2012/Oct/139</url>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="slideshow-jquery-image-gallery">
-    <vulnerability>
-      <title>Slideshow jQuery Image Gallery - Multiple Vulnerabilities</title>
-      <references>
-        <url>http://www.waraxe.us/advisory-92.html</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Slideshow - Multiple Script Insertion Vulnerabilities</title>
-      <references>
-        <secunia>51135</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="social-discussions">
-    <vulnerability>
-      <title>Social Discussions 6.1.1 - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>86730</osvdb>
-        <exploitdb>22158</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79465</url>
-        <url>http://www.waraxe.us/advisory-93.html</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Social Discussions 6.1.1 - social-discussions-networkpub_ajax.php HTTP_ENV_VARS Parameter Remote File Inclusion</title>
-      <references>
-        <osvdb>86731</osvdb>
-        <exploitdb>22158</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79464</url>
-        <url>http://www.waraxe.us/advisory-93.html</url>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="abtest">
-    <vulnerability>
-      <title>ABtest - Directory Traversal</title>
-      <references>
-        <url>http://scott-herbert.com/?p=140</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bbpress">
-    <vulnerability>
-      <title>BBPress - Multiple Script Malformed Input Path Disclosure</title>
-      <references>
-        <osvdb>86399</osvdb>
-        <exploitdb>22396</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/78244</url>
-        <url>http://packetstormsecurity.com/files/116123/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>BBPress - forum.php page Parameter SQL Injection</title>
-      <references>
-        <osvdb>86400</osvdb>
-        <exploitdb>22396</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/78244</url>
-        <url>http://packetstormsecurity.com/files/116123/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="nextgen_cu3er_gallery">
-    <vulnerability>
-      <title>NextGen Cu3er Gallery - Information Disclosure</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/116150/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="rich-widget">
-    <vulnerability>
-      <title>Rich Widget - File Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/115787/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="monsters-editor-10-for-wp-super-edit">
-    <vulnerability>
-      <title>Monsters Editor - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/115788/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="quick-post-widget">
-    <vulnerability>
-      <title>Quick Post Widget 1.9.1 - Multiple Cross-site scripting vulnerabilities</title>
-      <references>
-        <cve>2012-4226</cve>
-        <osvdb>83640</osvdb>
-        <url>http://www.darksecurity.de/advisories/2012/SSCHADV2012-016.txt</url>
-        <url>http://seclists.org/bugtraq/2012/Aug/66</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="threewp-email-reflector">
-    <vulnerability>
-      <title>ThreeWP Email Reflector 1.13 - Subject Field XSS</title>
-      <references>
-        <cve>2012-2572</cve>
-        <osvdb>85134</osvdb>
-        <exploitdb>20365</exploitdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.16</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-simplemail">
-    <vulnerability>
-      <title>SimpleMail 1.0.6 - Stored XSS</title>
-      <references>
-        <osvdb>84534</osvdb>
-        <cve>2012-2579</cve>
-        <exploitdb>20361</exploitdb>
-        <secunia>50208</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="postie">
-    <vulnerability>
-      <title>Postie 1.4.3 - Stored XSS</title>
-      <references>
-        <osvdb>84532</osvdb>
-        <cve>2012-2580</cve>
-        <exploitdb>20360</exploitdb>
-        <secunia>50207</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5.15</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="rsvpmaker">
-    <vulnerability>
-      <title>RSVPMaker 2.5.4 - index.php RSVP Form Multiple Field XSS</title>
-      <references>
-        <osvdb>84749</osvdb>
-        <secunia>50289</secunia>
-        <exploitdb>20474</exploitdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.5.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mz-jajak">
-    <vulnerability>
-      <title>Mz-jajak &lt;= 2.1 - index.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>84698</osvdb>
-        <secunia>50217</secunia>
-        <exploitdb>20416</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="resume-submissions-job-postings">
-    <vulnerability>
-      <title>Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload</title>
-      <references>
-        <osvdb>83807</osvdb>
-        <secunia>49896</secunia>
-        <exploitdb>19791</exploitdb>
-        <url>http://packetstormsecurity.com/files/114716/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-predict">
-    <vulnerability>
-      <title>WP-Predict 1.0 - Blind SQL Injection</title>
-      <references>
-        <osvdb>83697</osvdb>
-        <secunia>49843</secunia>
-        <exploitdb>19715</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="backup">
-    <vulnerability>
-      <title>Backup 2.0.1 - Information Disclosure</title>
-      <references>
-        <osvdb>83701</osvdb>
-        <secunia>50038</secunia>
-        <exploitdb>19524</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="moodthingy-mood-rating-widget">
-    <vulnerability>
-      <title>MoodThingy Widget 0.8.7 - admin-ajax.php Multiple Parameter lydl_store_results Function SQL Injection</title>
-      <references>
-        <osvdb>83632</osvdb>
-        <secunia>49805</secunia>
-        <exploitdb>19572</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="paid-business-listings">
-    <vulnerability>
-      <title>Paid Business Listings 1.0.2 - Form Submission pbl_listing_pkg_id Parameter SQL Injection</title>
-      <references>
-        <osvdb>83768</osvdb>
-        <exploitdb>19481</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="website-faq">
-    <vulnerability>
-      <title>Website FAQ 1.0 - wp-admin/admin-ajax.php category Parameter SQL injection</title>
-      <references>
-        <osvdb>83265</osvdb>
-        <secunia>49682</secunia>
-        <exploitdb>19400</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="radykal-fancy-gallery">
-    <vulnerability>
-      <title>Fancy Gallery 1.2.4 - Shell Upload</title>
-      <references>
-        <osvdb>83410</osvdb>
-        <exploitdb>19398</exploitdb>
-        <url>http://packetstormsecurity.com/files/114114/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="flipbook">
-    <vulnerability>
-      <title>Flip Book 1.0 - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/114112/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ajax_multi_upload">
-    <vulnerability>
-      <title>Ajax Multi Upload 1.1 - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/114109/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="schreikasten">
-    <vulnerability>
-      <title>Schreikasten 0.14.13 - wp-admin/admin-ajax.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>83152</osvdb>
-        <secunia>49600</secunia>
-        <exploitdb>19294</exploitdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-automatic">
-    <vulnerability>
-      <title>Automatic 2.0.3 - csv.php q Parameter SQL Injection</title>
-      <references>
-        <osvdb>82971</osvdb>
-        <secunia>49573</secunia>
-        <exploitdb>19187</exploitdb>
-        <url>http://packetstormsecurity.com/files/113763/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.0.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="videowhisper-video-conference-integration">
-    <vulnerability>
-      <title>VideoWhisper Video Conference 4.51 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/113580/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Video Whisper - XSS</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/122943/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="videowhisper-live-streaming-integration">
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.29.6 - videowhisper_streaming.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>103871</osvdb>
-        <url>http://packetstormsecurity.com/files/125430/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - ls/vc_chatlog.php msg Parameter Stored XSS</title>
-      <references>
-        <osvdb>103821</osvdb>
-        <cve>2014-1906</cve>
-        <url>https://www.htbridge.com/advisory/HTB23199</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - ls/v_status.php ct Parameter Reflected XSS</title>
-      <references>
-        <osvdb>103820</osvdb>
-        <cve>2014-1906</cve>
-        <url>https://www.htbridge.com/advisory/HTB23199</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - ls/lb_logout.php message Parameter Reflected XSS</title>
-      <references>
-        <osvdb>103819</osvdb>
-        <cve>2014-1906</cve>
-        <url>https://www.htbridge.com/advisory/HTB23199</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - ls/videotext.php n Parameter Reflected XSS</title>
-      <references>
-        <osvdb>103818</osvdb>
-        <cve>2014-1906</cve>
-        <url>https://www.htbridge.com/advisory/HTB23199</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - ls/video.php n Parameter Reflected XSS</title>
-      <references>
-        <osvdb>103817</osvdb>
-        <cve>2014-1906</cve>
-        <url>https://www.htbridge.com/advisory/HTB23199</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - ls/htmlchat.php n Parameter Reflected XSS</title>
-      <references>
-        <osvdb>103816</osvdb>
-        <cve>2014-1906</cve>
-        <url>https://www.htbridge.com/advisory/HTB23199</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - ls/rtmp_logout.php s Parameter Path Traversal Remote File Deletion</title>
-      <references>
-        <osvdb>103815</osvdb>
-        <cve>2014-1907</cve>
-        <url>http://packetstormsecurity.com/files/125454/</url>
-        <url>https://www.htbridge.com/advisory/HTB23199</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - ls/channel.php n Parameter Reflected XSS</title>
-      <references>
-        <osvdb>103814</osvdb>
-        <cve>2014-1906</cve>
-        <url>https://www.htbridge.com/advisory/HTB23199</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - Error Message Unspecified Remote Information Disclosure</title>
-      <references>
-        <osvdb>103428</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - Unspecified Path Traversal</title>
-      <references>
-        <osvdb>103427</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - Unspecified XSS</title>
-      <references>
-        <osvdb>103426</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration 4.27.3 - Unspecified File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>103425</osvdb>
-      </references>
-      <type>RCE</type>
-      <fixed_in>4.29.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-     <title>VideoWhisper Live Streaming Integration &lt; 4.27.2 - XSS vulnerability in ls/vv_login.php via room_name parameter</title>
-      <references>
-        <cve>2014-4569</cve>
-        <url>http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Live Streaming Integration - ls/htmlchat.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>96593</osvdb>
-        <cve>2013-5714</cve>
-        <secunia>54619</secunia>
-        <url>http://www.securityfocus.com/bid/61977</url>
-        <url>http://seclists.org/bugtraq/2013/Aug/163</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="auctionPlugin">
-    <vulnerability>
-      <title>Sitemile Auctions 2.0.1.3 - wp-content/plugins/auctionPlugin/upload.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>83075</osvdb>
-        <secunia>49497</secunia>
-        <url>http://packetstormsecurity.com/files/113568/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="lb-mixed-slideshow">
-    <vulnerability>
-      <title>LB Mixed Slideshow 1.0 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/113844/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="lim4wp">
-    <vulnerability>
-      <title>Lim4wp 1.1.1 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/113846/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-imagezoom">
-    <vulnerability>
-      <title>Wp-ImageZoom 1.0.3 - download.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>83015</osvdb>
-        <secunia>49612</secunia>
-        <url>http://www.opensyscom.fr/Actualites/wordpress-plugins-wp-imagezoom-remote-file-disclosure-vulnerability.html</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wp-ImageZoom 1.0.3 - Remote File Disclosure</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/113845/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wp-ImageZoom - zoom.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>87870</osvdb>
-        <url>http://www.securityfocus.com/bid/56691</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80285</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="invit0r">
-    <vulnerability>
-      <title>Invit0r 0.22 - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/113639/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="announces">
-    <vulnerability>
-      <title>Annonces 1.2.0.1 - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/113637/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="contus-video-galleryversion-10">
-    <vulnerability>
-      <title>Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/113571/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="contus-hd-flv-player">
-    <vulnerability>
-      <title>Contus HD FLV Player &lt;= 1.3 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17678</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Contus HD FLV Player 1.7 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/113570/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-
-  </plugin>
-
-  <plugin name="user-meta">
-    <vulnerability>
-      <title>User Meta Version 1.1.1 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <exploitdb>19052</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="topquark">
-    <vulnerability>
-      <title>Top Quark Architecture 2.1.0 - lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>82843</osvdb>
-        <secunia>49465</secunia>
-        <exploitdb>19053</exploitdb>
-        <url>http://packetstormsecurity.com/files/113522/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sfbrowser">
-    <vulnerability>
-      <title>SFBrowser 1.4.5 - connectors/php/sfbrowser.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>82845</osvdb>
-        <secunia>49466</secunia>
-        <exploitdb>19054</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="pica-photo-gallery">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Pica Photo Gallery 1.0 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <exploitdb>19055</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>PICA Photo Gallery 1.0 - Remote File Disclosure</title>
-      <references>
-        <exploitdb>19016</exploitdb>
-        <url>http://www.securityfocus.com/bid/53893</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mac-dock-gallery">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Mac Photo Gallery - Two Security Bypass Security Issues</title>
-      <references>
-        <secunia>49923</secunia>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Mac Photo Gallery - Multiple Script Insertion Vulnerabilities</title>
-      <references>
-        <secunia>49836</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Mac Photo Gallery 2.7 - upload-file.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>82844</osvdb>
-        <secunia>49468</secunia>
-        <exploitdb>19056</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="drag-drop-file-uploader">
-    <vulnerability>
-      <title>drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <exploitdb>19057</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="custom-content-type-manager">
-    <vulnerability>
-      <title>Custom Content Type Manager 0.9.5.13pl - upload_form.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>82904</osvdb>
-        <exploitdb>19058</exploitdb>
-        <url>http://packetstormsecurity.com/files/113520/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-gpx-map">
-    <vulnerability>
-      <title>wp-gpx-max version 1.1.21 - Arbitrary File Upload</title>
-      <references>
-        <osvdb>82900</osvdb>
-        <cve>2012-6649</cve>
-        <exploitdb>19050</exploitdb>
-        <url>http://www.securityfocus.com/bid/53909</url>
-        <url>http://packetstormsecurity.org/files/113523/</url>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>1.1.23</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="front-file-manager">
-    <vulnerability>
-      <title>Front File Manager 0.1 - Arbitrary File Upload</title>
-      <references>
-        <exploitdb>19012</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="front-end-upload">
-    <vulnerability>
-      <title>Front End Upload 0.5.3 - Arbitrary File Upload</title>
-      <references>
-        <exploitdb>19008</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Front End Upload 0.5.4 - Arbitrary PHP File Upload</title>
-      <references>
-        <exploitdb>20083</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="omni-secure-files">
-    <vulnerability>
-      <title>Omni Secure Files 0.1.13 - Arbitrary File Upload</title>
-      <references>
-        <exploitdb>19009</exploitdb>
-        <url>http://www.securityfocus.com/bid/53872</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="easy-contact-forms-exporter">
-    <vulnerability>
-      <title>Easy Contact Forms Export 1.1.0 - Information Disclosure Vulnerability</title>
-      <references>
-        <exploitdb>19013</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="plugin-newsletter">
-    <vulnerability>
-      <title>Plugin Newsletter 1.5 - Remote File Disclosure Vulnerability</title>
-      <references>
-        <osvdb>82703</osvdb>
-        <cve>2012-3588</cve>
-        <secunia>49464</secunia>
-        <exploitdb>19018</exploitdb>
-        <url>http://packetstormsecurity.org/files/113413/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="rbxgallery">
-    <vulnerability>
-      <title>RBX Gallery 2.1 - uploader.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>82796</osvdb>
-        <cve>2012-3575</cve>
-        <secunia>49463</secunia>
-        <exploitdb>19019</exploitdb>
-        <url>http://packetstormsecurity.com/files/113414/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/76170</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-download-button-shortcode">
-    <vulnerability>
-      <title>Simple Download Button Shortcode 1.0 - Remote File Disclosure</title>
-      <references>
-        <exploitdb>19020</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="thinkun-remind">
-    <vulnerability>
-      <title>Thinkun Remind 1.1.3 - Remote File Disclosure</title>
-      <references>
-        <exploitdb>19021</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="tinymce-thumbnail-gallery">
-    <vulnerability>
-      <title>Tinymce Thumbnail Gallery 1.0.7 - download-image.php href Parameter Traversal Arbitrary File Access</title>
-      <references>
-        <osvdb>82706</osvdb>
-        <secunia>49460</secunia>
-        <exploitdb>19022</exploitdb>
-        <url>http://packetstormsecurity.org/files/113417/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wpstorecart">
-    <vulnerability>
-      <title>wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload</title>
-      <references>
-        <exploitdb>19023</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="gallery-plugin">
-    <vulnerability>
-      <title>Gallery 3.06 - gallery-plugin/upload/php.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>82661</osvdb>
-        <exploitdb>18998</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Gallery Plugin 3.8.3 - gallery-plugin.php filename_1 Parameter Arbitrary File Access</title>
-      <references>
-        <osvdb>89124</osvdb>
-        <url>http://packetstormsecurity.com/files/119458/</url>
-        <url>http://www.securityfocus.com/bid/57256</url>
-        <url>http://seclists.org/bugtraq/2013/Jan/45</url>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="font-uploader">
-    <vulnerability>
-      <title>Font Uploader 1.2.4 - Arbitrary File Upload</title>
-      <references>
-        <exploitdb>18994</exploitdb>
-        <osvdb>82657</osvdb>
-        <cve>2012-3814</cve>
-        <url>http://www.securityfocus.com/bid/53853</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-property">
-    <vulnerability>
-      <title>WP Property &lt;= 1.38.3.2 - Non-administrative User XMLI Remote Information Disclosure</title>
-      <references>
-        <osvdb>102709</osvdb>
-        </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.38.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Property &lt;= 1.35.0 - Arbitrary File Upload</title>
-      <references>
-        <osvdb>82656</osvdb>
-        <exploitdb>18987</exploitdb>
-        <exploitdb>23651</exploitdb>
-        <secunia>49394</secunia>
-        <url>http://packetstormsecurity.com/files/113274/</url>
-        <metasploit>exploits/unix/webapp/wp_property_upload_exec</metasploit>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wpmarketplace">
-    <vulnerability>
-      <title>WP Marketplace 1.5.0-1.6.1 - Arbitrary File Upload</title>
-      <references>
-        <exploitdb>18988</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Marketplace 1.2.1 - File Enumeration Weakness and File Upload Vulnerabilities</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/52960</url>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>1.2.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="store-locator-le">
-    <vulnerability>
-      <title>Google Maps via Store Locator - Multiple Vulnerabilities</title>
-      <references>
-        <exploitdb>18989</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>store-locator-le - SQL Injection</title>
-      <references>
-        <secunia>51757</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.8.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="html5avmanager">
-    <vulnerability>
-      <title>HTML5 AV Manager 0.2.7 - Arbitrary File Upload</title>
-      <references>
-        <exploitdb>18990</exploitdb>
-        <url>http://www.securityfocus.com/bid/53804</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="foxypress">
-    <vulnerability>
-      <title>Foxypress 0.4.1.1-0.4.2.1 - Arbitrary File Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/113576/</url>
-        <url>http://www.securityfocus.com/bid/53805</url>
-        <exploitdb>18991</exploitdb>
-        <exploitdb>19100</exploitdb>
-        <metasploit>exploits/unix/webapp/php_wordpress_foxypress</metasploit>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - XSS, CSRF, SQL Injection</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/117768/</url>
-        <secunia>51109</secunia>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - documenthandler.php prefix Parameter SQL Injection</title>
-      <references>
-        <osvdb>86804</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79698</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - foxypress-manage-emails.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>86805</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79697</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - inventory-category.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>86806</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79697</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - reports.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>86807</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79699</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - foxypress-affiliate.php aff_id Parameter XSS</title>
-      <references>
-        <osvdb>86808</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79699</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - affiliate-management.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>86809</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79697</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - foxypress-manage-emails.php id Parameter XSS</title>
-      <references>
-        <osvdb>86810</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79699</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - order-management.php status Parameter XSS</title>
-      <references>
-        <osvdb>86811</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79699</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - affiliate-management.php page Parameter XSS</title>
-      <references>
-        <osvdb>86812</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79699</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - foxypress-affiliate.php url Parameter Arbitrary Site Redirect</title>
-      <references>
-        <osvdb>86813</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79700</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - Multiple CSV File Direct Request Information Disclosure</title>
-      <references>
-        <osvdb>86814</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79701</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - ajax.php Access Restriction Multiple Command Execution</title>
-      <references>
-        <osvdb>86815</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79703</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>86816</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79704</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - Multiple Object Deletion CSRF</title>
-      <references>
-        <osvdb>86817</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79702</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>FoxyPress 0.4.2.5 - documenthandler.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>86818</osvdb>
-        <exploitdb>22374</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/79697</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="track-that-stat">
-    <vulnerability>
-      <title>Track That Stat &lt;= 1.0.8 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112722/</url>
-        <url>http://www.securityfocus.com/bid/53551</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-facethumb">
-    <vulnerability>
-      <title>WP-Facethumb Gallery &lt;= 0.1 - Reflected Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112658/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-survey-and-quiz-tool">
-    <vulnerability>
-      <title>Survey And Quiz Tool &lt;= 2.9.2 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112685/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-statistics">
-    <vulnerability>
-      <title>WP Statistics &lt;= 2.2.4 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112686/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-easy-gallery">
-    <vulnerability>
-      <title>WP Easy Gallery &lt;= 2.7 - CSRF</title>
-      <references>
-        <secunia>49190</secunia>
-        <url>https://plugins.trac.wordpress.org/changeset?reponame=&amp;old=669527@wp-easy-gallery&amp;new=669527@wp-easy-gallery</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.7.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Easy Gallery 2.7 - admin/overview.php galleryId Parameter SQL Injection</title>
-      <references>
-        <osvdb>105012</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.7.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Easy Gallery 2.7 - admin/add-images.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>105013</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.7.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Easy Gallery 2.7 - Multiple Admin Function CSRF</title>
-      <references>
-        <osvdb>105014</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.7.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Easy Gallery &lt;= 1.7 - Cross Site Scripting</title>
-      <references>
-        <secunia>49190</secunia>
-        <url>http://packetstormsecurity.com/files/112687/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.7.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="subscribe2">
-    <vulnerability>
-      <title>Subscribe2 &lt;= 8.0 - Cross Site Scripting</title>
-      <references>
-        <secunia>49189</secunia>
-        <url>http://packetstormsecurity.com/files/112688/</url>
-        <url>http://www.securityfocus.com/bid/53538</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>8.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="soundcloud-is-gold">
-    <vulnerability>
-      <title>Soundcloud Is Gold &lt;= 2.1 - 'action' Parameter Cross Site Scripting Vulnerability</title>
-      <references>
-        <secunia>49188</secunia>
-        <url>http://packetstormsecurity.com/files/112689/</url>
-        <url>http://www.securityfocus.com/bid/53537</url>
-        <cve>2012-6624</cve>
-        <osvdb>81919</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sharebar">
-    <vulnerability>
-      <title>Sharebar &lt;= 1.2.5 - sharebar-admin.php page Parameter XSS</title>
-      <references>
-        <osvdb>98078</osvdb>
-        <url>http://packetstormsecurity.com/files/123365/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Sharebar &lt;= 1.2.5 - Button Manipulation CSRF</title>
-      <references>
-        <osvdb>94843</osvdb>
-        <cve>2013-3491</cve>
-        <secunia>52948</secunia>
-        <url>http://www.securityfocus.com/bid/60956</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Sharebar 1.2.3 - wp-admin/options-general.php status Parameter XSS</title>
-      <references>
-        <osvdb>81465</osvdb>
-        <secunia>48908</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Sharebar &lt;= 1.2.1 - SQL Injection / Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112690/</url>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>1.2.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="share-and-follow">
-    <vulnerability>
-      <title>Share And Follow &lt;= 1.80.3 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112691/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sabre">
-    <vulnerability>
-      <title>SABRE &lt;= 1.2.0 - Cross Site Scripting</title>
-      <references>
-        <cve>2012-2916</cve>
-        <osvdb>82269</osvdb>
-        <url>http://packetstormsecurity.com/files/112692/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="pretty-link">
-    <vulnerability>
-      <title>Pretty Link Lite &lt;= 1.5.2 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112693/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Pretty Link Lite &lt;= 1.6.1 - Cross Site Scripting</title>
-      <references>
-        <secunia>50980</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>pretty-link - XSS in SWF</title>
-      <references>
-        <url>http://seclists.org/bugtraq/2013/Feb/100</url>
-        <url>http://packetstormsecurity.com/files/120433/</url>
-        <cve>2013-1636</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="newsletter-manager">
-    <vulnerability>
-      <title>Newsletter Manager &lt;= 1.0.2 - Cross Site Scripting</title>
-      <references>
-        <secunia>49183</secunia>
-        <url>http://packetstormsecurity.com/files/112694/</url>
-        <cve>2012-6628</cve>
-        <osvdb>102186</osvdb>
-        <osvdb>102548</osvdb>
-        <osvdb>102549</osvdb>
-        <osvdb>102550</osvdb>
-        <osvdb>81920</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Newsletter Manager 1.0.2 - Cross Site Scripting &amp; Cross-Site Request Forgery</title>
-      <references>
-        <secunia>49152</secunia>
-        <cve>2012-6627</cve>
-        <cve>2012-6629</cve>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="network-publisher">
-    <vulnerability>
-      <title>Network Publisher &lt;= 5.0.1 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112695/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="leaguemanager">
-    <vulnerability>
-      <title>LeagueManager &lt;= 3.7 - wp-admin/admin.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>82266</osvdb>
-        <secunia>49949</secunia>
-        <url>http://packetstormsecurity.com/files/112698/</url>
-        <url>http://www.securityfocus.com/bid/53525</url>
-        <url>http://xforce.iss.net/xforce/xfdb/75629</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>LeagueManager 3.8 - SQL Injection</title>
-      <references>
-        <osvdb>91442</osvdb>
-        <exploitdb>24789</exploitdb>
-        <cve>2013-1852</cve>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="leaflet">
-    <vulnerability>
-      <title>Leaflet &lt;= 0.0.1 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112699/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="joliprint">
-    <vulnerability>
-      <title>PDF And Print Button Joliprint &lt;= 1.3.0 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112700/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="iframe-admin-pages">
-    <vulnerability>
-      <title>IFrame Admin Pages &lt;= 0.1 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112701/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ezpz-one-click-backup">
-    <vulnerability>
-      <title>EZPZ One Click Backup &lt;= 12.03.10 - OS Command Injection</title>
-      <references>
-        <osvdb>106511</osvdb>
-        <cve>2014-3114</cve>
-        <url>http://www.openwall.com/lists/oss-security/2014/05/01/11</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>EZPZ One Click Backup &lt;= 12.03.10 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112705/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dynamic-widgets">
-    <vulnerability>
-      <title>Dynamic Widgets &lt;= 1.5.1 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112706/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="download-monitor">
-    <vulnerability>
-      <title>Download Monitor &lt;= 3.3.6.1 - wp-admin/admin.php Multiple Parameter XSS (Note: This plugin changed its version numbering, this may produce false positive)</title>
-      <references>
-        <osvdb>95613</osvdb>
-        <cve>2013-5098</cve>
-        <cve>2013-3262</cve>
-        <secunia>53116</secunia>
-        <url>http://www.securityfocus.com/bid/61407</url>
-        <url>http://xforce.iss.net/xforce/xfdb/85921</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.6.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Download Monitor &lt;= 3.3.5.7 - index.php dlsearch Parameter XSS (Note: This plugin changed its version numbering, this may produce false positive)</title>
-      <references>
-        <osvdb>85319</osvdb>
-        <cve>2012-4768</cve>
-        <secunia>50511</secunia>
-        <url>http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.5.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Download Monitor &lt;= 3.3.5.4 - Cross Site Scripting (Note: This plugin changed its version numbering, this may produce false positive)</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112707/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Download Monitor 2.0.6 - wp-download_monitor/download.php id Parameter SQL Injection (Note: This plugin changed its version numbering, this may produce false positive)</title>
-      <references>
-        <osvdb>44616</osvdb>
-        <cve>2008-2034</cve>
-        <secunia>29876</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.0.8</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="download-manager">
-    <vulnerability>
-      <title>Download Manager 2.5.8 - Download Package file Parameter Stored XSS</title>
-      <references>
-        <osvdb>101143</osvdb>
-        <cve>2013-7319</cve>
-        <secunia>55969</secunia>
-        <url>http://www.securityfocus.com/bid/64159</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.5.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Download Manager &lt;= 2.2.2 - admin.php cid Parameter XSS</title>
-      <references>
-        <osvdb>81449</osvdb>
-        <secunia>48927</secunia>
-        <url>http://packetstormsecurity.com/files/112708/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.2.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="codestyling-localization">
-    <vulnerability>
-      <title>Code Styling Localization &lt;= 1.99.17 - Cross Site Scripting</title>
-      <references>
-        <secunia>49037</secunia>
-        <url>http://packetstormsecurity.com/files/112709/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.99.20</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="catablog">
-    <vulnerability>
-      <title>Catablog &lt;= 1.6 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112619/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bad-behavior">
-    <vulnerability>
-      <title>Bad Behavior &lt;= 2.24 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112619/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bulletproof-security">
-    <vulnerability>
-      <title>BulletProof Security &lt;= 0.47 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112618/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>BulletProof Security - Security Log Script Insertion Vulnerability</title>
-      <references>
-        <osvdb>95928</osvdb>
-        <osvdb>95929</osvdb>
-        <osvdb>95930</osvdb>
-        <cve>2013-3487</cve>
-        <secunia>53614</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.49</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="better-wp-security">
-    <vulnerability>
-      <title>Better WP Security 3.6.3 - Online Backup Storage current_time Function Brute Force Disclosure</title>
-      <references>
-        <osvdb>103358</osvdb>
-        <url>http://packetstormsecurity.com/files/125219/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Better WP Security 3.6.3 - /wp-admin/admin-ajax.php license Parameter Stored XSS Weakness</title>
-      <references>
-        <osvdb>103357</osvdb>
-        <url>http://packetstormsecurity.com/files/125219/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Better WP Security 3.5.5 - inc/admin/content.php id_specialfile Parameter Stored XSS</title>
-      <references>
-        <osvdb>101788</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Better WP Security &lt;= 3.5.3 - inc/secure.php logevent Function URL Handling Stored XSS</title>
-      <references>
-        <osvdb>95884</osvdb>
-        <secunia>54299</secunia>
-        <exploitdb>27290</exploitdb>
-        <url>http://packetstormsecurity.com/files/122615/</url>
-        <url>https://github.com/wpscanteam/wpscan/issues/251</url>
-        <url>http://www.securityfocus.com/archive/1/527634/30/0/threaded</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Better WP Security 3.4.3 - Multiple XSS</title>
-      <references>
-        <url>http://seclists.org/bugtraq/2012/Oct/9</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.4.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Better WP Security &lt;= 3.2.4 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112617/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.2.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="custom-contact-forms">
-    <vulnerability>
-      <title>Custom Contact Forms &lt;= 5.0.0.1 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112616/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="2-click-socialmedia-button">
-    <vulnerability>
-      <title>2-Click-Socialmedia-Buttons &lt;= 0.34 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112615/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>2-Click-Socialmedia-Buttons &lt;= 0.32.2 - Cross Site Scripting</title>
-      <references>
-        <secunia>49181</secunia>
-        <url>http://packetstormsecurity.com/files/112711/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.35</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="login-with-ajax">
-    <vulnerability>
-      <title>Login With Ajax - Cross Site Scripting</title>
-      <references>
-        <cve>2012-2759</cve>
-        <osvdb>81712</osvdb>
-        <secunia>49013</secunia>
-        <url>http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-003/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.4.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Login With Ajax - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>93031</osvdb>
-        <cve>2013-2707</cve>
-        <secunia>52950</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>3.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="media-library-categories">
-    <vulnerability>
-      <title>Media Library Categories &lt;= 1.0.6 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17628</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Media Library Categories &lt;= 1.1.1 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112697/</url>
-        <cve>2012-6630</cve>
-        <osvdb>81916</osvdb>
-        <osvdb>109601</osvdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="deans-fckeditor-with-pwwangs-code-plugin-for-wordpress">
-    <vulnerability>
-      <title>FCKeditor Deans With Pwwangs Code &lt;= 1.0.0 - Remote Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/111319/</url>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="zingiri-web-shop">
-    <vulnerability>
-      <title>Zingiri Web Shop 2.6.5 - fwkfor/ajax/uploadfilexd.php Unspecified Issue</title>
-      <references>
-        <osvdb>103554</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.6.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Zingiri Web Shop 2.6.4 - mform.php Unspecified Issue</title>
-      <references>
-        <osvdb>101717</osvdb>
-        <secunia>56230</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.6.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Zingiri Web Shop 2.5.0 - ajaxfilemanager.php path Parameter File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>87833</osvdb>
-        <url>http://packetstormsecurity.com/files/118318/</url>
-        <url>http://www.securityfocus.com/bid/56659</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80257</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Zingiri Web Shop 2.4.3 - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/113668/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Zingiri Web Shop - Cookie SQL Injection Vulnerability</title>
-      <references>
-        <secunia>49398</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.4.8</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Zingiri Web Shop &lt;= 2.4.0 - zing.inc.php page Parameter XSS</title>
-      <references>
-        <osvdb>81492</osvdb>
-        <cve>2012-6506</cve>
-        <exploitdb>18787</exploitdb>
-        <secunia>48991</secunia>
-        <url>http://www.securityfocus.com/bid/53278</url>
-        <url>http://xforce.iss.net/xforce/xfdb/75178</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.4.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Zingiri Web Shop &lt;= 2.4.0 - onecheckout.php notes Parameter XSS</title>
-      <references>
-        <osvdb>81493</osvdb>
-        <cve>2012-6506</cve>
-        <exploitdb>18787</exploitdb>
-        <secunia>48991</secunia>
-        <url>http://www.securityfocus.com/bid/53278</url>
-        <url>http://xforce.iss.net/xforce/xfdb/75179</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.4.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Zingiri Web Shop &lt;= 2.3.5 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112684/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="organizer">
-    <vulnerability>
-      <title>Organizer 1.2.1 - Cross Site Scripting / Path Disclosure</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112086/</url>
-        <url>http://packetstormsecurity.com/files/113800/</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="zingiri-tickets">
-    <vulnerability>
-      <title>Zingiri Tickets 2.1.2 - Unspecified Issue</title>
-      <references>
-        <osvdb>105015</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.1.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Zingiri Tickets - File Disclosure</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/111904/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cms-tree-page-view">
-    <vulnerability>
-      <title>CMS Tree Page View 1.2.4 - Page Creation CSRF</title>
-      <references>
-        <osvdb>91270</osvdb>
-        <secunia>52581</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>CMS Tree Page View 0.8.8 - XSS vulnerability</title>
-      <references>
-        <osvdb>80573</osvdb>
-        <secunia>48510</secunia>
-        <url>https://www.htbridge.com/advisory/HTB23083</url>
-        <url>http://www.securityfocus.com/bid/52708</url>
-        <url>http://xforce.iss.net/xforce/xfdb/74337</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.8.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="all-in-one-event-calendar">
-    <vulnerability>
-      <title>All-in-One Event Calendar 1.4 - Multiple XSS vulnerabilities</title>
-      <references>
-        <url>http://seclists.org/bugtraq/2012/Apr/70</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>All-in-One Event Calendar 1.9 - wp-admin/post-new.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>96271</osvdb>
-        <secunia>54038</secunia>
-        <url>http://www.firefart.net/sql-injection-and-xss-in-all-in-one-event-calendar-wordpress-plugin/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.10</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>All-in-One Event Calendar 1.9 - index.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>96272</osvdb>
-        <secunia>54038</secunia>
-        <url>http://www.firefart.net/sql-injection-and-xss-in-all-in-one-event-calendar-wordpress-plugin/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.10</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="buddypress">
-    <vulnerability>
-      <title>Buddypress &lt;= 1.9.1 - Crafted bp_new_group_id Cookie Arbitrary Group Manipulation</title>
-      <references>
-        <osvdb>103308</osvdb>
-        <cve>2014-1889</cve>
-        <secunia>56950</secunia>
-        <exploitdb>31571</exploitdb>
-        <url>http://packetstormsecurity.com/files/125213/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.9.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Buddypress &lt;= 1.9.1 - groups/create/step/group-details/ Group Name Field Stored XSS</title>
-      <references>
-        <osvdb>103307</osvdb>
-        <cve>2014-1888</cve>
-        <secunia>56950</secunia>
-        <url>http://packetstormsecurity.com/files/125212/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>BuddyPress 1.7.1 - bp-activity-classes.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>104761</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.7.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>BuddyPress 1.7.1 - bp-blogs-classes.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>104761</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.7.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>BuddyPress 1.7.1 - bp-friends/bp-friends-classes.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>104760</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.7.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>BuddyPress 1.7.1 - bp-core/bp-core-classes.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>104759</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.7.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>BuddyPress 1.7.1 - bp-core/bp-core-functions.php page_ids Parameter SQL Injection</title>
-      <references>
-        <osvdb>104758</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.7.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>BuddyPress 1.7.1 - bp-core/bp-core-filters.php user_ids Parameter SQL Injection</title>
-      <references>
-        <osvdb>104757</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.7.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>BuddyPress 1.7.1 - bp-core/bp-core-cache.php object_ids Parameter SQL Injection</title>
-      <references>
-        <osvdb>104755</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.7.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Buddypress - player.swf / jwplayer.swf playerready Parameter XSS</title>
-      <references>
-        <osvdb>88886</osvdb>
-        <url>http://packetstormsecurity.com/files/119020/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80840</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Buddypress &lt;= 1.5.4 - wp-load.php exclude Parameter SQL Injection</title>
-      <references>
-        <cve>2012-2109</cve>
-        <osvdb>80763</osvdb>
-        <exploitdb>18690</exploitdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.5.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>BuddyPress 1.2.9 - groups/test-group/activity/ activity_ids Parameter SQL Injection</title>
-      <references>
-        <osvdb>104756</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.2.10</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="register-plus-redux">
-    <vulnerability>
-      <title>Register Plus Redux &lt;= 3.8.3 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/111367/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="magn-html5-drag-and-drop-media-uploader">
-    <vulnerability>
-      <title>Magn WP Drag and Drop &lt;= 1.1.4 - Upload Shell Upload Vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/110103/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="kish-guest-posting">
-    <vulnerability>
-      <title>Kish Guest Posting 1.0 - Arbitrary File Upload</title>
-      <references>
-        <exploitdb>18412</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="allwebmenus-wordpress-menu-plugin">
-    <vulnerability>
-      <title>AllWebMenus Shell Upload &lt;= 1.1.9 - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/108946/</url>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>AllWebMenus 1.1.3 - Remote File Inclusion</title>
-      <references>
-        <cve>2011-3981</cve>
-        <osvdb>75615</osvdb>
-        <exploitdb>17861</exploitdb>
-        <secunia>46068</secunia>
-      </references>
-      <fixed_in>1.1.4</fixed_in>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="shortcode-redirect">
-    <vulnerability>
-      <title>Shortcode Redirect &lt;= 1.0.01 - Stored Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/108914/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ucan-post">
-    <vulnerability>
-      <title>uCan Post &lt;= 1.0.09 - Stored XSS</title>
-      <references>
-        <exploitdb>18390</exploitdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-cycle-playlist">
-    <vulnerability>
-      <title>WP Cycle Playlist - Multiple Vulnerabilities</title>
-      <references>
-        <url>http://1337day.com/exploit/17396</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="myeasybackup">
-    <vulnerability>
-      <title>myEASYbackup 1.0.8.1 - Directory Traversal</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/108711/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="count-per-day">
-    <vulnerability>
-      <title>Count per Day 3.2.5 - wp-admin/index.php daytoshow Parameter XSS</title>
-      <references>
-        <osvdb>90893</osvdb>
-        <secunia>52436</secunia>
-        <url>http://packetstormsecurity.com/files/120649/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Count per Day 3.2.5 - counter.php HTTP Referer Header XSS</title>
-      <references>
-        <osvdb>91491</osvdb>
-        <exploitdb>24859</exploitdb>
-        <url>http://packetstormsecurity.com/files/120870/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Count Per Day 3.2.3 - notes.php Malformed Requests Remote DoS</title>
-      <references>
-        <osvdb>90833</osvdb>
-        <url>http://packetstormsecurity.com/files/120631/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Mar/43</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Count Per Day 3.2.3 - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>90832</osvdb>
-        <url>http://packetstormsecurity.com/files/120631/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Mar/43</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Count Per Day 3.2.3 - notes.php note Parameter XSS</title>
-      <references>
-        <osvdb>84933</osvdb>
-        <exploitdb>20862</exploitdb>
-        <secunia>50450</secunia>
-        <url>http://packetstormsecurity.com/files/115904/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Count Per Day 3.2.2 - notes.php note Parameter XSS</title>
-      <references>
-        <osvdb>84920</osvdb>
-        <secunia>50419</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.2.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Count Per Day 3.1.1 - userperspan.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>83491</osvdb>
-        <cve>2012-3434</cve>
-        <secunia>49692</secunia>
-        <url>http://packetstormsecurity.com/files/114787/</url>
-        <url>http://www.securityfocus.com/bid/54258</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Count Per Day &lt;= 3.1 - download.php f Parameter Traversal Arbitrary File Access</title>
-      <references>
-        <osvdb>78270</osvdb>
-        <exploitdb>18355</exploitdb>
-        <secunia>47529</secunia>
-        <url>http://xforce.iss.net/xforce/xfdb/72385</url>
-        <url>http://packetstormsecurity.org/files/108631/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.1.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Count Per Day &lt;= 3.1 - map.php map Parameter XSS</title>
-      <references>
-        <osvdb>78271</osvdb>
-        <exploitdb>18355</exploitdb>
-        <secunia>47529</secunia>
-        <url>http://xforce.iss.net/xforce/xfdb/72385</url>
-        <url>http://packetstormsecurity.org/files/108631/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.1.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Count per Day &lt;= 2.17 - SQL Injection Vulnerability</title>
-      <references>
-        <osvdb>75598</osvdb>
-        <exploitdb>17857</exploitdb>
-        <secunia>46051</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-autoyoutube">
-    <vulnerability>
-      <title>WP-AutoYoutube &lt;= 0.1 - Blind SQL Injection Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/17368</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="age-verification">
-    <vulnerability>
-      <title>Age Verification &lt;= 0.4 - Open Redirect</title>
-      <references>
-        <cve>2012-6499</cve>
-        <osvdb>82584</osvdb>
-        <exploitdb>18350</exploitdb>
-      </references>
-      <type>REDIRECT</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="yousaytoo-auto-publishing-plugin">
-    <vulnerability>
-      <title>Yousaytoo Auto Publishing &lt;= 1.0 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/108470/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="pay-with-tweet">
-    <vulnerability>
-      <title>Pay With Tweet &lt;= 1.1 - Multiple Vulnerabilities</title>
-      <references>
-        <exploitdb>18330</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-whois">
-    <vulnerability>
-      <title>Whois Search &lt;= 1.4.2 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/108271/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="upm-polls">
-    <vulnerability>
-      <title>UPM-POLLS 1.0.4 - BLIND SQL injection</title>
-      <references>
-        <exploitdb>18231</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="disqus-comment-system">
-    <vulnerability>
-      <title>Disqus &lt;= 2.75 - Remote Code Execution Vuln</title>
-      <references>
-        <url>http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html</url>
-      </references>
-      <type>RCE</type>
-      <fixed_in>2.76</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Disqus Comment System &lt;= 2.68 - Reflected Cross-Site Scripting (XSS)</title>
-      <references>
-        <url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.69</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Disqus Blog Comments - Blind SQL Injection Vulnerability</title>
-      <references>
-        <osvdb>85935</osvdb>
-        <exploitdb>20913</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-recaptcha">
-    <vulnerability>
-      <title>Google reCAPTCHA &lt;= 3.1.3 - Reflected XSS Vulnerability</title>
-      <references>
-        <url>http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.1.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="link-library">
-    <vulnerability>
-      <title>Link Library 5.8.0.9 - Multiple Unspecified Issues</title>
-      <references>
-        <osvdb>102842</osvdb>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>5.8.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Link Library 5.1.6 - link-library-ajax.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>102804</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>5.1.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Link Library 5.0.8 - wp-content/plugins/link-library/tracker.php id Parameter XSS</title>
-      <references>
-        <osvdb>74561</osvdb>
-        <secunia>45588</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.0.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Link Library 5.0.8 - wp-content/plugins/link-library/tracker.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>74562</osvdb>
-        <secunia>45588</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>5.0.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Link Library &lt;= 5.2.1 - SQL Injection</title>
-      <references>
-        <osvdb>84579</osvdb>
-        <exploitdb>17887</exploitdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>5.7.9.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cevhershare">
-    <vulnerability>
-      <title>CevherShare 2.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17891</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="meenews">
-    <vulnerability>
-      <title>meenews 5.1 - Cross-Site Scripting Vulnerabilities</title>
-      <references>
-        <url>http://seclists.org/bugtraq/2011/Nov/151</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="clickdesk-live-support-chat">
-    <vulnerability>
-      <title>Click Desk Live Support Chat - Cross Site Scripting Vulnerability</title>
-      <references>
-        <url>http://seclists.org/bugtraq/2011/Nov/148</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="adminimize">
-    <vulnerability>
-      <title>adminimize 1.7.21 - 'page' Parameter Cross Site Scripting Vulnerability</title>
-      <references>
-        <cve>2011-4926</cve>
-        <osvdb>77472</osvdb>
-        <url>http://www.securityfocus.com/bid/50745</url>
-        <url>http://seclists.org/bugtraq/2011/Nov/135</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.7.22</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="advanced-text-widget">
-    <vulnerability>
-      <title>Advanced Text Widget &lt;= 2.0.0 - Cross Site Scripting Vulnerability</title>
-      <references>
-        <url>http://seclists.org/bugtraq/2011/Nov/133</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mm-duplicate">
-    <vulnerability>
-      <title>MM Duplicate &lt;= 1.2 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17707</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-menu-creator">
-    <vulnerability>
-      <title>Menu Creator &lt;= 1.1.7 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17689</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="allow-php-in-posts-and-pages">
-    <vulnerability>
-      <title>Allow PHP in Posts and Pages &lt;= 2.0.0.RC2 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17688</exploitdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.1.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="global-content-blocks">
-    <vulnerability>
-      <title>Global Content Blocks &lt;= 1.2 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17687</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ajaxgallery">
-    <vulnerability>
-      <title>Ajax Gallery &lt;= 3.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17686</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-ds-faq">
-    <vulnerability>
-      <title>WP DS FAQ &lt;= 1.3.2 - ajax.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>74574</osvdb>
-        <secunia>45640</secunia>
-        <exploitdb>17683</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-ds-faq-plus">
-    <vulnerability>
-      <title>WP DS FAQ Plus 1.0.12 - Multiple Unspecified Issues</title>
-      <references>
-        <osvdb>106614</osvdb>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>1.0.13</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP DS FAQ Plus 1.0.11 - Multiple Unspecified Issues</title>
-      <references>
-        <osvdb>106615</osvdb>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>1.0.12</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP DS FAQ Plus 1.0.3 - Multiple Unspecified CSRF</title>
-      <references>
-        <osvdb>106618</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.0.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP DS FAQ Plus - Unspecified SQL Injection</title>
-      <references>
-        <osvdb>106724</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.0.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="odihost-newsletter-plugin">
-    <vulnerability>
-      <title>OdiHost Newsletter &lt;= 1.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17681</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="easy-contact-form-lite">
-    <vulnerability>
-      <title>Easy Contact Form Lite &lt;= 1.0.7 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17680</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-symposium">
-    <vulnerability>
-      <title>WP Symposium 13.04 - invite.php u Parameter Arbitrary Site Redirect</title>
-      <references>
-        <osvdb>92274</osvdb>
-        <cve>2013-2694</cve>
-        <secunia>52925</secunia>
-      </references>
-      <type>REDIRECT</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium 13.02 - wp-symposium/invite.php u Parameter XSS</title>
-      <references>
-        <osvdb>92275</osvdb>
-        <cve>2013-2695</cve>
-        <secunia>52864</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>13.04</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 12.09 - ajax/symposium_groups_functions.php gid Parameter SQL Injection</title>
-      <references>
-        <osvdb>89455</osvdb>
-        <secunia>50674</secunia>
-        <url>http://www.securityfocus.com/bid/57478</url>
-        <url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>12.12</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 12.09 - index.php uid Parameter SQL Injection</title>
-      <references>
-        <osvdb>89456</osvdb>
-        <secunia>50674</secunia>
-        <url>http://www.securityfocus.com/bid/57478</url>
-        <url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>12.12</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 12.09 - ajax/symposium_profile_functions.php friend_to Parameter SQL Injection</title>
-      <references>
-        <osvdb>89457</osvdb>
-        <secunia>50674</secunia>
-        <url>http://www.securityfocus.com/bid/57478</url>
-        <url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>12.12</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 12.09 - ajax/symposium_forum_functions.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>89458</osvdb>
-        <secunia>50674</secunia>
-        <url>http://www.securityfocus.com/bid/57478</url>
-        <url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>12.12</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 12.09 - get_album_item.php size Parameter SQL Injection</title>
-      <references>
-        <osvdb>89459</osvdb>
-        <secunia>50674</secunia>
-        <url>http://www.securityfocus.com/bid/57478</url>
-        <url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>12.12</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 12.07.07 - ajax/symposium_ajax_functions.php Authentication Bypass</title>
-      <references>
-        <osvdb>83696</osvdb>
-        <secunia>49791</secunia>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 12.06.16 - ajax/symposium_forum_functions.php tid Parameter SQL Injection</title>
-      <references>
-        <osvdb>83662</osvdb>
-        <secunia>49534</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>12.07.01</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 12.06.16 - ajax/symposium_group_functions.php uid1 Parameter SQL Injection</title>
-      <references>
-        <osvdb>83663</osvdb>
-        <secunia>49534</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>12.07.01</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 12.06.16 - ajax/symposium_bar_functions.php chat_to Parameter SQL Injection</title>
-      <references>
-        <osvdb>83668</osvdb>
-        <secunia>49534</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>12.07.01</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 12.06.16 - ajax/symposium_mail_functions.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>83675</osvdb>
-        <secunia>49534</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>12.07.01</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 11.11.26 - uploadify/upload_admin_avatar.php File Upload Remote PHP Code Execution</title>
-      <references>
-        <osvdb>78041</osvdb>
-        <cve>2011-5051</cve>
-        <secunia>46097</secunia>
-        <url>http://xforce.iss.net/xforce/xfdb/72012</url>
-      </references>
-      <type>RCE</type>
-      <fixed_in>11.12.24</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 11.11.26 - uploadify/upload_profile_avatar.php File Upload Remote PHP Code Execution</title>
-      <references>
-        <osvdb>78042</osvdb>
-        <cve>2011-5051</cve>
-        <secunia>46097</secunia>
-        <url>http://xforce.iss.net/xforce/xfdb/72012</url>
-      </references>
-      <type>RCE</type>
-      <fixed_in>11.12.24</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 11.11.26 - uploadify/get_profile_avatar.php uid Parameter XSS</title>
-      <references>
-        <osvdb>77634</osvdb>
-        <cve>2011-3841</cve>
-        <secunia>47243</secunia>
-        <url>http://www.securityfocus.com/bid/51017</url>
-        <url>http://xforce.iss.net/xforce/xfdb/71748</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>11.12.08</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Symposium &lt;= 0.64 - uploadify/get_profile_avatar.php uid Parameter SQL Injection</title>
-      <references>
-        <osvdb>74664</osvdb>
-        <secunia>47243</secunia>
-        <exploitdb>17679</exploitdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>11.08.18</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="file-groups">
-    <vulnerability>
-      <title>File Groups &lt;= 1.1.2 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17677</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ip-logger">
-    <vulnerability>
-      <title>IP-Logger &lt;= 3.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17673</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="beer-recipes">
-    <vulnerability>
-      <title>Beer Recipes 1.0 - XSS</title>
-      <references>
-        <exploitdb>17453</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="is-human">
-    <vulnerability>
-      <title>Is-human &lt;= 1.4.2 - Remote Command Execution Vulnerability</title>
-      <references>
-        <exploitdb>17299</exploitdb>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="editormonkey">
-    <vulnerability>
-      <title>EditorMonkey - (FCKeditor) Arbitrary File Upload</title>
-      <references>
-        <exploitdb>17284</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sermon-browser">
-    <vulnerability>
-      <title>SermonBrowser 0.43 - SQL Injection</title>
-      <references>
-        <exploitdb>17214</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ajax-category-dropdown">
-    <vulnerability>
-      <title>Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities</title>
-      <references>
-        <exploitdb>17207</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-custom-pages">
-    <vulnerability>
-      <title>WP Custom Pages 0.5.0.1 - LFI Vulnerability</title>
-      <references>
-        <exploitdb>17119</exploitdb>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="flash-album-gallery">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>GRAND Flash Album Gallery 2.70- "s" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <osvdb>93714</osvdb>
-        <cve>2013-3261</cve>
-        <secunia>53111</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.72</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>GRAND Flash Album Gallery 2.55 - "gid" SQL Injection Vulnerability</title>
-      <references>
-        <osvdb>93087</osvdb>
-        <secunia>53356</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.56</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>GRAND Flash Album Gallery - Multiple Vulnerabilities</title>
-      <references>
-        <secunia>51100</secunia>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>2.17</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>GRAND Flash Album Gallery 1.9.0 and 2.0.0 - Multiple Vulnerabilities</title>
-      <references>
-        <secunia>51601</secunia>
-        <url>http://packetstormsecurity.com/files/117665/</url>
-        <url>http://www.waraxe.us/advisory-94.html</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>GRAND Flash Album Gallery &lt;= 1.71 - wp-admin/admin.php skin Parameter XSS</title>
-      <references>
-        <osvdb>81923</osvdb>
-        <url>http://packetstormsecurity.com/files/112704/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.76</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>GRAND Flash Album Gallery &lt;= 1.56 - XSS Vulnerability</title>
-      <references>
-        <url>http://seclists.org/bugtraq/2011/Nov/186</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid Parameter SQL Injection</title>
-      <references>
-        <osvdb>71072</osvdb>
-        <secunia>43648</secunia>
-        <exploitdb>16947</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>GRAND Flash Album Gallery 0.55 - admin/news.php want2Read Parameter Traversal Arbitrary File Access</title>
-      <references>
-        <osvdb>71073</osvdb>
-        <secunia>43648</secunia>
-        <exploitdb>16947</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="php_speedy_wp">
-    <vulnerability>
-      <title>PHP Speedy &lt;= 0.5.2 - (admin_container.php) Remote Code Exec Exploit</title>
-      <references>
-        <exploitdb>16273</exploitdb>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="old-post-spinner">
-    <vulnerability>
-      <title>OPS Old Post Spinner 2.2.1 - LFI Vulnerability</title>
-      <references>
-        <exploitdb>16251</exploitdb>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="jquery-mega-menu">
-    <vulnerability>
-      <title>jQuery Mega Menu 1.0 - Local File Inclusion</title>
-      <references>
-        <exploitdb>16250</exploitdb>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="iwant-one-ihave-one">
-    <vulnerability>
-      <title>IWantOneButton 3.0.1 - Multiple Vulnerabilities</title>
-      <references>
-        <exploitdb>16236</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="forum-server">
-    <vulnerability>
-      <title>WP Forum Server &lt;= 1.7.3 - wpf-insert.php edit_post_id Parameter SQL Injection</title>
-      <references>
-        <osvdb>75463</osvdb>
-        <cve>2012-6625</cve>
-        <secunia>45974</secunia>
-        <url>http://packetstormsecurity.com/files/112703/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.7.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Forum Server &lt;= 1.7.3 - fs-admin/wpf-add-forum.php groupid Parameter XSS</title>
-      <references>
-        <osvdb>102185</osvdb>
-        <cve>2012-6623</cve>
-        <secunia>49167</secunia>
-        <url>http://packetstormsecurity.com/files/112703/</url>
-        <url>http://www.securityfocus.com/bid/65215</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Forum Server &lt;= 1.7.3 - fs-admin/fs-admin.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>81914</osvdb>
-        <cve>2012-6622</cve>
-        <secunia>49155</secunia>
-        <url>http://packetstormsecurity.com/files/112703/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Forum Server &lt;= 1.7 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17828</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Forum Server 1.6.5 - feed.php topic Parameter SQL Injection</title>
-      <references>
-        <osvdb>70994</osvdb>
-        <cve>2011-1047</cve>
-        <secunia>43306</secunia>
-        <exploitdb>16235</exploitdb>
-        <url>http://www.securityfocus.com/bid/46360</url>
-        <url>http://www.securityfocus.com/bid/46362</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Forum Server 1.6.5 - index.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>70993</osvdb>
-        <cve>2011-1047</cve>
-        <secunia>43306</secunia>
-        <exploitdb>16235</exploitdb>
-        <url>http://www.securityfocus.com/bid/46362</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="relevanssi">
-    <vulnerability>
-      <title>Relevanssi 3.2 - Unspecified SQL Injection</title>
-      <references>
-        <osvdb>104014</osvdb>
-        <secunia>56641</secunia>
-        <url>http://www.securityfocus.com/bid/65960</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Relevanssi 2.7.2 - Stored XSS Vulnerability</title>
-      <references>
-        <osvdb>71236</osvdb>
-        <secunia>43461</secunia>
-        <exploitdb>16233</exploitdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.7.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="gigpress">
-    <vulnerability>
-      <title>GigPress 2.1.10 - Stored XSS Vulnerability</title>
-      <references>
-        <exploitdb>16232</exploitdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="comment-rating">
-    <vulnerability>
-      <title>Comment Rating 2.9.32 - Security Bypass Weakness and SQL Injection</title>
-      <references>
-        <osvdb>90676</osvdb>
-        <exploitdb>24552</exploitdb>
-        <secunia>52348</secunia>
-        <url>http://packetstormsecurity.com/files/120569/</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Comment Rating 2.9.23 - Multiple Vulnerabilities</title>
-      <references>
-        <osvdb>71044</osvdb>
-        <secunia>43406</secunia>
-        <exploitdb>16221</exploitdb>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>2.9.24</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="z-vote">
-    <vulnerability>
-      <title>Z-Vote 1.1 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>16218</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="user-photo">
-    <vulnerability>
-      <title>User Photo - Component Remote File Upload Vulnerability</title>
-      <references>
-        <cve>2013-1916</cve>
-        <exploitdb>16181</exploitdb>
-        <osvdb>71071</osvdb>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>0.9.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="enable-media-replace">
-    <vulnerability>
-      <title>Enable Media Replace - Multiple Vulnerabilities</title>
-      <references>
-        <exploitdb>16144</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mingle-forum">
-    <vulnerability>
-      <title>Mingle Forum &lt;= 1.0.32.1 - Cross Site Scripting / SQL Injection</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/108915/</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Mingle Forum &lt;= 1.0.31 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17894</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Mingle Forum &lt;= 1.0.26 - Multiple Vulnerabilities</title>
-      <references>
-        <exploitdb>15943</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Mingle Forum &lt;= 1.0.33 - Cross Site Scripting</title>
-      <references>
-        <secunia>49171</secunia>
-        <url>http://packetstormsecurity.com/files/112696/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.33.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Parameter XSS</title>
-      <references>
-        <osvdb>90432</osvdb>
-        <cve>2013-0734</cve>
-        <secunia>52167</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.34</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Mingle Forum 1.0.33.3 - wpf.class.php search_words Parameter XSS</title>
-      <references>
-        <osvdb>90433</osvdb>
-        <cve>2013-0734</cve>
-        <secunia>52167</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.34</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>90434</osvdb>
-        <cve>2013-0735</cve>
-        <secunia>52167</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.0.34</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Mingle Forum 1.0.35 - Privilege Escalation CSRF</title>
-      <references>
-        <osvdb>96905</osvdb>
-        <cve>2013-0736</cve>
-        <secunia>47687</secunia>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="accept-signups">
-    <vulnerability>
-      <title>Accept Signups 0.1 - XSS</title>
-      <references>
-        <exploitdb>15808</exploitdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="events-manager-extended">
-    <vulnerability>
-      <title>Events Manager Extended - Persistent XSS Vulnerability</title>
-      <references>
-        <exploitdb>14923</exploitdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="nextgen-smooth-gallery">
-    <vulnerability>
-      <title>NextGEN Smooth Gallery - Blind SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>14541</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGen Smooth Gallery - XSS</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/123074/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mylinksdump">
-    <vulnerability>
-      <title>myLDlinker - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>14441</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="firestats">
-    <vulnerability>
-      <title>Firestats - Remote Configuration File Download</title>
-      <references>
-        <exploitdb>14308</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-press">
-    <vulnerability>
-      <title>Simple Press - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>14198</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cimy-counter">
-    <vulnerability>
-      <title>Cimy Counter - Vulnerabilities</title>
-      <references>
-        <exploitdb>14057</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="nextgen-gallery">
-  <vulnerability>
-      <title>NextGEN Gallery &amp; 2.0.66 - Arbitrary File Upload (the user must have upload privileges)</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/127340/wpnextgen2063-shell.txt</url>
-      </references>
-      <type>UPLOAD</type>
-      <!-- The 2.0.65 has a bypass, properly fixed in 2.0.66 -->
-      <fixed_in>2.0.66</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery 2.0.0 - Directory Traversal</title>
-      <references>
-        <osvdb>103473</osvdb>
-        <url>http://seclists.org/fulldisclosure/2014/Feb/171</url>
-        <url>https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery - SWF Vulnerable to XSS</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-        <secunia>51271</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.8</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery - swfupload.swf Multiple Cross Site Scripting Vulnerabilities</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/60433</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery 1.9.12 - Arbitrary File Upload</title>
-      <references>
-        <osvdb>94232</osvdb>
-        <cve>2013-3684</cve>
-        <url>http://wordpress.org/plugins/nextgen-gallery/changelog/</url>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>1.9.13</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery 1.9.11 - xml/json.php Crafted Request Parsing Path Disclosure</title>
-      <references>
-        <osvdb>90242</osvdb>
-        <cve>2013-0291</cve>
-        <secunia>52137</secunia>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS</title>
-      <references>
-        <osvdb>97690</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery &lt;= 1.9.0 - admin/manage-galleries.php paged Parameter XSS</title>
-      <references>
-        <osvdb>78363</osvdb>
-        <secunia>47588</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery &lt;= 1.9.0 - admin/manage-images.php paged Parameter XSS</title>
-      <references>
-        <osvdb>78364</osvdb>
-        <secunia>47588</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery &lt;= 1.9.0 - admin/manage.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>78365</osvdb>
-        <secunia>47588</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery &lt;= 1.8.3 - wp-admin/admin.php search Parameter XSS</title>
-      <references>
-        <osvdb>76576</osvdb>
-        <secunia>46602</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.8.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery &lt;= 1.8.3 - Tag Deletion CSRF</title>
-      <references>
-        <osvdb>76577</osvdb>
-        <secunia>46602</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.8.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery &lt;= 1.7.3 - xml/ajax.php Path Disclosure</title>
-      <references>
-        <osvdb>72023</osvdb>
-      </references>
-      <type>FPD</type>
-      <fixed_in>1.7.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>NextGEN Gallery &lt;= 1.5.1 - xml/media-rss.php mode Parameter XSS</title>
-      <references>
-        <osvdb>63574</osvdb>
-        <exploitdb>12098</exploitdb>
-        <secunia>39341</secunia>
-        <url>http://www.securityfocus.com/bid/39250</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cpl">
-    <vulnerability>
-      <title>Copperleaf Photolog - SQL injection</title>
-      <references>
-        <exploitdb>11458</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="events-calendar">
-    <vulnerability>
-      <title>Events Calendar - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>10929</exploitdb>
-        <osvdb>95677</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>6.7.10</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Events Calendar - wp-admin/admin.php EC_id Parameter XSS</title>
-      <references>
-        <osvdb>74705</osvdb>
-        <secunia>45717</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>6.7.12a</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ImageManager">
-    <vulnerability>
-      <title>Image Manager - Shell Upload Vulnerability</title>
-      <references>
-        <exploitdb>10325</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-cumulus">
-    <vulnerability>
-      <title>WP-Cumulus &lt;= 1.20 - Vulnerabilities</title>
-      <references>
-        <exploitdb>10228</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-Cumulus - Cross Site Scripting Vulnerabily</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2011/Nov/340</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.23</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-syntax">
-    <vulnerability>
-      <title>WP-Syntax &lt; 0.9.10 - Remote Command Execution</title>
-      <references>
-        <exploitdb>9431</exploitdb>
-      </references>
-      <type>RCE</type>
-      <fixed_in>0.9.10</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="my-category-order">
-    <vulnerability>
-      <title>My Category Order &lt;= 2.8 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>9150</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="related-sites">
-    <vulnerability>
-      <title>Related Sites 2.1 - Blind SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>9054</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dm-albums">
-    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
-      <references>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>DM Albums 1.9.2 - Remote File Disclosure Vulnerability</title>
-      <references>
-        <exploitdb>9048</exploitdb>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>DM Albums 1.9.2 - Remote File Inclusion Vuln</title>
-      <references>
-        <exploitdb>9043</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="photoracer">
-    <vulnerability>
-      <title>Photoracer 1.0 - (id) SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>8961</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Photoracer &lt;= 1.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17720</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Photoracer &lt;= 1.0 - Multiple Vulnerabilities</title>
-      <references>
-        <exploitdb>17731</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-lytebox">
-    <vulnerability>
-      <title>Lytebox - Local File Inclusion Vulnerability</title>
-      <references>
-        <exploitdb>8791</exploitdb>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fmoblog">
-    <vulnerability>
-      <title>fMoblog 2.1 - (id) SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>8229</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="page-flip-image-gallery">
-    <vulnerability>
-      <title>Page Flip Image Gallery &lt;= 0.2.2 - Remote FD Vuln</title>
-      <references>
-        <osvdb>50902</osvdb>
-        <cve>2008-5752</cve>
-        <exploitdb>7543</exploitdb>
-        <secunia>33274</secunia>
-        <url>http://www.securityfocus.com/bid/32966</url>
-        <url>http://xforce.iss.net/xforce/xfdb/47568</url>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-    <!-- Fake vuln, See https://github.com/wpscanteam/wpscan/commit/e45e91b0bfec8b8db83f987c531d01398812cdfa
-    <vulnerability>
-      <title>Page Flip Image Gallery - Remote File Upload Vulnerability</title>
-      <references>
-        <osvdb>100748</osvdb>
-        <url>http://packetstormsecurity.com/files/124316/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    -->
-  </plugin>
-
-  <plugin name="wp-shopping-cart">
-    <vulnerability>
-      <title>e-Commerce &lt;= 3.4 - Arbitrary File Upload Exploit</title>
-      <references>
-        <exploitdb>6867</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="downloads-manager">
-    <vulnerability>
-      <title>Download Manager 0.2 - Arbitrary File Upload Exploit</title>
-      <references>
-        <exploitdb>6127</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wpSS">
-    <vulnerability>
-      <title>Spreadsheet &lt;= 0.6 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>5486</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-download">
-    <vulnerability>
-      <title>Download - (dl_id) SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>5326</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sniplets">
-    <vulnerability>
-      <title>Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities</title>
-      <references>
-        <exploitdb>5194</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-photo-album">
-    <vulnerability>
-      <title>Photo album - Remote SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>5135</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sf-forum">
-    <vulnerability>
-      <title>Simple Forum 2.0-2.1 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>5126</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Simple Forum 1.10-1.11 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>5127</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="st_newsletter">
-    <vulnerability>
-      <title>st_newsletter - Remote SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>5053</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>st_newsletter - (stnl_iframe.php) SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>6777</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordspew">
-    <vulnerability>
-      <title>Wordspew - Remote SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>5039</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dmsguestbook">
-    <vulnerability>
-      <title>dmsguestbook 1.7.0 - Multiple Remote Vulnerabilities</title>
-      <references>
-        <exploitdb>5035</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wassup">
-    <vulnerability>
-      <title>WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit</title>
-      <references>
-        <exploitdb>5017</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-adserve">
-    <vulnerability>
-      <title>Adserve 0.2 - adclick.php SQL Injection Exploit</title>
-      <references>
-        <exploitdb>5013</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fgallery">
-    <vulnerability>
-      <title>fGallery 2.4.1 - fimrss.php SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>4993</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-cal">
-    <vulnerability>
-      <title>WP-Cal 0.3 - editevent.php SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>4992</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wpforum">
-    <vulnerability>
-      <title>plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>4939</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>7738</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-filemanager">
-    <vulnerability>
-      <title>wp-FileManager 1.2 - Remote Upload Vulnerability</title>
-      <references>
-        <exploitdb>4844</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-FileManager 1.3.0 - File Download Vulnerability</title>
-      <references>
-        <secunia>53421</secunia>
-        <exploitdb>25440</exploitdb>
-        <osvdb>93446</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.4.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="pictpress">
-    <vulnerability>
-      <title>PictPress &lt;= 0.91 - Remote File Disclosure Vulnerability</title>
-      <references>
-        <exploitdb>4695</exploitdb>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="backupwordpress">
-    <vulnerability>
-      <title>BackUp &lt;= 0.4.2b - RFI Vulnerability</title>
-      <references>
-        <exploitdb>4593</exploitdb>
-      </references>
-      <type>RFI</type>
-      <fixed_in>0.4.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="myflash">
-    <vulnerability>
-      <title>Myflash &lt;= 1.00 - (wppath) RFI Vulnerability</title>
-      <references>
-        <exploitdb>3828</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Myflash - myextractXML.php path Parameter Arbitrary File Access</title>
-      <references>
-        <osvdb>88260</osvdb>
-        <url>http://packetstormsecurity.com/files/118400/</url>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordtube">
-    <vulnerability>
-      <title>plugin wordTube &lt;= 1.43 - (wpPATH) RFI Vulnerability</title>
-      <references>
-        <exploitdb>3825</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-table">
-    <vulnerability>
-      <title>plugin wp-Table &lt;= 1.43 - (inc_dir) RFI Vulnerability</title>
-      <references>
-        <exploitdb>3824</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mygallery">
-    <vulnerability>
-      <title>myGallery &lt;= 1.4b4 - Remote File Inclusion Vulnerability</title>
-      <references>
-        <exploitdb>3814</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sendit">
-    <vulnerability>
-      <title>SendIt &lt;= 1.5.9 - Blind SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17716</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="js-appointment">
-    <vulnerability>
-      <title>Js-appointment &lt;= 1.5 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17724</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mm-forms-community">
-    <vulnerability>
-      <title>MM Forms Community &lt;= 1.2.3 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17725</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>MM Forms Community 2.2.6 - Arbitrary File Upload</title>
-      <references>
-        <exploitdb>18997</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="super-captcha">
-    <vulnerability>
-      <title>Super CAPTCHA &lt;= 2.2.4 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17728</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="collision-testimonials">
-    <vulnerability>
-      <title>Collision Testimonials &lt;= 3.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17729</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="oqey-headers">
-    <vulnerability>
-      <title>Oqey Headers &lt;= 0.3 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17730</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fbpromotions">
-    <vulnerability>
-      <title>Facebook Promotions &lt;= 1.3.3 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17737</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="evarisk">
-    <vulnerability>
-      <title>Evarisk 5.1.5.4 - include/lib/actionsCorrectives/activite/uploadPhotoApres.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>82960</osvdb>
-        <secunia>49521</secunia>
-        <url>http://packetstormsecurity.com/files/113638/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Evarisk &lt;= 5.1.3.6 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17738</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="profiles">
-    <vulnerability>
-      <title>Profiles &lt;= 2.0RC1 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17739</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mystat">
-    <vulnerability>
-      <title>mySTAT &lt;= 2.6 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17740</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sh-slideshow">
-    <vulnerability>
-      <title>SH Slideshow &lt;= 3.1.4 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17748</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="copyright-licensing-tools">
-    <vulnerability>
-      <title>iCopyright(R) Article Tools &lt;= 1.1.4 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17749</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="advertizer">
-    <vulnerability>
-      <title>Advertizer &lt;= 1.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17750</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="event-registration">
-    <vulnerability>
-      <title>Event Registration &lt;= 5.44 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17814</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Event Registration &lt;= 5.43 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17751</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Event Registration 5.32 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>15513</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="crawlrate-tracker">
-    <vulnerability>
-      <title>Craw Rate Tracker &lt;= 2.0.2 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17755</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-audio-gallery-playlist">
-    <vulnerability>
-      <title>wp audio gallery playlist &lt;= 0.12 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17756</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="yolink-search">
-    <vulnerability>
-      <title>yolink Search 2.5 - "s" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <osvdb>89756</osvdb>
-        <secunia>52030</secunia>
-        <url>http://www.securityfocus.com/bid/57665</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>yolink Search &lt;= 1.1.4 - includes/bulkcrawl.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>74832</osvdb>
-        <secunia>45801</secunia>
-        <exploitdb>17757</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="pure-html">
-    <vulnerability>
-      <title>PureHTML &lt;= 1.0.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17758</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="couponer">
-    <vulnerability>
-      <title>Couponer &lt;= 1.2 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17759</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="grapefile">
-    <vulnerability>
-      <title>grapefile &lt;= 1.1 - Arbitrary File Upload</title>
-      <references>
-        <exploitdb>17760</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="image-gallery-with-slideshow">
-    <vulnerability>
-      <title>image-gallery-with-slideshow &lt;= 1.5 - Arbitrary File Upload / SQL Injection</title>
-      <references>
-        <exploitdb>17761</exploitdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg">
-    <vulnerability>
-      <title>Donation &lt;= 1.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17763</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-bannerize">
-    <vulnerability>
-      <title>WP Bannerize &lt;= 2.8.6 - SQL Injection Vulnerability</title>
-      <references>
-        <osvdb>74835</osvdb>
-        <secunia>45811</secunia>
-        <exploitdb>17764</exploitdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.8.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Bannerize &lt;= 2.8.7 - SQL Injection Vulnerability</title>
-      <references>
-        <osvdb>76658</osvdb>
-        <secunia>46236</secunia>
-        <exploitdb>17906</exploitdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.8.8</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="search-autocomplete">
-    <vulnerability>
-      <title>SearchAutocomplete &lt;= 1.0.8 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17767</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="videowhisper-video-presentation">
-    <vulnerability>
-      <title>VideoWhisper Video Presentation &lt;= 1.1 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17771</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/53851</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="facebook-opengraph-meta-plugin">
-    <vulnerability>
-      <title>Facebook Opengraph Meta &lt;= 1.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17773</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="zotpress">
-    <vulnerability>
-      <title>Zotpress &lt;= 4.4 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17778</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="oqey-gallery">
-    <vulnerability>
-      <title>oQey Gallery &lt;= 0.4.8 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17779</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="tweet-old-post">
-    <vulnerability>
-      <title>Tweet Old Post &lt;= 3.2.5 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17789</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="post-highlights">
-    <vulnerability>
-      <title>post highlights &lt;= 2.2 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17790</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="knr-author-list-widget">
-    <vulnerability>
-      <title>KNR Author List Widget &lt;= 2.0.0 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17791</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="scormcloud">
-    <vulnerability>
-      <title>SCORM Cloud &lt;= 1.0.6.6 - SQL Injection Vulnerability</title>
-      <references>
-        <osvdb>77679</osvdb>
-        <exploitdb>17793</exploitdb>
-      </references>
-      <fixed_in>1.0.7</fixed_in>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="eventify">
-    <vulnerability>
-      <title>Eventify - Simple Events &lt;= 1.7.f - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17794</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="paid-downloads">
-    <vulnerability>
-      <title>Paid Downloads &lt;= 2.01 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17797</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="community-events">
-    <vulnerability>
-      <title>Community Events &lt;= 1.2.1 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17798</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="1-flash-gallery">
-    <vulnerability>
-      <title>1-flash-gallery &lt;= 1.9.0 - XSS in ZeroClipboard.swf</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>1 Flash Gallery - Arbiraty File Upload Exploit (MSF)</title>
-      <references>
-        <exploitdb>17801</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-filebase">
-    <vulnerability>
-      <title>WP-Filebase Download Manager 0.3.0.02 - class/Admin.php GetFileHash Function Remote Command Execution</title>
-      <references>
-        <osvdb>105039</osvdb>
-        <secunia>57456</secunia>
-        <url>http://www.securityfocus.com/bid/66341</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>0.3.0.03</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-Filebase 0.2.9.24- Unspecified Vulnerabilities</title>
-      <references>
-        <osvdb>87294</osvdb>
-        <secunia>51269</secunia>
-        <url>http://xforce.iss.net/xforce/xfdb/80034</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>0.2.9.25</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-Filebase Download Manager &lt;= 0.2.9 - wpfb-ajax.php base Parameter SQL Injection</title>
-      <references>
-        <osvdb>75308</osvdb>
-        <secunia>45931</secunia>
-        <exploitdb>17808</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="a-to-z-category-listing">
-    <vulnerability>
-      <title>A to Z Category Listing &lt;= 1.3 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17809</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-e-commerce">
-    <vulnerability>
-      <title>WP e-Commerce 3.8.6 - wpsc-cart_widget.php cart_messages Parameter XSS</title>
-      <references>
-        <osvdb>74295</osvdb>
-        <secunia>45513</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.8.8</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP e-Commerce &lt;= 3.8.6 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17832</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-e-Commerce 3.8.9.5 - Cross Site Scripting Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20517</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-e-Commerce 3.8.9.5 - display-sales-logs.php c Parameter Remote Code Execution</title>
-      <references>
-        <osvdb>102484</osvdb>
-        <url>http://packetstormsecurity.com/files/124921/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-e-Commerce 3.8.9.5 - misc.functions.php image_name Parameter Local File Inclusion</title>
-      <references>
-        <osvdb>102485</osvdb>
-        <url>http://packetstormsecurity.com/files/124921/</url>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-e-Commerce 3.8.9.5 - ajax.php wpsc_action Parameter Remote Code Execution</title>
-      <references>
-        <osvdb>102486</osvdb>
-        <url>http://packetstormsecurity.com/files/124921/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-e-Commerce 3.8.9.5 - save-data.functions.php GIF File Upload</title>
-      <references>
-        <osvdb>102497</osvdb>
-        <url>http://packetstormsecurity.com/files/124921/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="filedownload">
-    <vulnerability>
-      <title>Filedownload 0.1 - (download.php) Remote File Disclosure Vulnerability</title>
-      <references>
-        <exploitdb>17858</exploitdb>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="thecartpress">
-    <vulnerability>
-      <title>TheCartPress &lt;= 1.6 - Cross Site Sripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/108272/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>TheCartPress 1.1.1 - Remote File Inclusion</title>
-      <references>
-        <osvdb>75615</osvdb>
-        <osvdb>75616</osvdb>
-        <osvdb>75617</osvdb>
-        <osvdb>75618</osvdb>
-        <osvdb>75619</osvdb>
-        <exploitdb>17860</exploitdb>
-      </references>
-      <fixed_in>1.1.2</fixed_in>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wpeasystats">
-    <vulnerability>
-      <title>WPEasyStats 1.8 - Remote File Inclusion</title>
-      <references>
-        <exploitdb>17862</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="annonces">
-    <vulnerability>
-      <title>Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>82948</osvdb>
-        <secunia>49488</secunia>
-        <url>http://packetstormsecurity.com/files/113637/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="livesig">
-    <vulnerability>
-      <title>Livesig 0.4 - Remote File Inclusion</title>
-      <references>
-        <exploitdb>17864</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="disclosure-policy-plugin">
-    <vulnerability>
-      <title>Disclosure Policy 1.0 - Remote File Inclusion</title>
-      <references>
-        <exploitdb>17865</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mailz">
-    <vulnerability>
-      <title>Mailing List 1.3.2 - Remote File Inclusion</title>
-      <references>
-        <exploitdb>17866</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Mailing List - Arbitrary file download</title>
-      <references>
-        <exploitdb>18276</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.4.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="g-web-shop">
-    <vulnerability>
-      <title>Zingiri Web Shop 2.2.0 - Remote File Inclusion</title>
-      <references>
-        <exploitdb>17867</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Zingiri Web Shop &lt;= 2.2.3 - Remote Code Execution</title>
-      <references>
-        <exploitdb>18111</exploitdb>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mini-mail-dashboard-widget">
-    <vulnerability>
-      <title>Mini Mail Dashboard Widget 1.36 - wp-mini-mail.php abspath Parameter Remote File Inclusion</title>
-      <references>
-        <osvdb>75402</osvdb>
-        <secunia>45953</secunia>
-        <exploitdb>17868</exploitdb>
-      </references>
-      <type>RFI</type>
-      <fixed_in>1.37</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Mini Mail Dashboard Widget 1.42 - Message Body XSS</title>
-      <references>
-        <osvdb>85135</osvdb>
-        <exploitdb>20358</exploitdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.43</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="relocate-upload">
-    <vulnerability>
-      <title>Relocate Upload 0.14 - Remote File Inclusion</title>
-      <references>
-        <exploitdb>17869</exploitdb>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="category-grid-view-gallery">
-    <vulnerability>
-      <title>Category Grid View Gallery 0.1.1 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Category Grid View Gallery 2.3.1 - CatGridPost.php ID Parameter XSS</title>
-      <references>
-        <osvdb>94805</osvdb>
-        <cve>2013-4117</cve>
-        <secunia>54035</secunia>
-        <url>http://packetstormsecurity.com/files/122259/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.3.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="auto-attachments">
-    <vulnerability>
-      <title>Auto Attachments 0.2.9 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-marketplace">
-    <vulnerability>
-      <title>WP Marketplace 1.1.0 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dp-thumbnail">
-    <vulnerability>
-      <title>DP Thumbnail 1.0 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="vk-gallery">
-    <vulnerability>
-      <title>Vk Gallery 1.1.0 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="rekt-slideshow">
-    <vulnerability>
-      <title>Rekt Slideshow 1.0.5 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cac-featured-content">
-    <vulnerability>
-      <title>CAC Featured Content 0.8 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="rent-a-car">
-    <vulnerability>
-      <title>Rent A Car 1.0 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="lisl-last-image-slider">
-    <vulnerability>
-      <title>LISL Last Image Slider 1.0 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="islidex">
-    <vulnerability>
-      <title>Islidex 2.7 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="kino-gallery">
-    <vulnerability>
-      <title>Kino Gallery 1.0 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cms-pack-cache">
-    <vulnerability>
-      <title>Cms Pack 1.3 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="a-gallery">
-    <vulnerability>
-      <title>A Gallery 0.9 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="category-list-portfolio-page">
-    <vulnerability>
-      <title>Category List Portfolio Page 0.9 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="really-easy-slider">
-    <vulnerability>
-      <title>Really Easy Slider 0.1 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="verve-meta-boxes">
-    <vulnerability>
-      <title>Verve Meta Boxes 1.2.8 - Shell Upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="user-avatar">
-    <vulnerability>
-      <title>User Avatar 1.3.7 - shell upload vulnerability</title>
-      <references>
-        <exploitdb>17872</exploitdb>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="extend-wordpress">
-    <vulnerability>
-      <title>Extend 1.3.7 - Shell Upload vulnerability</title>
-      <references>
-        <osvdb>75638</osvdb>
-        <cve>2011-4106</cve>
-        <exploitdb>17872</exploitdb>
-        <url>http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="adrotate">
-    <vulnerability>
-      <title>AdRotate &lt;= 3.9.4 - clicktracker.php track Parameter SQL Injection</title>
-      <references>
-        <osvdb>103578</osvdb>
-        <cve>2014-1854</cve>
-        <secunia>57079</secunia>
-        <exploitdb>31834</exploitdb>
-        <url>http://packetstormsecurity.com/files/125330/</url>
-       </references>
-      <type>SQLI</type>
-      <fixed_in>3.9.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>AdRotate &lt;= 3.6.6 - SQL Injection Vulnerability</title>
-      <references>
-        <osvdb>77507</osvdb>
-        <cve>2011-4671</cve>
-        <secunia>46814</secunia>
-        <exploitdb>18114</exploitdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.6.8</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>AdRotate &lt;= 3.6.5 - SQL Injection Vulnerability</title>
-      <references>
-        <osvdb>77507</osvdb>
-        <cve>2011-4671</cve>
-        <exploitdb>17888</exploitdb>
-        <url>http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.6.8</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-spamfree">
-    <vulnerability>
-      <title>WP-SpamFree 3.2.1 - Spam SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17970</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="gd-star-rating">
-    <vulnerability>
-      <title>GD Star Rating 1.9.22 - gd-star-rating-stats.php s Parameter SQL Injection</title>
-      <references>
-        <osvdb>105085</osvdb>
-        <url>http://packetstormsecurity.com/files/125932/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Mar/399</url>
-        <url>https://security.dxw.com/advisories/xss-csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>GD Star Rating 1.9.22 - gd-star-rating-stats.php Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>105086</osvdb>
-        <secunia>57667</secunia>
-        <url>http://packetstormsecurity.com/files/125932/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Mar/399</url>
-        <url>https://security.dxw.com/advisories/xss-csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>GD Star Rating 1.9.18 - Export Security Bypass Security Issue</title>
-      <references>
-        <osvdb>105086</osvdb>
-        <secunia>49850</secunia>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>1.9.19</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>GD Star Rating &lt;= 1.9.16 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/112702/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>GD Star Rating &lt;= 1.9.10 - gd-star-rating/export.php de Parameter SQL Injection</title>
-      <references>
-        <osvdb>83466</osvdb>
-        <exploitdb>17973</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>GD Star Rating 1.9.7 - gd-star-rating/widgets/widget_top.php wpfn Parameter XSS</title>
-      <references>
-        <osvdb>71060</osvdb>
-        <secunia>43403</secunia>
-        <url>http://seclists.org/bugtraq/2011/Feb/219</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="contact-form-wordpress">
-    <vulnerability>
-      <title>Contact Form &lt;= 2.7.5 - SQL Injection</title>
-      <references>
-        <exploitdb>17980</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-photo-album-plus">
-    <vulnerability>
-      <title>WP Photo Album Plus &lt;= 4.1.1 - SQL Injection</title>
-      <references>
-        <exploitdb>17983</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Photo Album Plus &lt;= 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS</title>
-      <references>
-        <osvdb>88851</osvdb>
-        <secunia>51669</secunia>
-        <secunia>51679</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Photo Album Plus - Full Path Disclosure</title>
-      <references>
-        <url>http://1337day.com/exploit/20125</url>
-      </references>
-      <type>FPD</type>
-      <fixed_in>4.9.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Photo Album Plus - index.php wppa-tag Parameter XSS</title>
-      <references>
-        <osvdb>89165</osvdb>
-        <secunia>51829</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.9.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Photo Album Plus - "commentid" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <osvdb>93033</osvdb>
-        <cve>2013-3254</cve>
-        <secunia>53105</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.0.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Photo Album Plus - wp-admin/admin.php edit_id Parameter XSS</title>
-      <references>
-        <osvdb>94465</osvdb>
-        <secunia>53915</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.0.11</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="backwpup">
-    <vulnerability>
-      <title>BackWPUp 2.1.4 - Code Execution</title>
-      <references>
-        <exploitdb>17987</exploitdb>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>plugin BackWPup 1.5.2, 1.6.1, 1.7.1 - Remote and Local Code Execution Vulnerability</title>
-      <references>
-        <osvdb>71481</osvdb>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>BackWPup 3.0.12 - wp-admin/admin.php tab Parameter XSS</title>
-      <references>
-        <cve>2013-4626</cve>
-        <url>https://www.htbridge.com/advisory/HTB23161</url>
-        <osvdb>96505</osvdb>
-        <secunia>54515</secunia>
-        <url>http://packetstormsecurity.com/files/122916/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.13</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="portable-phpmyadmin">
-    <vulnerability>
-      <title>portable-phpMyAdmin - Authentication Bypass</title>
-      <references>
-        <osvdb>88391</osvdb>
-        <cve>2012-5469</cve>
-        <exploitdb>23356</exploitdb>
-        <secunia>51520</secunia>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>1.3.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure</title>
-      <references>
-        <osvdb>98766</osvdb>
-        <cve>2013-4454</cve>
-        <url>http://www.securityfocus.com/bid/63249</url>
-        <url>http://seclists.org/oss-sec/2013/q4/138</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass</title>
-      <references>
-        <osvdb>98767</osvdb>
-        <cve>2013-4462</cve>
-        <secunia>55270</secunia>
-        <url>http://seclists.org/oss-sec/2013/q4/138</url>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="super-refer-a-friend">
-    <vulnerability>
-      <title>super-refer-a-friend - Full Path Disclosure</title>
-      <references>
-        <url>http://1337day.com/exploit/20126</url>
-      </references>
-      <type>FPD</type>
-      <fixed_in>1.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="w3-total-cache">
-    <vulnerability>
-      <title>W3 Total Cache - Username and Hash Extract</title>
-      <references>
-        <osvdb>92742</osvdb>
-        <osvdb>92741</osvdb>
-        <cve>2012-6079</cve>
-        <cve>2012-6078</cve>
-        <url>http://seclists.org/fulldisclosure/2012/Dec/242</url>
-        <url>https://github.com/FireFart/W3TotalCacheExploit</url>
-        <metasploit>auxiliary/gather/wp_w3_total_cache_hash_extract</metasploit>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>0.9.2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>W3 Total Cache - Remote Code Execution</title>
-      <references>
-        <url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
-        <url>http://wordpress.org/support/topic/pwn3d</url>
-        <url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
-        <metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
-        <exploitdb>25137</exploitdb>
-        <cve>2013-2010</cve>
-        <osvdb>92652</osvdb>
-        <secunia>53052</secunia>
-      </references>
-      <type>RCE</type>
-      <fixed_in>0.9.2.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-super-cache">
-    <vulnerability>
-      <title>WP-Super-Cache 1.3 - Remote Code Execution</title>
-      <references>
-        <url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
-        <url>http://wordpress.org/support/topic/pwn3d</url>
-        <url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
-      </references>
-      <type>RCE</type>
-      <fixed_in>1.3.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS</title>
-      <references>
-        <osvdb>92832</osvdb>
-        <cve>2013-2008</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS</title>
-      <references>
-        <osvdb>92831</osvdb>
-        <cve>2013-2008</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS</title>
-      <references>
-        <osvdb>92830</osvdb>
-        <cve>2013-2008</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS</title>
-      <references>
-        <osvdb>92829</osvdb>
-        <cve>2013-2008</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS</title>
-      <references>
-        <osvdb>92828</osvdb>
-        <cve>2013-2008</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS</title>
-      <references>
-        <osvdb>92827</osvdb>
-        <cve>2013-2008</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.1</fixed_in>
-    </vulnerability>
-    <!-- Fake vuln,
-    See http://archives.neohapsis.com/archives/bugtraq/2009-07/0175.html
-        http://osvdb.org/56762
-    <vulnerability>
-      <title>WP Super Cache 0.8.3 - wp-cache-phase1.php plugin Parameter Remote File Inclusion</title>
-      <references>
-        <osvdb>56762</osvdb>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    -->
-  </plugin>
-
-  <plugin name="ripe-hd-player">
-    <vulnerability>
-      <title>ripe-hd-player 1.0 - ripe-hd-player/config.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>89437</osvdb>
-        <exploitdb>24229</exploitdb>
-        <url>http://xforce.iss.net/xforce/xfdb/81415</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>ripe-hd-player 1.0 - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>89438</osvdb>
-        <exploitdb>24229</exploitdb>
-        <url>http://www.securityfocus.com/bid/57473</url>
-        <url>http://xforce.iss.net/xforce/xfdb/81414</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="floating-tweets">
-    <vulnerability>
-      <title>floating-tweets - persistent XSS</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119499/</url>
-        <url>http://websecurity.com.ua/6023/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>floating-tweets - directory traversal</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119499/</url>
-        <url>http://websecurity.com.ua/6023/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ipfeuilledechou">
-    <vulnerability>
-      <title>ipfeuilledechou - SQL Injection Vulnerability</title>
-      <references>
-        <url>http://www.exploit4arab.com/exploits/377</url>
-        <url>http://1337day.com/exploit/20206</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-login-log">
-    <vulnerability>
-      <title>Simple Login Log - XSS</title>
-      <references>
-        <secunia>51780</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.9.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Simple Login Log - SQL Injection</title>
-      <references>
-        <secunia>51780</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>0.9.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-slimstat">
-    <vulnerability>
-      <title>WP SlimStat 3.5.5 - Overview URI Stored XSS</title>
-      <references>
-        <osvdb>104428</osvdb>
-        <secunia>57305</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP SlimStat 2.8.4 - wp-content/plugins/wp-slimstat/admin/view/panel1.php s Parameter XSS</title>
-      <references>
-        <osvdb>89052</osvdb>
-        <secunia>51721</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.8.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-slimstat-ex">
-    <vulnerability>
-      <title>SlimStat-Ex - Open Flash Chart Arbitrary File Creation Vulnerability</title>
-      <references>
-        <secunia>55160</secunia>
-        <url>http://packetstormsecurity.com/files/123494/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="browser-rejector">
-    <vulnerability>
-      <title>Browser Rejector - Remote and Local File Inclusion</title>
-      <references>
-        <osvdb>89053</osvdb>
-        <secunia>51739</secunia>
-      </references>
-      <type>LFI</type>
-      <fixed_in>2.11</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-file-uploader">
-    <vulnerability>
-      <title>File Uploader - PHP File Upload Vulnerability</title>
-      <references>
-        <url>http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cardoza-wordpress-poll">
-    <vulnerability>
-      <title>Cardoza WordPress poll 34.05 - Multiple External Function Remote Poll Manipulation</title>
-      <references>
-        <osvdb>89443</osvdb>
-        <cve>2013-1401</cve>
-        <secunia>51925</secunia>
-        <url>http://seclists.org/bugtraq/2013/Jan/86</url>
-        <url>http://packetstormsecurity.com/files/119736/</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>34.06</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cardoza WordPress poll - CWPPoll.js Multiple Method pollid Parameter SQL Injection</title>
-      <references>
-        <osvdb>89444</osvdb>
-        <cve>2013-1400</cve>
-        <url>http://packetstormsecurity.com/files/119736/</url>
-        <url>http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html</url>
-        <url>http://seclists.org/bugtraq/2013/Jan/86</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cardoza WordPress poll - Multiple SQL Injection Vulnerabilities</title>
-      <references>
-        <secunia>50910</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>33.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="devformatter">
-    <vulnerability>
-      <title>Developer Formatter 2013.0.1.40 - devformatter.php Multiple Action CSRF</title>
-      <references>
-        <osvdb>89475</osvdb>
-        <exploitdb>24294</exploitdb>
-        <secunia>51912</secunia>
-        <url>http://packetstormsecurity.com/files/119731/</url>
-        <url>http://seclists.org/bugtraq/2013/Jan/91</url>
-        <url>http://1337day.com/exploit/20210</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2013.0.1.41</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Developer Formatter 2013.0.1.40 - devformatter.php Multiple Field XSS</title>
-      <references>
-        <osvdb>89474</osvdb>
-        <url>http://seclists.org/bugtraq/2013/Jan/91</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2013.0.1.41</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dvs-custom-notification">
-    <vulnerability>
-      <title>DVS Custom Notification - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>89441</osvdb>
-        <cve>2012-4921</cve>
-        <secunia>51531</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.0.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="events-manager">
-    <vulnerability>
-      <title>Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabilities</title>
-      <references>
-        <osvdb>98198</osvdb>
-        <secunia>55182</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Events Manager 5.3.8 - Event Search Form em_search Parameter XSS</title>
-      <references>
-        <osvdb>93556</osvdb>
-        <url>http://www.securityfocus.com/bid/60078</url>
-        <secunia>53478</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.3.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Events Manager 5.3.8 - wp-admin/edit.php author Parameter XSS</title>
-      <references>
-        <osvdb>93557</osvdb>
-        <url>http://www.securityfocus.com/bid/60078</url>
-        <secunia>53478</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.3.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Events Manager 5.3.8 - Event Editing redirect_to Parameter XSS</title>
-      <references>
-        <osvdb>93558</osvdb>
-        <url>http://www.securityfocus.com/bid/60078</url>
-        <secunia>53478</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.3.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Events Manager 5.3.5 - wp-admin/admin-ajax.php dbem_phone Parameter XSS</title>
-      <references>
-        <osvdb>90913</osvdb>
-        <secunia>52475</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.3.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Events Manager 5.3.5 - index.php event_owner_name Parameter XSS</title>
-      <references>
-        <osvdb>90914</osvdb>
-        <secunia>52475</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.3.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Events Manager 5.3.5 - wp-admin/post.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>90915</osvdb>
-        <secunia>52475</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.3.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Events Manager 5.3.3 - templates/forms/bookingform/booking-fields.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>89488</osvdb>
-        <cve>2013-1407</cve>
-        <secunia>51869</secunia>
-        <url>http://packetstormsecurity.com/files/120688/</url>
-        <url>http://www.securityfocus.com/bid/57477</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.3.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Events Manager 5.3.3 - templates/templates/events-search.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>89487</osvdb>
-        <cve>2013-1407</cve>
-        <secunia>51869</secunia>
-        <url>http://packetstormsecurity.com/files/120688/</url>
-        <url>http://www.securityfocus.com/bid/57477</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.3.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Events Manager 5.3.3 - XSS classes/em-bookings-table.php wp_nonce Parameter XSS</title>
-      <references>
-        <osvdb>89486</osvdb>
-        <cve>2013-1407</cve>
-        <secunia>51869</secunia>
-        <url>http://packetstormsecurity.com/files/120688/</url>
-        <url>http://www.securityfocus.com/bid/57477</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.3.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="solvemedia">
-    <vulnerability>
-      <title>SolveMedia 1.1.0 - plugins.php API Key Manipulation CSRF</title>
-      <references>
-        <osvdb>89585</osvdb>
-        <secunia>51927</secunia>
-        <exploitdb>24364</exploitdb>
-        <url>http://1337day.com/exploit/20222</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.1.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>SolveMedia 1.1.0 -  solvemedia.admin.inc Admin Options Page CSRF</title>
-      <references>
-        <osvdb>106320</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="usc-e-shop">
-    <vulnerability>
-      <title>Welcart e-Commerce 1.3.12 - wp-admin/admin-ajax.php Multiple Parameter DOM-Based XSS</title>
-      <references>
-        <osvdb>103956</osvdb>
-        <secunia>57222</secunia>
-        <url>http://packetstormsecurity.com/files/125513/</url>
-        <url>http://www.securityfocus.com/bid/65954</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Welcart e-Commerce 1.3.12 - purchase_limit Parameter DOM-based XSS</title>
-      <references>
-        <osvdb>103955</osvdb>
-        <url>http://packetstormsecurity.com/files/125513/</url>
-        <url>http://www.securityfocus.com/bid/65954</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Welcart e-Commerce 1.3.12 - wp-admin/admin.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>103954</osvdb>
-        <url>http://packetstormsecurity.com/files/125513/</url>
-        <url>http://www.securityfocus.com/bid/65954</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Welcart e-Commerce - wp-admin/admin.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>103954</osvdb>
-        <url>http://packetstormsecurity.com/files/125513/</url>
-        <url>http://www.securityfocus.com/bid/65954</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Welcart e-Commerce - Cross-Site Scripting and Request Forgery Vulnerabilities</title>
-      <references>
-        <secunia>51581</secunia>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="knews">
-    <vulnerability>
-      <title>Knews 1.2.5 - Multilingual Newsletters Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>88427</osvdb>
-        <secunia>51543</secunia>
-        <url>http://www.securityfocus.com/bid/56926</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80661</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.2.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Knews 1.2.5 - Unspecified XSS</title>
-      <references>
-        <osvdb>88426</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Knews 1.1.0 - wysiwyg/fontpicker/index.php ff Parameter XSS</title>
-      <references>
-        <osvdb>83643</osvdb>
-        <secunia>49825</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="video-lead-form">
-    <vulnerability>
-      <title>Video Lead Form - "errMsg" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <cve>2012-6312</cve>
-        <osvdb>88002</osvdb>
-        <secunia>51419</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sagepay-direct-for-woocommerce-payment-gateway">
-    <vulnerability>
-      <title>WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DRedirect.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102882</osvdb>
-        <secunia>56801</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.1.6.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DCallBack.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102746</osvdb>
-        <secunia>56801</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.1.6.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DComplete.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102747</osvdb>
-        <secunia>56801</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.1.6.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="woocommerce-predictive-search">
-    <vulnerability>
-      <title>WooCommerce Predictive Search - index.php rs Parameter XSS</title>
-      <references>
-        <osvdb>87890</osvdb>
-        <secunia>51385</secunia>
-        <url>http://www.securityfocus.com/bid/56703</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="woocommerce">
-    <vulnerability>
-      <title>WooCommerce 2.0.17 - hide-wc-extensions-message Parameter Reflected XSS</title>
-      <references>
-        <osvdb>98754</osvdb>
-        <url>http://packetstormsecurity.com/files/123684/</url>
-        <url>http://www.securityfocus.com/bid/63228</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.17</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS</title>
-      <references>
-        <osvdb>95480</osvdb>
-        <secunia>53930</secunia>
-        <url>http://packetstormsecurity.com/files/122465/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.13</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-e-commerce-predictive-search">
-    <vulnerability>
-      <title>WP e-Commerce Predictive Search - "rs" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>51384</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-tiger">
-    <vulnerability>
-      <title>vTiger - CRM Lead Capture Unspecified Vulnerability</title>
-      <references>
-        <secunia>51305</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.1.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-postviews">
-    <vulnerability>
-      <title>WP-PostViews - "search_input" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>50982</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-PostViews 1.62 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>93096</osvdb>
-        <cve>2013-3252</cve>
-        <secunia>53127</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.63</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dx-contribute">
-    <vulnerability>
-      <title>DX-Contribute - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <secunia>51082</secunia>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wysija-newsletters">
-    <vulnerability>
-      <title>MailPoet (Wysija Newsletters) - Remote File Upload</title>
-      <references>
-        <cve>2014-4725</cve>
-        <url>http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html</url>
-        <url>http://www.openwall.com/lists/oss-security/2014/07/02/1</url>
-        <metasploit>exploit/unix/webapp/wp_wysija_newsletters_upload</metasploit>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>2.6.8</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Wysija Newsletters 2.2 - SQL Injection Vulnerability</title>
-      <references>
-        <osvdb>89924</osvdb>
-        <cve>2013-1408</cve>
-        <url>https://www.htbridge.com/advisory/HTB23140</url>
-        <url>http://packetstormsecurity.com/files/120089/</url>
-        <url>http://seclists.org/bugtraq/2013/Feb/29</url>
-        <url>http://cxsecurity.com/issue/WLB-2013020039</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.2.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Wysija Newsletters - swfupload Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>51249</secunia>
-        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.1.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="hitasoft_player">
-    <vulnerability>
-      <title>Hitasoft FLV Player - "id" SQL Injection Vulnerability</title>
-      <references>
-        <secunia>51179</secunia>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="spider-calendar">
-    <vulnerability>
-      <title>Spider Calendar 1.3.0 - Multiple Vulnerabilities</title>
-      <references>
-        <osvdb>93584</osvdb>
-        <exploitdb>25723</exploitdb>
-        <secunia>53481</secunia>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Calendar 1.1.0 - "many_sp_calendar" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <osvdb>86604</osvdb>
-        <secunia>50981</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.1.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Calendar 1.0.1 - front_end/spidercalendarbig.php date Parameter XSS</title>
-      <references>
-        <osvdb>85897</osvdb>
-        <secunia>50812</secunia>
-        <exploitdb>21715</exploitdb>
-        <url>http://packetstormsecurity.org/files/117078/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.1.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Calendar 1.0.1 - spidercalendarbig_seemore.php calendar_id Parameter SQL Injection</title>
-      <references>
-        <osvdb>85898</osvdb>
-        <secunia>50812</secunia>
-        <exploitdb>21715</exploitdb>
-        <url>http://packetstormsecurity.org/files/117078/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.1.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dynamic-font-replacement-4wp">
-    <vulnerability>
-      <title>Dynamic Font Replacement 1.3 - SQL Injection Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20239</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="form">
-    <vulnerability>
-      <title>Zingiri Form Builder - "error" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>50983</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="white-label-cms">
-    <vulnerability>
-      <title>White Label CMS - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <secunia>50487</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.5.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="download-shortcode">
-    <vulnerability>
-      <title>Download Shortcode - "file" Arbitrary File Disclosure Vulnerability</title>
-      <references>
-        <secunia>50924</secunia>
-      </references>
-      <type>LFI</type>
-      <fixed_in>0.2.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="eshop-magic">
-    <vulnerability>
-      <title>eShop Magic 0.1 - eshop-magic/download.php file Parameter Traversal Arbitrary File Access</title>
-      <references>
-        <osvdb>86155</osvdb>
-        <secunia>50933</secunia>
-        <url>http://xforce.iss.net/xforce/xfdb/79222</url>
-      </references>
-      <type>LFI</type>
-      <fixed_in>0.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="pinterest-pin-it-button">
-    <vulnerability>
-      <title>Pinterest "Pin It" Button Lite 1.3.1 - Multiple Unspecified Vulnerabilities</title>
-      <references>
-        <osvdb>85956</osvdb>
-        <secunia>50868</secunia>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>1.4.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="css-plus">
-    <vulnerability>
-      <title>CSS Plus 1.3.1 - Unspecified Vulnerabilities</title>
-      <references>
-        <osvdb>85875</osvdb>
-        <secunia>50793</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.3.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="multisite-plugin-manager">
-    <vulnerability>
-      <title>Multisite plugin Manager 3.1.1 - Two Cross-Site Scripting Vulnerabilities</title>
-      <references>
-        <osvdb>85818</osvdb>
-        <secunia>50762</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.1.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="abc-test">
-    <vulnerability>
-      <title>ABC Test - "id" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <url>http://scott-herbert.com/?p=142</url>
-        <osvdb>85773</osvdb>
-        <secunia>50608</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="token-manager">
-    <vulnerability>
-      <title>Token Manager 1.0.2 - "tid" Cross-Site Scripting Vulnerabilities</title>
-      <references>
-        <osvdb>85738</osvdb>
-        <secunia>50722</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sexy-add-template">
-    <vulnerability>
-      <title>Sexy Add Template 1.0 - PHP Code Execution CSRF</title>
-      <references>
-        <osvdb>85730</osvdb>
-        <secunia>50709</secunia>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="notices">
-    <vulnerability>
-      <title>Notices Ticker 5.0 - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>85729</osvdb>
-        <secunia>50717</secunia>
-        <url>http://packetstormsecurity.org/files/116774/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mf-gig-calendar">
-    <vulnerability>
-      <title>MF Gig Calendar 0.9.4.1 - URL Cross-Site Scripting Vulnerability</title>
-      <references>
-        <osvdb>85682</osvdb>
-        <cve>2012-4242</cve>
-        <secunia>50571</secunia>
-        <url>http://packetstormsecurity.org/files/116713/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-topbar">
-    <vulnerability>
-      <title>WP-TopBar 4.02 - wp-topbar.php wptbbartext Parameter XSS</title>
-      <references>
-        <osvdb>85659</osvdb>
-        <secunia>50693</secunia>
-        <exploitdb>21393</exploitdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.03</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-TopBar 4.02 - TopBar Message Manipulation CSRF</title>
-      <references>
-        <osvdb>85660</osvdb>
-        <secunia>50693</secunia>
-        <exploitdb>21393</exploitdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>4.03</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-topbar &lt;= 3.04 - XSS in ZeroClipboard.swf</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="webplayer">
-    <vulnerability>
-      <title>HD Webplayer - Two SQL Injection Vulnerabilities</title>
-      <references>
-        <osvdb>87832</osvdb>
-        <secunia>50466</secunia>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cloudsafe365-for-wp">
-    <vulnerability>
-      <title>Cloudsafe365 - Multiple Vulnerabilities</title>
-      <references>
-        <secunia>50392</secunia>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>1.47</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="vitamin">
-    <vulnerability>
-      <title>Vitamin 1.0 - add_headers.php path Parameter Traversal Arbitrary File Access</title>
-      <references>
-        <cve>2012-6651</cve>
-        <osvdb>84463</osvdb>
-        <secunia>50176</secunia>
-      </references>
-      <type>LFI</type>
-      <fixed_in>1.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access</title>
-      <references>
-        <cve>2012-6651</cve>
-        <osvdb>84464</osvdb>
-        <secunia>50176</secunia>
-      </references>
-      <type>LFI</type>
-      <fixed_in>1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="featured-post-with-thumbnail">
-    <vulnerability>
-      <title>Featured Post with thumbnail 1.4 - Unspecified timthumb Vulnerability</title>
-      <references>
-        <osvdb>84460</osvdb>
-        <secunia>50161</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-effective-lead-management">
-    <vulnerability>
-      <title>WP Lead Management 3.0.0 - Script Insertion Vulnerabilities</title>
-      <references>
-        <osvdb>84462</osvdb>
-        <exploitdb>20270</exploitdb>
-        <secunia>50166</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="xve-various-embed">
-    <vulnerability>
-      <title>XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities</title>
-      <references>
-        <secunia>50173</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="g-lock-double-opt-in-manager">
-    <vulnerability>
-      <title>G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities</title>
-      <references>
-        <osvdb>84434</osvdb>
-        <secunia>50100</secunia>
-        <url>http://packetstormsecurity.org/files/115173/</url>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="kau-boys-backend-localization">
-    <vulnerability>
-      <title>Backend Localization 1.6.1 - options-general.php kau-boys_backend_localization_language Parameter XSS</title>
-      <references>
-        <osvdb>84418</osvdb>
-        <secunia>50099</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Backend Localization 1.6.1 - wp-login.php kau-boys_backend_localization_language Parameter XSS</title>
-      <references>
-        <osvdb>84419</osvdb>
-        <secunia>50099</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="flexi-quote-rotator">
-    <vulnerability>
-      <title>Flexi Quote Rotator - Cross-Site Request Forgery and SQL Injection Vulnerabilities</title>
-      <references>
-        <secunia>49910</secunia>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>0.9.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="gotmls">
-    <vulnerability>
-      <title>Get Off Malicious Scripts - Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>50030</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2.07.20</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cimy-user-extra-fields">
-    <vulnerability>
-      <title>Cimy User Extra Fields - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <secunia>49975</secunia>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>2.3.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="nmedia-user-file-uploader">
-    <vulnerability>
-      <title>Nmedia Users File Uploader - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <secunia>49996</secunia>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-explorer-gallery">
-    <vulnerability>
-      <title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20251</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="accordion">
-    <vulnerability>
-      <title>accordion - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20254</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-catpro">
-    <vulnerability>
-      <title>wp-catpro - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20256</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="RLSWordPressSearch">
-    <vulnerability>
-      <title>RLSWordPressSearch - register.php agentid Parameter SQL Injection</title>
-      <references>
-        <osvdb>89824</osvdb>
-        <url>http://packetstormsecurity.com/files/119938/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordpress-simple-shout-box">
-    <vulnerability>
-      <title>wordpress-simple-shout-box - SQL Injection</title>
-      <references>
-        <url>http://cxsecurity.com/issue/WLB-2013010235</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="portfolio-slideshow-pro">
-    <vulnerability>
-      <title>portfolio-slideshow-pro v3 - SQL Injection</title>
-      <references>
-        <url>http://cxsecurity.com/issue/WLB-2013010236</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-history">
-    <vulnerability>
-      <title>Simple History - RSS Feed "rss_secret" Disclosure Weakness</title>
-      <references>
-        <osvdb>89640</osvdb>
-        <secunia>51998</secunia>
-        <url>http://www.securityfocus.com/bid/57628</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.0.8</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="p1m-media-manager">
-    <vulnerability>
-      <title>p1m media manager - SQL Injection Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20270</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-table-reloaded">
-    <vulnerability>
-      <title>wp-table-reloaded &lt;= 1.9.3 - zeroclipboard.swf id Parameter XSS</title>
-      <references>
-        <osvdb>89754</osvdb>
-        <cve>2013-1463</cve>
-        <secunia>52027</secunia>
-        <url>http://packetstormsecurity.com/files/119968/</url>
-        <url>http://seclists.org/bugtraq/2013/Feb/28</url>
-        <url>http://www.securityfocus.com/bid/57664</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordpress-gallery">
-    <vulnerability>
-      <title>Gallery - "load" Remote File Inclusion Vulnerability</title>
-      <references>
-        <osvdb>89753</osvdb>
-        <cve>2012-4919</cve>
-        <secunia>51347</secunia>
-        <url>http://www.securityfocus.com/bid/57650</url>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="forumconverter">
-    <vulnerability>
-      <title>ForumConverter - SQL Injection Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20275</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="newsletter">
-    <vulnerability>
-      <title>Newsletter - SQL Injection Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20287</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.0.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Newsletter 3.2.6 - "alert" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <osvdb>93421</osvdb>
-        <secunia>53398</secunia>
-        <url>http://packetstormsecurity.com/files/121634/</url>
-        <url>http://www.securityfocus.com/bid/59856</url>
-        <url>http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.2.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="commentluv">
-    <vulnerability>
-      <title>CommentLuv 2.92.3 - Cross Site Scripting Vulnerability</title>
-      <references>
-        <osvdb>89925</osvdb>
-        <cve>2013-1409</cve>
-        <url>https://www.htbridge.com/advisory/HTB23138</url>
-        <url>http://packetstormsecurity.com/files/120090/</url>
-        <url>http://seclists.org/bugtraq/2013/Feb/30</url>
-        <url>http://cxsecurity.com/issue/WLB-2013020040</url>
-        <secunia>52092</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.92.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-forum">
-    <vulnerability>
-      <title>wp-forum - SQL Injection</title>
-      <references>
-        <url>http://cxsecurity.com/issue/WLB-2013020035</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-ecommerce-shop-styling">
-    <vulnerability>
-      <title>WP ecommerce Shop Styling 1.7.2 - generate-pdf.php dompdf Parameter Remote File Inclusion</title>
-      <references>
-        <osvdb>89921</osvdb>
-        <cve>2013-0724</cve>
-        <secunia>51707</secunia>
-      </references>
-      <type>RFI</type>
-      <fixed_in>1.8</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="audio-player">
-    <vulnerability>
-      <title>Audio Player - player.swf playerID Parameter XSS</title>
-      <references>
-        <osvdb>89963</osvdb>
-        <cve>2013-1464</cve>
-        <url>http://packetstormsecurity.com/files/120129/</url>
-        <url>http://seclists.org/bugtraq/2013/Feb/35</url>
-        <secunia>52083</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.4.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ckeditor-for-wordpress">
-    <vulnerability>
-      <title>CKEditor 4.0 - Arbitrary File Upload Exploit</title>
-      <references>
-        <url>http://1337day.com/exploit/20318</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="myftp-ftp-like-plugin-for-wordpress">
-    <vulnerability>
-      <title>myftp-ftp-like-plugin-for-wordpress v2 - SQL Injection</title>
-      <references>
-        <url>http://cxsecurity.com/issue/WLB-2013020061</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="password-protected">
-    <vulnerability>
-      <title>Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect</title>
-      <references>
-        <osvdb>90559</osvdb>
-      </references>
-      <type>REDIRECT</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="contact-form-plugin">
-    <vulnerability>
-      <title>Contact Form 3.34 - contact_form.php cntctfrm_contact_message Parameter XSS</title>
-      <references>
-        <osvdb>90502</osvdb>
-        <secunia>52179</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.35</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Contact Form 3.36 - contact_form.php cntctfrm_contact_email Parameter XSS</title>
-      <references>
-        <osvdb>90503</osvdb>
-        <secunia>52250</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="smart-flv">
-    <vulnerability>
-      <title>smart-flv - jwplayer.swf XSS</title>
-      <references>
-        <osvdb>90606</osvdb>
-        <cve>2013-1765</cve>
-        <url>http://www.openwall.com/lists/oss-security/2013/02/24/7</url>
-        <url>http://packetstormsecurity.com/files/115100/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="GoogleAlertandtwitterplugin">
-    <vulnerability>
-      <title>Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection</title>
-      <references>
-        <url>http://1337day.com/exploit/20433</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="php-shell">
-    <vulnerability>
-      <title>PHP Shell Plugin</title>
-      <references>
-        <url>https://github.com/wpscanteam/wpscan/issues/138</url>
-        <url>http://plugins.svn.wordpress.org/php-shell/trunk/shell.php</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="marekkis-watermark">
-    <vulnerability>
-      <title>Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS</title>
-      <references>
-        <osvdb>90362</osvdb>
-        <cve>2013-1758</cve>
-        <secunia>52227</secunia>
-        <url>http://packetstormsecurity.com/files/120378/</url>
-        <url>http://seclists.org/bugtraq/2013/Feb/83</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="responsive-logo-slideshow">
-    <vulnerability>
-      <title>Responsive Logo Slideshow - URL and Image Field XSS</title>
-      <references>
-        <osvdb>90406</osvdb>
-        <cve>2013-1759</cve>
-        <url>http://packetstormsecurity.com/files/120379/</url>
-        <url>http://seclists.org/bugtraq/2013/Feb/84</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="zopim-live-chat">
-    <vulnerability>
-      <title>zopim-live-chat &lt;= 1.2.5 - XSS in ZeroClipboard</title>
-      <references>
-        <osvdb>90374</osvdb>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ed2k-link-selector">
-    <vulnerability>
-      <title>ed2k-link-selector &lt;= 1.1.7 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wppygments">
-    <vulnerability>
-      <title>wppygments &lt;= 0.3.2 - XSS in ZeroClipboard</title>
-      <references>
-        <osvdb>90374</osvdb>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="copy-in-clipboard">
-    <vulnerability>
-      <title>copy-in-clipboard &lt;= 0.8 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="search-and-share">
-    <vulnerability>
-      <title>search-and-share 0.9.3 - SearchAndShare.php Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>93260</osvdb>
-        <url>http://packetstormsecurity.com/files/121595/</url>
-        <url>http://seclists.org/fulldisclosure/2013/May/49</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>search-and-share &lt;= 0.9.3 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="placester">
-    <vulnerability>
-      <title>placester &lt;= 0.3.12 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="drp-coupon">
-    <vulnerability>
-      <title>drp-coupon &lt;= 2.1 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="coupon-code-plugin">
-    <vulnerability>
-      <title>coupon-code-plugin &lt;= 2.1 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="q2w3-inc-manager">
-    <vulnerability>
-      <title>q2w3-inc-manager &lt;= 2.3.1 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="scorerender">
-    <vulnerability>
-      <title>scorerender &lt;= 0.3.4 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-link-to-us">
-    <vulnerability>
-      <title>wp-link-to-us &lt;= 2.0 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="buckets">
-    <vulnerability>
-      <title>buckets &lt;= 0.1.9.2 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="java-trackback">
-    <vulnerability>
-      <title>java-trackback &lt;= 0.2 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="slidedeck2">
-    <vulnerability>
-      <title>slidedeck2 2.3.3 - Unspecified File Inclusion</title>
-      <references>
-        <osvdb>105132</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.3.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>slidedeck2 &lt;= 2.1.20130228 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-clone-by-wp-academy">
-    <vulnerability>
-      <title>wp-clone-by-wp-academy &lt;= 2.1.1 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="tiny-url">
-    <vulnerability>
-      <title>tiny-url &lt;= 1.3.2 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="thethe-layout-grid">
-    <vulnerability>
-      <title>thethe-layout-grid &lt;= 1.0.0 - XSS in ZeroClipboard.</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="paypal-digital-goods-monetization-powered-by-cleeng">
-    <vulnerability>
-      <title>paypal-digital-goods-monetization-powered-by-cleeng &lt;= 2.2.13 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mobileview">
-    <vulnerability>
-      <title>mobileview &lt;= 1.0.7 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="jaspreetchahals-coupons-lite">
-    <vulnerability>
-      <title>jaspreetchahals-coupons-lite &lt;= 2.1 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="geshi-source-colorer">
-    <vulnerability>
-      <title>geshi-source-colorer &lt;= 0.13 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="click-to-copy-grab-box">
-    <vulnerability>
-      <title>click-to-copy-grab-box &lt;= 0.1.1 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cleeng">
-    <vulnerability>
-      <title>cleeng &lt;= 2.3.2 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bp-code-snippets">
-    <vulnerability>
-      <title>bp-code-snippets &lt;= 2.0 - XSS in ZeroClipboard</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
-        <url>http://1337day.com/exploit/20396</url>
-        <cve>2013-1808</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="snazzy-archives">
-    <vulnerability>
-      <title>snazzy-archives &lt;= 1.7.1 - swf/tagcloud.swf tagcloud Parameter XSS</title>
-      <references>
-        <osvdb>91127</osvdb>
-        <cve>2009-4168</cve>
-        <secunia>52527</secunia>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/10/3</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.7.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="vkontakte-api">
-    <vulnerability>
-      <title>vkontakte-api - vkontakte-api/swf/tagcloud.swf tagcloud Parameter XSS</title>
-      <references>
-        <osvdb>91128</osvdb>
-        <cve>2009-4168</cve>
-        <secunia>52539</secunia>
-        <url>http://seclists.org/oss-sec/2013/q1/616</url>
-        <url>http://www.openwall.com/lists/oss-security/2013/03/11/1</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="terillion-reviews">
-    <vulnerability>
-      <title>Terillion Reviews &lt; 1.2 - Profile Id Field XSS</title>
-      <references>
-        <osvdb>91123</osvdb>
-        <cve>2013-2501</cve>
-        <url>http://packetstormsecurity.com/files/120730/</url>
-        <url>http://www.securityfocus.com/bid/58415</url>
-        <url>http://xforce.iss.net/xforce/xfdb/82727</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="o2s-gallery">
-    <vulnerability>
-      <title>o2s-gallery - Cross Site Scripting Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20516</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bp-gallery">
-    <vulnerability>
-      <title>bp-gallery 1.2.5 - Cross Site Scripting Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20518</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simply-poll">
-    <vulnerability>
-      <title>Simply Poll 1.4.1 - wp-admin/admin.php question Parameter XSS</title>
-      <references>
-        <osvdb>91446</osvdb>
-        <exploitdb>24850</exploitdb>
-        <url>http://packetstormsecurity.com/files/120833/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Simply Poll 1.4.1 - wp-admin/admin.php Poll Manipulation CSRF</title>
-      <references>
-        <osvdb>91447</osvdb>
-        <secunia>52681</secunia>
-        <exploitdb>24850</exploitdb>
-        <url>http://packetstormsecurity.com/files/120833/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="occasions">
-    <vulnerability>
-      <title>Occasions 1.0.4 - Manipulation CSRF</title>
-      <references>
-        <osvdb>91489</osvdb>
-        <exploitdb>24858</exploitdb>
-        <secunia>52651</secunia>
-        <url>http://packetstormsecurity.com/files/120871/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Occasions 1.0.4 - occasions/occasions.php occ_content1 Parameter XSS</title>
-      <references>
-        <osvdb>91490</osvdb>
-        <exploitdb>24858</exploitdb>
-        <url>http://packetstormsecurity.com/files/120871/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mathjax-latex">
-    <vulnerability>
-      <title>Mathjax Latex 1.1 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>91737</osvdb>
-        <exploitdb>24889</exploitdb>
-        <url>http://packetstormsecurity.com/files/120931/</url>
-        <url>http://1337day.com/exploit/20566</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-banners-lite">
-    <vulnerability>
-      <title>WP-Banners-Lite 1.4.0 - XSS vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/120928/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
-        <url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="backupbuddy">
-    <vulnerability>
-      <title>Backupbuddy - importbuddy.php Direct Request Remote Backup File Disclosure</title>
-      <references>
-        <osvdb>91631</osvdb>
-        <cve>2013-2741</cve>
-        <url>http://packetstormsecurity.com/files/120923/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Mar/206</url>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Backupbuddy - importbuddy.php step Parameter Manipulation Authentication Bypass</title>
-      <references>
-        <osvdb>91890</osvdb>
-        <cve>2013-2743</cve>
-        <url>http://packetstormsecurity.com/files/120923/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Mar/206</url>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure</title>
-      <references>
-        <osvdb>91891</osvdb>
-        <cve>2013-2744</cve>
-        <url>http://packetstormsecurity.com/files/120923/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Mar/206</url>
-        <url>http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Backupbuddy - importbuddy.php Restore Operation Persistence Weakness</title>
-      <references>
-        <osvdb>91892</osvdb>
-        <cve>2013-2742</cve>
-        <url>http://packetstormsecurity.com/files/120923/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Mar/206</url>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-funeral-press">
-    <vulnerability>
-      <title>FuneralPress 1.1.6 - Persistent XSS</title>
-      <references>
-        <exploitdb>24914</exploitdb>
-        <cve>2013-3529</cve>
-        <osvdb>91868</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Mar/282</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="chikuncount">
-    <vulnerability>
-      <title>chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
-      <references>
-        <exploitdb>24492</exploitdb>
-        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="open-flash-chart-core-wordpress-plugin">
-    <vulnerability>
-      <title>open-flash-chart-core - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
-      <references>
-        <exploitdb>24492</exploitdb>
-        <secunia>37903</secunia>
-        <cve>2009-4140</cve>
-        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>0.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="spamtask">
-    <vulnerability>
-      <title>spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
-      <references>
-        <exploitdb>24492</exploitdb>
-        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="php-analytics">
-    <vulnerability>
-      <title>php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
-      <references>
-        <exploitdb>24492</exploitdb>
-        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="seo-spy-google-wordpress-plugin">
-    <vulnerability>
-      <title>seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
-      <references>
-        <exploitdb>24492</exploitdb>
-        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-seo-spy-google">
-    <vulnerability>
-      <title>wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
-      <references>
-        <exploitdb>24492</exploitdb>
-        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="podpress">
-    <vulnerability>
-      <title>podPress 8.8.10.13 - players/1pixelout/1pixelout_player.swf playerID Parameter XSS</title>
-      <references>
-        <osvdb>91129</osvdb>
-        <cve>2013-2714</cve>
-        <secunia>52544</secunia>
-        <url>http://packetstormsecurity.com/files/121011/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>8.8.10.17</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fbsurveypro">
-    <vulnerability>
-      <title>fbsurveypro - XSS Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20623</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="timelineoptinpro">
-    <vulnerability>
-      <title>timelineoptinpro - XSS Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20620</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="kioskprox">
-    <vulnerability>
-      <title>kioskprox - XSS Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20624</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bigcontact">
-    <vulnerability>
-      <title>bigcontact - SQLI</title>
-      <references>
-        <url>http://plugins.trac.wordpress.org/changeset/689798</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.4.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="drawblog">
-    <vulnerability>
-      <title>drawblog - CSRF</title>
-      <references>
-        <url>http://plugins.trac.wordpress.org/changeset/691178</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>0.81</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="social-media-widget">
-    <vulnerability>
-      <title>Social Media Widget - malicious code</title>
-      <references>
-        <url>https://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839@social-media-widget/trunk&amp;new=693941@social-media-widget/trunk</url>
-        <url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>4.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection</title>
-      <references>
-        <osvdb>92312</osvdb>
-        <cve>2013-1949</cve>
-        <secunia>53020</secunia>
-        <url>http://seclists.org/oss-sec/2013/q2/10</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>4.0.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="facebook-members">
-    <vulnerability>
-      <title>facebook-members 5.0.4 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>92642</osvdb>
-        <secunia>52962</secunia>
-        <cve>2013-2703</cve>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>5.0.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="foursquare-checkins">
-    <vulnerability>
-      <title>foursquare-checkins - CSRF</title>
-      <references>
-        <osvdb>92641</osvdb>
-        <cve>2013-2709</cve>
-        <secunia>53151</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="formidable">
-    <vulnerability>
-      <title>Formidable Forms 1.06.03 - ofc_upload_image.php Shell Upload Remote Code Execution</title>
-      <references>
-        <osvdb>106985</osvdb>
-        <url>http://www.securityfocus.com/bid/67390</url>
-        <url>http://packetstormsecurity.com/files/126583/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>formidable Pro - Unspecified Vulnerabilities</title>
-      <references>
-        <secunia>53121</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.06.09</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="all-in-one-webmaster">
-    <vulnerability>
-      <title>All in one webmaster 8.2.3 - Script Insertion CSRF</title>
-      <references>
-        <osvdb>92640</osvdb>
-        <secunia>52877</secunia>
-        <cve>2013-2696</cve>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>8.2.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="background-music">
-    <vulnerability>
-      <title>background-music 1.0 - jPlayer.swf XSS</title>
-      <references>
-        <secunia>53057</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="haiku-minimalist-audio-player">
-    <vulnerability>
-      <title>haiku-minimalist-audio-player &lt;= 1.1.0 - jPlayer.swf XSS</title>
-      <references>
-        <secunia>51336</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.1.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="jammer">
-    <vulnerability>
-      <title>jammer &lt;= 0.2 - jPlayer.swf XSS</title>
-      <references>
-        <osvdb>92254</osvdb>
-        <secunia>53106</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="syntaxhighlighter">
-    <vulnerability>
-      <title>SyntaxHighlighter Evolved 3.1.9 - Unspecified XSS</title>
-      <references>
-        <osvdb>106587</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.1.10</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>SyntaxHighlighter Evolved 3.1.5 - clipboard.swf Unspecified XSS</title>
-      <references>
-        <osvdb>92848</osvdb>
-        <secunia>53235</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.1.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="top-10">
-    <vulnerability>
-      <title>top-10 1.9.2 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>92849</osvdb>
-        <secunia>53205</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.9.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="easy-adsense-lite">
-    <vulnerability>
-      <title>Easy AdSense Lite 6.06 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>92910</osvdb>
-        <cve>2013-2702</cve>
-        <secunia>52953</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>6.10</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="uk-cookie">
-    <vulnerability>
-      <title>uk-cookie - XSS</title>
-      <references>
-        <osvdb>87561</osvdb>
-        <url>http://seclists.org/bugtraq/2012/Nov/50</url>
-        <cve>2012-5856</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>uk-cookie - CSRF</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/06/06/10</url>
-        <osvdb>94032</osvdb>
-        <cve>2013-2180</cve>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-cleanfix">
-    <vulnerability>
-      <title>wp-cleanfix - Remote Command Execution, CSRF and XSS</title>
-      <references>
-        <url>https://github.com/wpscanteam/wpscan/issues/186</url>
-        <url>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</url>
-        <osvdb>93450</osvdb>
-        <secunia>53395</secunia>
-        <osvdb>93468</osvdb>
-        <cve>2013-2108</cve>
-        <cve>2013-2109</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mail-on-update">
-    <vulnerability>
-      <title>Mail On Update 5.1.0 - Email Option Manipulation CSRF</title>
-      <references>
-        <osvdb>93452</osvdb>
-        <secunia>53449</secunia>
-        <url>http://www.openwall.com/lists/oss-security/2013/05/16/8</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>5.2.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="advanced-xml-reader">
-    <vulnerability>
-      <title>Advanced XML Reader 0.3.4 - XML External Entity (XXE) Injection</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/121492/</url>
-      </references>
-      <type>XXE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Advanced XML Reader 0.1.1 - XML External Entity (XXE) Data Parsing Arbitrary File Disclosure</title>
-      <references>
-        <osvdb>92904</osvdb>
-        <url>http://seclists.org/bugtraq/2013/May/5</url>
-      </references>
-      <type>XXE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="related-posts-by-zemanta">
-    <vulnerability>
-      <title>Related Posts by Zemanta 1.3.1 - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>93364</osvdb>
-        <cve>2013-3477</cve>
-        <secunia>53321</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.3.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordpress-23-related-posts-plugin">
-    <vulnerability>
-      <title>WordPress Related Posts 2.6.1 - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>93362</osvdb>
-        <cve>2013-3476</cve>
-        <secunia>53279</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.7.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="related-posts">
-    <vulnerability>
-      <title>Related Posts 2.7.1 - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>93363</osvdb>
-        <cve>2013-3257</cve>
-        <secunia>53122</secunia>
-        <url>http://www.securityfocus.com/bid/59836</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.7.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-print-friendly">
-    <vulnerability>
-      <title>WP Print Friendly 3.3.7 - wp-admin/options.php printfriendly_option custom_image Parameter XSS</title>
-      <references>
-        <osvdb>103874</osvdb>
-        <url>http://packetstormsecurity.com/files/125420/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.5.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Print Friendly &lt;= 0.5.2 - Security Bypass Vulnerability</title>
-      <references>
-        <osvdb>93243</osvdb>
-        <secunia>53371</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>0.5.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="contextual-related-posts">
-    <vulnerability>
-      <title>Contextual Related Posts 1.8.10.1 - contextual-related-posts.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>104655</osvdb>
-        <cve>2014-3937</cve>
-        <url>http://www.securityfocus.com/bid/67853</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.8.10.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Contextual Related Posts 1.8.6 - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>93088</osvdb>
-        <cve>2013-2710</cve>
-        <secunia>52960</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.8.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="calendar">
-    <vulnerability>
-      <title>Calendar 1.3.2 - Entry Addition CSRF</title>
-      <references>
-        <osvdb>93025</osvdb>
-        <cve>2013-2698</cve>
-        <secunia>52841</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.3.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="feedweb">
-    <vulnerability>
-      <title>Feedweb 2.4 - feedweb_settings.php _wp_http_referer Parameter DOM-based XSS</title>
-      <references>
-        <osvdb>103788</osvdb>
-        <secunia>57108</secunia>
-        <url>http://www.securityfocus.com/bid/65800</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Feedweb 1.8.8 - widget_remove.php wp_post_id Parameter XSS</title>
-      <references>
-        <osvdb>91951</osvdb>
-        <cve>2013-3720</cve>
-        <secunia>52855</secunia>
-        <url>http://www.securityfocus.com/bid/58771</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-print">
-    <vulnerability>
-      <title>WP-Print 2.51 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>92053</osvdb>
-        <cve>2013-2693</cve>
-        <secunia>52878</secunia>
-        <url>http://www.securityfocus.com/bid/58900</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.52</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="trafficanalyzer">
-    <vulnerability>
-      <title>Traffic Analyzer 3.3.2 - js/ta_loaded.js.php aoid Parameter XSS</title>
-      <references>
-        <osvdb>92197</osvdb>
-        <cve>2013-3526</cve>
-        <secunia>52929</secunia>
-        <url>http://packetstormsecurity.com/files/121167/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-download-manager">
-    <vulnerability>
-      <title>WP-DownloadManager 1.60 - Script Insertion CSRF</title>
-      <references>
-        <osvdb>92119</osvdb>
-        <cve>2013-2697</cve>
-        <secunia>52863</secunia>
-        <url>http://www.securityfocus.com/bid/58937</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.61</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="digg-digg">
-    <vulnerability>
-      <title>Digg Digg 5.3.4 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>93544</osvdb>
-        <cve>2013-3258</cve>
-        <secunia>53120</secunia>
-        <url>http://www.securityfocus.com/bid/60046</url>
-        <url>http://xforce.iss.net/xforce/xfdb/84418</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>5.3.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ssquiz">
-    <vulnerability>
-      <title>SS Quiz - Multiple Unspecified Vulnerabilities</title>
-      <references>
-        <osvdb>93531</osvdb>
-        <secunia>53378</secunia>
-        <url>http://wordpress.org/plugins/ssquiz/changelog/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="funcaptcha">
-    <vulnerability>
-      <title>FunCaptcha 0.3.2- Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>92272</osvdb>
-        <secunia>53021</secunia>
-        <url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>0.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>FunCaptcha 0.4.3 - wp_funcaptcha_admin_activate.php URI XSS</title>
-      <references>
-        <osvdb>100392</osvdb>
-        <secunia>55863</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.4.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="xili-language">
-    <vulnerability>
-      <title>xili-language - index.php lang Parameter XSS</title>
-      <references>
-        <osvdb>93233</osvdb>
-        <secunia>53364</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.8.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordpress-seo">
-    <vulnerability>
-      <title>WordPress SEO - Security issue which allowed any user to reset settings</title>
-      <references>
-        <url>http://wordpress.org/plugins/wordpress-seo/changelog/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.4.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress SEO 1.14.15 - index.php s Parameter Reflected XSS</title>
-      <references>
-        <osvdb>97885</osvdb>
-        <url>http://packetstormsecurity.com/files/123028/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-   <vulnerability>
-      <title>WordPress SEO 1.4.6 - Reset Settings Feature Access Restriction Bypass</title>
-      <references>
-        <osvdb>92147</osvdb>
-        <secunia>52949</secunia>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="underconstruction">
-    <vulnerability>
-      <title>Under Construction 1.09 - Authenticated Single Page Viewing Unspecified Issue</title>
-      <references>
-        <osvdb>102507</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.10</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Under Construction 1.08 - Setting Manipulation CSRF</title>
-      <references>
-        <url>http://wordpress.org/plugins/underconstruction/changelog/</url>
-        <osvdb>93857</osvdb>
-        <secunia>52881</secunia>
-        <cve>2013-2699</cve>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.09</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="adif-log-search-widget">
-    <vulnerability>
-      <title>ADIF Log Search Widget - XSS Arbitrary Vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/121777/</url>
-        <osvdb>93721</osvdb>
-        <secunia>53599</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="exploit-scanner">
-    <vulnerability>
-      <title>Exploit Scanner - FPD and Security bypass vulnerabilities</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2013/May/216</url>
-        <osvdb>93799</osvdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ga-universal">
-    <vulnerability>
-      <title>GA Universal 1.0 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>92237</osvdb>
-        <secunia>52976</secunia>
-        <url>http://wordpress.org/plugins/ga-universal/changelog/</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.0.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="export-to-text">
-    <vulnerability>
-      <title>Export to text - Remote File Inclusion Vulnerability</title>
-      <references>
-        <secunia>51348</secunia>
-        <osvdb>93715</osvdb>
-      </references>
-      <type>RFI</type>
-      <fixed_in>2.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="qtranslate">
-    <vulnerability>
-      <title>qTranslate 2.5.34 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>93873</osvdb>
-        <cve>2013-3251</cve>
-        <secunia>53126</secunia>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="image-slider-with-description">
-    <vulnerability>
-      <title>Image slider with description - Unspecified Vulnerability</title>
-      <references>
-        <secunia>53588</secunia>
-        <osvdb>93691</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>7.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="user-role-editor">
-    <vulnerability>
-      <title>User Role Editor - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <secunia>53593</secunia>
-        <osvdb>93699</osvdb>
-        <exploitdb>25721</exploitdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>3.14</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="eelv-newsletter">
-    <vulnerability>
-      <title>EELV Newsletter 3.4.3 - lettreinfo.php Unspecified XSS</title>
-      <references>
-        <osvdb>104875</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.0</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>EELV Newsletter - Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53546</secunia>
-        <osvdb>93685</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="frontier-post">
-    <vulnerability>
-      <title>Frontier Post - Publishing Posts Security Bypass</title>
-      <references>
-        <secunia>53474</secunia>
-        <osvdb>93639</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="spider-catalog">
-    <vulnerability>
-      <title>Spider Catalog - Cross-Site Scripting and SQL Injection Vulnerabilities</title>
-      <references>
-        <secunia>53491</secunia>
-        <osvdb>93591</osvdb>
-        <osvdb>93593</osvdb>
-        <osvdb>93594</osvdb>
-        <osvdb>93595</osvdb>
-        <osvdb>93596</osvdb>
-        <osvdb>93597</osvdb>
-        <osvdb>93598</osvdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="spider-event-calendar">
-    <vulnerability>
-      <title>Spider Event Calendar - Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities</title>
-      <references>
-        <secunia>53481</secunia>
-        <osvdb>93582</osvdb>
-        <osvdb>93583</osvdb>
-        <osvdb>93584</osvdb>
-        <osvdb>93585</osvdb>
-        <osvdb>93586</osvdb>
-        <osvdb>93587</osvdb>
-        <osvdb>93588</osvdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="antivirus">
-    <vulnerability>
-      <title>AntiVirus 1.0 - PHP Backdoor Detection Bypass</title>
-      <references>
-        <osvdb>95134</osvdb>
-        <url>http://packetstormsecurity.com/files/121833/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Jun/0</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>AntiVirus 1.0 - uninstall.php Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>95135</osvdb>
-        <url>http://packetstormsecurity.com/files/121833/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Jun/0</url>
-      </references>
-      <type>FPD</type>
-      <fixed_in>1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-maintenance-mode">
-    <vulnerability>
-      <title>WP Maintenance Mode 1.8.7 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>94450</osvdb>
-        <cve>2013-3250</cve>
-        <secunia>53125</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.8.8</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ultimate-auction">
-    <vulnerability>
-      <title>Ultimate Auction 1.0 - CSRF Vulnerability</title>
-      <references>
-        <osvdb>94407</osvdb>
-        <exploitdb>26240</exploitdb>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mapsmarker">
-    <vulnerability>
-      <title>Leaflet Maps Marker - Multiple security issues</title>
-      <references>
-        <secunia>49845</secunia>
-        <url>http://www.mapsmarker.com/2012/06/06/leaflet-maps-marker-v2-4-is-available/</url>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>2.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Leaflet Maps Marker - Tag Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>94388</osvdb>
-        <secunia>53855</secunia>
-        <url>http://www.mapsmarker.com/2013/05/24/v3-5-4-with-lots-of-translation-updates-bugfixes-is-available/</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.5.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="leaflet-maps-marker-pro">
-    <vulnerability>
-      <title>Leaflet Maps Marker Pro - SQLI, XSS, Shell Upload, file delete</title>
-      <references>
-        <url>http://www.mapsmarker.com/2014/03/26/pro-v1-5-8-with-wordpress-3-9-compatibility-improvements-based-on-a-security-audit-by-the-city-of-vienna-is-available/</url>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>1.5.8</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="xorbin-analog-flash-clock">
-    <vulnerability>
-      <title>Xorbin Analog Flash Clock 1.0 - Flash-based XSS</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/122222/</url>
-        <cve>2013-4692</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="xorbin-digital-flash-clock">
-    <vulnerability>
-      <title>Xorbin Digital Flash Clock 1.0 - Flash-based XSS</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/122223/</url>
-        <cve>2013-4693</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dropdown-menu-widget">
-    <vulnerability>
-      <title>Dropdown Menu Widget 1.9.1 - Script Insertion CSRF</title>
-      <references>
-        <osvdb>94771</osvdb>
-        <cve>2013-2704</cve>
-        <secunia>52958</secunia>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="buddypress-extended-friendship-request">
-    <vulnerability>
-      <title>BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS</title>
-      <references>
-        <osvdb>94807</osvdb>
-        <cve>2013-4944</cve>
-        <secunia>54048</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-private-messages">
-    <vulnerability>
-      <title>wp-private-messages - /wp-admin/profile.php msgid Parameter SQL Injection</title>
-      <references>
-        <osvdb>94702</osvdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="stream-video-player">
-    <vulnerability>
-      <title>Stream Video Player &lt;= 1.4.0 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>94466</osvdb>
-        <cve>2013-2706</cve>
-        <secunia>52954</secunia>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="duplicator">
-    <vulnerability>
-      <title>Duplicator - installer.cleanup.php package Parameter XSS</title>
-      <references>
-        <osvdb>95627</osvdb>
-        <cve>2013-4625</cve>
-        <url>http://packetstormsecurity.com/files/122535/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.4.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="citizen-space">
-    <vulnerability>
-      <title>Citizen Space 1.0 - Script Insertion CSRF</title>
-      <references>
-        <osvdb>95570</osvdb>
-        <secunia>54256</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="spicy-blogroll">
-    <vulnerability>
-      <title>Spicy Blogroll - spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
-      <references>
-        <osvdb>95557</osvdb>
-        <exploitdb>26804</exploitdb>
-        <url>http://packetstormsecurity.com/files/122396/</url>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="pie-register">
-    <vulnerability>
-      <title>Pie Register - wp-login.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>95160</osvdb>
-        <cve>2013-4954</cve>
-        <secunia>54123</secunia>
-        <url>http://www.securityfocus.com/bid/61140</url>
-        <url>http://xforce.iss.net/xforce/xfdb/85604</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.31</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="xhanch-my-twitter">
-    <vulnerability>
-      <title>Xhanch my Twitter - CSRF in admin/setting.php</title>
-      <references>
-        <osvdb>96027</osvdb>
-        <secunia>53133</secunia>
-        <cve>2013-3253</cve>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.7.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sexybookmarks">
-    <vulnerability>
-      <title>SexyBookmarks - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>95908</osvdb>
-        <cve>2013-3256</cve>
-        <secunia>53138</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>6.1.5.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="hms-testimonials">
-    <vulnerability>
-      <title>HMS Testimonials 2.0.10 - CSRF</title>
-      <references>
-        <url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
-        <cve>2013-4240</cve>
-        <osvdb>96107</osvdb>
-        <osvdb>96108</osvdb>
-        <osvdb>96109</osvdb>
-        <osvdb>96110</osvdb>
-        <osvdb>96111</osvdb>
-        <secunia>54402</secunia>
-        <exploitdb>27531</exploitdb>
-        <url>http://packetstormsecurity.com/files/122761/</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.0.11</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>HMS Testimonials 2.0.10 - XSS</title>
-      <references>
-        <url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
-        <cve>2013-4241</cve>
-        <osvdb>96107</osvdb>
-        <osvdb>96108</osvdb>
-        <osvdb>96109</osvdb>
-        <osvdb>96110</osvdb>
-        <osvdb>96111</osvdb>
-        <secunia>54402</secunia>
-        <exploitdb>27531</exploitdb>
-        <url>http://packetstormsecurity.com/files/122761/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.11</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="indianic-testimonial">
-    <vulnerability>
-      <title>IndiaNIC Testimonial 2.2 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>96792</osvdb>
-        <cve>2013-5672</cve>
-        <exploitdb>28054</exploitdb>
-        <url>http://packetstormsecurity.com/files/123036/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>IndiaNIC Testimonial 2.2 - testimonial.php custom_query Parameter SQL Injection</title>
-      <references>
-        <osvdb>96793</osvdb>
-        <cve>2013-5673</cve>
-        <exploitdb>28054</exploitdb>
-        <url>http://packetstormsecurity.com/files/123036/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>IndiaNIC Testimonial 2.2 - iNIC_testimonial_save Action Multiple Parameter XSS</title>
-      <references>
-        <osvdb>96795</osvdb>
-        <exploitdb>28054</exploitdb>
-        <url>http://packetstormsecurity.com/files/123036/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="usernoise">
-    <vulnerability>
-      <title>Usernoise 3.7.8 - Feedback Submission summary Field XSS</title>
-      <references>
-        <osvdb>96000</osvdb>
-        <exploitdb>27403</exploitdb>
-        <url>http://packetstormsecurity.com/files/122701/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.7.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="platinum-seo-pack">
-    <vulnerability>
-      <title>platinum_seo_pack.php - s Parameter Reflected XSS</title>
-      <references>
-        <osvdb>97263</osvdb>
-        <cve>2013-5918</cve>
-      </references>
-      <fixed_in>1.3.8</fixed_in>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="design-approval-system">
-    <vulnerability>
-      <title>Design Approval System 3.6 - XSS Vulnerability</title>
-      <references>
-        <osvdb>97192</osvdb>
-        <osvdb>97279</osvdb>
-        <secunia>54704</secunia>
-        <url>http://seclists.org/bugtraq/2013/Sep/54</url>
-        <url>http://packetstormsecurity.com/files/123227/</url>
-        <cve>2013-5711</cve>
-      </references>
-      <fixed_in>3.7</fixed_in>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="event-easy-calendar">
-    <vulnerability>
-      <title>Event Easy Calendar 1.0.0 - Multiple Administrator Action CSRF</title>
-      <references>
-        <osvdb>97042</osvdb>
-        <url>http://packetstormsecurity.com/files/123132/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Event Easy Calendar 1.0.0 - Multiple Unspecified XSS</title>
-      <references>
-        <osvdb>97041</osvdb>
-        <url>http://packetstormsecurity.com/files/123132/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bradesco-gateway">
-    <vulnerability>
-      <title>Bradesco - falha.php URI Reflected XSS</title>
-      <references>
-        <osvdb>97624</osvdb>
-        <cve>2013-5916</cve>
-        <url>http://packetstormsecurity.com/files/123356/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="social-hashtags">
-    <vulnerability>
-      <title>Social Hashtags 2.0.0 - New Post Title Field Stored XSS</title>
-      <references>
-        <osvdb>98027</osvdb>
-        <url>http://packetstormsecurity.com/files/123485/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-flickr-display">
-    <vulnerability>
-      <title>Simple Flickr Display - Username Field Stored XSS</title>
-      <references>
-        <osvdb>97991</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="lazy-seo">
-    <vulnerability>
-      <title>Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>97662</osvdb>
-        <cve>2013-5961</cve>
-        <exploitdb>28452</exploitdb>
-        <url>http://packetstormsecurity.com/files/123349/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/87384</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="seo-watcher">
-    <vulnerability>
-      <title>SEO Watcher - Open Flash Chart Arbitrary File Creation Vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/123493/</url>
-        <secunia>55162</secunia>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="all-in-one-seo-pack">
-    <vulnerability>
-      <title>All in One SEO Pack &lt;= 2.1.5 - aioseop_functions.php new_meta Parameter XSS</title>
-      <references>
-        <osvdb>107640</osvdb>
-        <url>http://blog.sucuri.net/2014/05/vulnerability-found-in-the-all-in-one-seo-pack-wordpress-plugin.html</url>
-      </references>
-      <fixed_in>2.1.6</fixed_in>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>All in One SEO Pack &lt;= 2.1.5 - Unspecified Privilege Escalation</title>
-      <references>
-        <osvdb>107641</osvdb>
-        <url>http://blog.sucuri.net/2014/05/vulnerability-found-in-the-all-in-one-seo-pack-wordpress-plugin.html</url>
-      </references>
-      <fixed_in>2.1.6</fixed_in>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>All in One SEO Pack &lt;= 2.0.3 - XSS Vulnerability</title>
-      <references>
-        <osvdb>98023</osvdb>
-        <cve>2013-5988</cve>
-        <url>http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html</url>
-        <url>http://packetstormsecurity.com/files/123490/</url>
-        <url>http://www.securityfocus.com/bid/62784</url>
-        <url>http://seclists.org/bugtraq/2013/Oct/8</url>
-        <secunia>55133</secunia>
-      </references>
-      <fixed_in>2.0.3.1</fixed_in>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-dropbox-upload-form">
-    <vulnerability>
-      <title>Simple Dropbox Upload - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/123235/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/87166</url>
-        <osvdb>97457</osvdb>
-        <secunia>54856</secunia>
-        <cve>2013-5963</cve>
-      </references>
-      <fixed_in>1.8.8.1</fixed_in>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-ultimate-email-marketer">
-    <vulnerability>
-      <title>WP Ultimate Email Marketer - Multiple Vulnerabilities</title>
-      <references>
-        <osvdb>97648</osvdb>
-        <osvdb>97649</osvdb>
-        <osvdb>97650</osvdb>
-        <osvdb>97651</osvdb>
-        <osvdb>97652</osvdb>
-        <osvdb>97653</osvdb>
-        <osvdb>97654</osvdb>
-        <osvdb>97655</osvdb>
-        <osvdb>97656</osvdb>
-        <cve>2013-3263</cve>
-        <cve>2013-3264</cve>
-        <secunia>53170</secunia>
-        <url>http://www.securityfocus.com/bid/62621</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-miniaudioplayer">
-    <vulnerability>
-      <title>mb.miniAudioPlayer 1.4.2 - TinyMCE Popup Unspecified Issue</title>
-      <references>
-        <osvdb>101718</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.4.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>miniAudioPlayer 1.3.8 - maplayertinymce.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>97768</osvdb>
-        <secunia>54979</secunia>
-        <url>http://packetstormsecurity.com/files/123372/</url>
-        <url>http://www.securityfocus.com/bid/62629</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-custom-website-data">
-    <vulnerability>
-      <title>Custom Website Data 1.2 - Record Deletion CSRF</title>
-      <references>
-        <osvdb>101642</osvdb>
-        <secunia>54823</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Custom Website Data 1.0 - wp-admin/admin.php ref Parameter XSS</title>
-      <references>
-        <osvdb>97668</osvdb>
-        <secunia>54865</secunia>
-        <url>http://www.securityfocus.com/bid/62624</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="complete-gallery-manager">
-    <vulnerability>
-      <title>Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <osvdb>97481</osvdb>
-        <secunia>54894</secunia>
-        <cve>2013-5962</cve>
-        <exploitdb>28377</exploitdb>
-        <url>http://packetstormsecurity.com/files/123303/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/87172</url>
-      </references>
-      <fixed_in>3.3.4</fixed_in>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="lbg_zoominoutslider">
-    <vulnerability>
-      <title>LBG Zoominoutslider - add_banner.php name Parameter Stored XSS</title>
-      <references>
-        <osvdb>97887</osvdb>
-        <secunia>54983</secunia>
-        <url>http://packetstormsecurity.com/files/123367/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>LBG Zoominoutslider - settings_form.php Multiple Parameter Stored XSS</title>
-      <references>
-        <osvdb>99339</osvdb>
-        <url>http://packetstormsecurity.com/files/123914/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>LBG Zoominoutslider - add_playlist_record.php Multiple Parameter Stored XSS</title>
-      <references>
-        <osvdb>99340</osvdb>
-        <url>http://packetstormsecurity.com/files/123914/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>LBG Zoominoutslider - add_banner.php Unspecified XSS</title>
-      <references>
-        <osvdb>99320</osvdb>
-        <url>http://packetstormsecurity.com/files/123367/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>99341</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="woopra">
-    <vulnerability>
-      <title>Woopra - Remote Code Execution</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/123525/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fgallery_plus">
-    <vulnerability>
-      <title>fGallery_Plus - fim_rss.php album Parameter Reflected XSS</title>
-      <references>
-        <osvdb>97625</osvdb>
-        <url>http://packetstormsecurity.com/files/123347/</url>
-        <url>http://seclists.org/bugtraq/2013/Sep/105</url>
-        <url>http://seclists.org/bugtraq/2013/Sep/107</url>
-        <url>http://seclists.org/bugtraq/2013/Sep/108</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="nospampti">
-    <vulnerability>
-      <title>NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection</title>
-      <references>
-        <osvdb>97528</osvdb>
-        <exploitdb>28485</exploitdb>
-        <cve>2013-5917</cve>
-        <url>http://packetstormsecurity.com/files/123331/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="comment-attachment">
-    <vulnerability>
-      <title>Comment Attachment 1.0 - XSS Vulnerability</title>
-      <references>
-        <cve>2013-6010</cve>
-        <osvdb>97600</osvdb>
-        <url>http://packetstormsecurity.com/files/123327/</url>
-        <url>http://www.securityfocus.com/bid/62438</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mukioplayer-for-wordpress">
-    <vulnerability>
-      <title>Mukioplayer 1.6 - SQL Injection</title>
-      <references>
-        <osvdb>97609</osvdb>
-        <url>http://packetstormsecurity.com/files/123231/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="encrypted-blog">
-    <vulnerability>
-      <title>Encrypted Blog 0.0.6.2 - encrypt_blog_form.php redirect_to Parameter Arbitrary Site Redirect</title>
-      <references>
-        <osvdb>97881</osvdb>
-        <url>http://packetstormsecurity.com/files/122992/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Encrypted Blog 0.0.6.2 - encrypt_blog_form.php redirect_to Parameter Reflected XSS</title>
-      <references>
-        <osvdb>97882</osvdb>
-        <url>http://packetstormsecurity.com/files/122992/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-simple-login-registration-plugin">
-    <vulnerability>
-      <title>Simple Login Registration 1.0.1 - XSS</title>
-      <references>
-        <osvdb>96660</osvdb>
-        <secunia>54583</secunia>
-        <url>http://packetstormsecurity.com/files/122963/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="post-gallery">
-    <vulnerability>
-      <title>Post Gallery - XSS</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/122957/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="proplayer">
-    <vulnerability>
-      <title>ProPlayer 4.7.9.1 - SQL Injection</title>
-      <references>
-        <exploitdb>25605</exploitdb>
-        <osvdb>93564</osvdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="booking">
-    <vulnerability>
-      <title>Booking Calendar 4.1.4 - CSRF Vulnerability</title>
-      <references>
-        <osvdb>96088</osvdb>
-        <exploitdb>27399</exploitdb>
-        <secunia>54461</secunia>
-        <url>http://packetstormsecurity.com/files/122691/</url>
-        <url>http://wpbookingcalendar.com/</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>4.1.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="thinkit-wp-contact-form">
-    <vulnerability>
-      <title>ThinkIT &lt;= 0.3 - wp-admin/admin.php Contact Form Deletion CSRF</title>
-      <references>
-        <osvdb>96514</osvdb>
-        <secunia>54592</secunia>
-        <exploitdb>27751</exploitdb>
-        <url>http://packetstormsecurity.com/files/122898/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>ThinkIT &lt;= 0.2 - wp-admin/admin.php toitcf_current_id Parameter XSS</title>
-      <references>
-        <osvdb>96515</osvdb>
-        <secunia>54592</secunia>
-        <exploitdb>27751</exploitdb>
-        <url>http://packetstormsecurity.com/files/122898/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="quick-contact-form">
-    <vulnerability>
-      <title>Quick Contact Form 6.2 - Unspecified XSS</title>
-      <references>
-        <osvdb>101782</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>6.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Quick Contact Form 6.0 - Persistent XSS</title>
-      <references>
-        <osvdb>98279</osvdb>
-        <exploitdb>28808</exploitdb>
-        <secunia>55172</secunia>
-        <url>http://packetstormsecurity.com/files/123549/</url>
-        <url>http://quick-plugins.com/quick-contact-form/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>6.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="quick-paypal-payments">
-    <vulnerability>
-      <title>Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS</title>
-      <references>
-        <osvdb>98715</osvdb>
-        <secunia>55292</secunia>
-        <url>http://packetstormsecurity.com/files/123662/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="email-newsletter">
-    <vulnerability>
-      <title>Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/53850</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="faqs-manager">
-    <vulnerability>
-      <title>IndiaNIC FAQs Manager 1.0 - Blind SQL Injection</title>
-      <references>
-        <osvdb>91623</osvdb>
-        <exploitdb>24868</exploitdb>
-        <url>http://packetstormsecurity.com/files/120911/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>IndiaNIC FAQs Manager 1.0 - Ask Question Form question Parameter XSS</title>
-      <references>
-        <osvdb>91624</osvdb>
-        <exploitdb>24867</exploitdb>
-        <secunia>52780</secunia>
-        <url>http://packetstormsecurity.com/files/120910/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>IndiaNIC FAQs Manager 1.0 - CAPTCHA Value Disclosure</title>
-      <references>
-        <osvdb>91625</osvdb>
-        <exploitdb>24867</exploitdb>
-        <url>http://packetstormsecurity.com/files/120910/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>IndiaNIC FAQs Manager 1.0 - FAQ Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>91626</osvdb>
-        <secunia>52780</secunia>
-        <exploitdb>24867</exploitdb>
-        <url>http://packetstormsecurity.com/files/120910/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="booking-system">
-    <vulnerability>
-      <title>Booking System - events_facualty_list.php eid Parameter Reflected XSS</title>
-      <references>
-        <osvdb>96740</osvdb>
-        <url>http://packetstormsecurity.com/files/122289/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Booking System 1.2 - dopbs-backend-forms.php booking_form_id Parameter SQL injection</title>
-      <references>
-        <osvdb>107204</osvdb>
-        <cve>2014-3210</cve>
-        <url>http://www.securityfocus.com/archive/1/532168</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="js-restaurant">
-    <vulnerability>
-      <title>JS Restaurant - popup.php restuarant_id Parameter SQL Injection</title>
-      <references>
-        <osvdb>96743</osvdb>
-        <url>http://packetstormsecurity.com/files/122316/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="FlagEm">
-    <vulnerability>
-      <title>FlagEm - flagit.php cID Parameter XSS</title>
-      <references>
-        <osvdb>98226</osvdb>
-        <url>http://www.securityfocus.com/bid/61401</url>
-        <url>http://xforce.iss.net/xforce/xfdb/85925</url>
-        <url>http://packetstormsecurity.com/files/122505/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="chat">
-    <vulnerability>
-      <title>Chat - message Parameter XSS</title>
-      <references>
-        <osvdb>95984</osvdb>
-        <secunia>54403</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="shareaholic">
-    <vulnerability>
-      <title>Shareaholic - Unspecified CSRF</title>
-      <references>
-        <osvdb>96321</osvdb>
-        <secunia>54529</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>7.0.3.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="page-showcaser-boxes">
-    <vulnerability>
-      <title>Page Showcaser Boxes - Title Field Stored XSS</title>
-      <references>
-        <osvdb>97579</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="a-forms">
-    <vulnerability>
-      <title>A Forms 1.4.0 - a-forms.php a_form_tracking_page FunctionMultiple Parameters SQL Injection</title>
-      <references>
-        <osvdb>96404</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>A Forms 1.4.0 - Form Submission CSRF</title>
-      <references>
-        <osvdb>96381</osvdb>
-        <secunia>54489</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.4.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>A Forms 1.4.0 - a-forms.php a_form_shortcode Function Multiple Parameter XSS</title>
-      <references>
-        <osvdb>96410</osvdb>
-        <secunia>54489</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>A Forms 1.4.0 - a-forms.php aform_css_file_selector() Function css_file_selection Parameter XSS</title>
-      <references>
-        <osvdb>96809</osvdb>
-        <secunia>54489</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>A Forms 1.4.0 - a-forms.php add_field_to_section Function Multiple Parameter XSS</title>
-      <references>
-        <osvdb>96810</osvdb>
-        <secunia>54489</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>A Forms 1.4.0 - a-forms.php a_form_initial_page Function Multiple Parameter XSS</title>
-      <references>
-        <osvdb>96811</osvdb>
-        <secunia>54489</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>A Forms 1.4.0 - a-forms.php a_form_page Function Multiple Parameter XSS</title>
-      <references>
-        <osvdb>96812</osvdb>
-        <secunia>54489</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>A Forms 1.4.0 -  a-forms.php a_form_section_page Function message Parameter XSS</title>
-      <references>
-        <osvdb>96813</osvdb>
-        <secunia>54489</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>A Forms 1.4.0 - a-forms.php a_form_tracking_page Function Multiple Parameter XSS</title>
-      <references>
-        <osvdb>96814</osvdb>
-        <secunia>54489</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="share-this">
-    <vulnerability>
-      <title>ShareThis 7.0.3 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>96884</osvdb>
-        <cve>2013-3479</cve>
-        <secunia>53135</secunia>
-        <url>http://www.securityfocus.com/bid/62154</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>7.0.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-flash-video">
-    <vulnerability>
-      <title>Simple Flash Video 1.7 - Cross Site Scripting</title>
-      <references>
-        <osvdb>98371</osvdb>
-        <url>http://packetstormsecurity.com/files/123562/</url>
-        <url>http://www.securityfocus.com/bid/62950</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="landing-pages">
-    <vulnerability>
-      <title>Landing Pages 1.2.3 - Unspecified Issue</title>
-      <references>
-        <osvdb>102442</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.3.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Landing Pages 1.2.1 - module.utils.php post Parameter SQL Injection</title>
-      <references>
-        <osvdb>98334</osvdb>
-        <cve>2013-6243</cve>
-        <secunia>55192</secunia>
-        <url>http://www.securityfocus.com/bid/62942</url>
-        <url>http://xforce.iss.net/xforce/xfdb/87803</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.2.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Landing Pages 1.2.1 - module.redirect-ab-testing.php permalink_name Parameter SQL Injection</title>
-      <references>
-        <osvdb>102407</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.2.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cart66-lite">
-    <vulnerability>
-      <title>Cart66 1.5.1.14 - admin.php cart66-products Page Product Manipulation CSRF</title>
-      <references>
-        <osvdb>98352</osvdb>
-        <cve>2013-5977</cve>
-        <exploitdb>28959</exploitdb>
-        <secunia>55265</secunia>
-        <url>http://packetstormsecurity.com/files/123587/</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.5.1.15</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cart66 - admin.php cart66-products Page Multiple Field Stored XSS</title>
-      <references>
-        <osvdb>98353</osvdb>
-        <cve>2013-5978</cve>
-        <exploitdb>28959</exploitdb>
-        <url>http://packetstormsecurity.com/files/123587/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5.1.15</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="category-wise-search">
-    <vulnerability>
-      <title>Wise Search Widget 1.1 - s Parameter Reflected XSS</title>
-      <references>
-        <osvdb>97989</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="catholic-liturgical-calendar">
-    <vulnerability>
-      <title>Catholic Liturgical Calendar Widget 0.0.1 - Title Field Stored XSS</title>
-      <references>
-        <osvdb>98026</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.0.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="zenphoto">
-    <vulnerability>
-      <title>Zenphoto 1.4.5.2 - wordpress_import.php wp_prefix Function SQL Injection</title>
-      <references>
-        <osvdb>98091</osvdb>
-        <url>http://packetstormsecurity.com/files/123501/</url>
-        <url>http://www.securityfocus.com/bid/62815</url>
-        <url>http://seclists.org/bugtraq/2013/Oct/20</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.4.5.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bp-group-documents">
-    <vulnerability>
-      <title>Group Documents 1.2.1 - Document Upload Multiple Field Stored XSS</title>
-      <references>
-        <osvdb>103475</osvdb>
-        <url>http://seclists.org/fulldisclosure/2014/Feb/170</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Group Documents 1.2.1 - bp-group-documents-settings.php file Parameter Remote Path Traversal File Location Manipulation</title>
-      <references>
-        <osvdb>103476</osvdb>
-        <url>http://seclists.org/fulldisclosure/2014/Feb/170</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.2.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Group Documents 1.2.1 - Document Property Manipulation CSRF</title>
-      <references>
-        <osvdb>103477</osvdb>
-        <url>http://seclists.org/fulldisclosure/2014/Feb/170</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.2.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Group Documents 1.2 - File Uploading Multiple Parameter Stored XSS</title>
-      <references>
-        <osvdb>98246</osvdb>
-        <secunia>55130</secunia>
-        <url>http://www.securityfocus.com/bid/62886</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ab-categories-search-widget">
-    <vulnerability>
-      <title>AB Categories Search Widget 0.1 - s Parameter Reflected XSS</title>
-      <references>
-        <osvdb>97987</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sl-user-create">
-    <vulnerability>
-      <title>SL User Create 0.2.4 - LSL script Secret String Weakness Information Disclosure</title>
-      <references>
-        <osvdb>98456</osvdb>
-        <secunia>55262</secunia>
-        <url>http://www.securityfocus.com/bid/63009</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>0.2.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="player">
-    <vulnerability>
-      <title>Spider Video Player 2.1 - settings.php theme Parameter SQL Injection</title>
-      <references>
-        <osvdb>92264</osvdb>
-        <cve>2013-3532</cve>
-        <url>http://packetstormsecurity.com/files/121250/</url>
-        <url>http://www.securityfocus.com/bid/59021</url>
-        <url>http://xforce.iss.net/xforce/xfdb/83374</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spider Video Player 2.1 - settings.php s_v_player_id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>100848</osvdb>
-        <url>http://packetstormsecurity.com/files/124353/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="finalist">
-    <vulnerability>
-      <title>Finalist - vote.php id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>98665</osvdb>
-        <url>http://packetstormsecurity.com/files/123597/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Finalist - vote.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>98665</osvdb>
-        <url>http://packetstormsecurity.com/files/120951/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dexs-pm-system">
-    <vulnerability>
-      <title>Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS</title>
-      <references>
-        <osvdb>98668</osvdb>
-        <secunia>55296</secunia>
-        <exploitdb>28970</exploitdb>
-        <url>http://packetstormsecurity.com/files/123634/</url>
-        <url>http://www.securityfocus.com/bid/63021</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="video-metabox">
-    <vulnerability>
-      <title>Video Metabox 1.1 - Persistent XSS Vulnerability Disclosure</title>
-      <references>
-        <osvdb>98641</osvdb>
-        <secunia>55257</secunia>
-        <url>http://www.securityfocus.com/bid/63172</url>
-        <url>http://securityundefined.com/wordpress-video-metabox-plugin-persistent-xss-vulnerability-disclosure/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-realty">
-    <vulnerability>
-      <title>WP Realty - MySQL Time Based Injection</title>
-      <references>
-        <osvdb>98748</osvdb>
-        <exploitdb>29021</exploitdb>
-        <url>http://packetstormsecurity.com/files/123655/</url>
-        <url>http://www.securityfocus.com/bid/63217</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Realty - index_ext.php listing_id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>101583</osvdb>
-        <url>http://packetstormsecurity.com/files/124418/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="feed">
-    <vulnerability>
-      <title>Feed - news_dt.php nid Parameter SQL Injection</title>
-      <references>
-        <osvdb>94804</osvdb>
-        <url>http://packetstormsecurity.com/files/122260/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="social-sharing-toolkit">
-    <vulnerability>
-      <title>Social Sharing Toolkit 2.1.1 - Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>98717</osvdb>
-        <cve>2013-2701</cve>
-        <secunia>52951</secunia>
-        <url>http://www.securityfocus.com/bid/63198</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Social Sharing Toolkit 2.1.1 - Unspecified XSS</title>
-      <references>
-        <osvdb>98931</osvdb>
-        <cve>2013-6280</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.1.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="videowall">
-    <vulnerability>
-      <title>Videowall - index.php page_id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>98765</osvdb>
-        <url>http://packetstormsecurity.com/files/123693/</url>
-        <url>http://seclists.org/bugtraq/2013/Oct/98</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="really-simple-facebook-twitter-share-buttons">
-    <vulnerability>
-      <title>Really simple Facebook Twitter share buttons 2.10.4 - Settings Page Manipulation CSRF</title>
-      <references>
-        <osvdb>97190</osvdb>
-        <secunia>54707</secunia>
-        <url>http://www.securityfocus.com/bid/62268</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.10.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="car-demon">
-    <vulnerability>
-      <title>Car Demon 1.0.1 - /wp-admin/edit.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>90365</osvdb>
-        <secunia>51088</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>90366</osvdb>
-        <secunia>51088</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="blue-wrench-videos-widget">
-    <vulnerability>
-      <title>Blue Wrench Video Widget 1.0.2 - admin.php bw-videos Page Multiple Action CSRF</title>
-      <references>
-        <osvdb>98922</osvdb>
-        <secunia>55456</secunia>
-        <url>http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Blue-Wrench-Video-Widget 1.0.2 - admin.php bw-videos Page Multiple Parameter Stored XSS</title>
-      <references>
-        <osvdb>98923</osvdb>
-        <secunia>55456</secunia>
-        <url>http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-mailup">
-    <vulnerability>
-      <title>MailUp 1.3.2 - ajax.functions.php Ajax Function Call Handling XSS Weakness</title>
-      <references>
-        <osvdb>91274</osvdb>
-        <cve>2013-0731</cve>
-        <cve>2013-2640</cve>
-        <secunia>51917</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-online-store">
-    <vulnerability>
-      <title>WP Online Store 1.3.1 - index.php slug Parameter Traversal Local File Inclusion</title>
-      <references>
-        <osvdb>90243</osvdb>
-        <secunia>50836</secunia>
-      </references>
-      <type>LFI</type>
-      <fixed_in>1.3.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP Online Store 1.3.1 - index.php Multiple Parameter Traversal Arbitrary File Access</title>
-      <references>
-        <osvdb>90244</osvdb>
-        <secunia>50836</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.3.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="payment-gateways-caller-for-wp-e-commerce">
-    <vulnerability>
-      <title>Payment Gateways Caller for WP e-Commerce 0.1.0 - load_merchant Parameter Traversal Local file Inclusion</title>
-      <references>
-        <osvdb>98916</osvdb>
-        <url>http://packetstormsecurity.com/files/123744/</url>
-      </references>
-      <type>LFI</type>
-      <fixed_in>0.1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="easy-photo-album">
-    <vulnerability>
-      <title>Easy Photo Album 1.1.5 - Album Information Disclosure</title>
-      <references>
-        <osvdb>98802</osvdb>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>1.1.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="hungred-post-thumbnail">
-    <vulnerability>
-      <title>Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution</title>
-      <references>
-        <osvdb>82830</osvdb>
-        <url>http://packetstormsecurity.com/files/113402/</url>
-        <url>http://www.securityfocus.com/bid/53898</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dhtmlxspreadsheet">
-    <vulnerability>
-      <title>Spreadsheet - /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS</title>
-      <references>
-        <osvdb>98831</osvdb>
-        <cve>2013-6281</cve>
-        <secunia>55396</secunia>
-        <url>http://packetstormsecurity.com/files/123699/</url>
-        <url>http://www.securityfocus.com/bid/63256</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="tweet-blender">
-    <vulnerability>
-      <title>Tweet Blender 4.0.1 - Unspecified XSS</title>
-      <references>
-        <osvdb>98978</osvdb>
-        <cve>2013-6342</cve>
-        <secunia>55780</secunia>
-        <url>http://packetstormsecurity.com/files/124047/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>4.0.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sb-uploader">
-    <vulnerability>
-      <title>WordPress SB Uploader 3.9 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119159/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="connections">
-    <vulnerability>
-      <title>Connections Business Directory 0.7.9.3 - includes/template/class.template-parts.php Pagination URL Handling XSS</title>
-      <references>
-        <osvdb>106558</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.7.9.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Connections &lt;= 0.7.1.5 - Unspecified Security Vulnerability</title>
-      <references>
-        <cve>2011-5254</cve>
-        <url>http://www.securityfocus.com/bid/51204</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.7.1.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="gallery-bank">
-    <vulnerability>
-      <title>Gallery Bank 2.0.19 - edit-album.php album_id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>99045</osvdb>
-        <secunia>55443</secunia>
-        <url>http://packetstormsecurity.com/files/123924/</url>
-        <url>http://www.securityfocus.com/bid/63382</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.20</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Gallery Bank 2.0.19 - Multiple Unspecified Issues</title>
-      <references>
-        <osvdb>99046</osvdb>
-        <secunia>55443</secunia>
-        <url>http://www.securityfocus.com/bid/63382</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0.20</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Gallery Bank 2.0.19 - album-gallery-bank-class.php recordsArray Parameter Reflected XSS</title>
-      <references>
-        <osvdb>99345</osvdb>
-        <secunia>55443</secunia>
-        <url>http://www.securityfocus.com/bid/63385</url>
-        <url>http://seclists.org/fulldisclosure/2013/Nov/38</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.20</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="rockhoist-ratings">
-    <vulnerability>
-      <title>Rockhoist Ratings 1.2.2 - wp-admin/admin-ajax.php postID Parameter SQL Injection</title>
-      <references>
-        <osvdb>99195</osvdb>
-        <secunia>55445</secunia>
-        <url>http://www.securityfocus.com/bid/63441</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordpress-checkout">
-    <vulnerability>
-      <title>Checkout Plugin - File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>99225</osvdb>
-        <url>http://packetstormsecurity.com/files/123866/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mobilechief-mobile-site-creator">
-    <vulnerability>
-      <title>MobileChief - jQuery Validation Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>55501</secunia>
-        <url>http://packetstormsecurity.com/files/123809/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="timeline">
-    <vulnerability>
-      <title>Facebook Survey Pro - timeline/index.php id Parameter SQL Injection</title>
-      <references>
-        <secunia>87817</secunia>
-        <exploitdb>22853</exploitdb>
-        <url>http://packetstormsecurity.com/files/118238/</url>
-        <url>http://www.securityfocus.com/bid/56595</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80141</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="live-comment-preview">
-    <vulnerability>
-      <title>Live Comment Preview 2.0.2 - Comment Field Preview XSS</title>
-      <references>
-        <osvdb>92944</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="polldaddy">
-    <vulnerability>
-      <title>Polldaddy Polls and Ratings 2.0.20 - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>99515</osvdb>
-        <secunia>55464</secunia>
-        <url>http://www.securityfocus.com/bid/63557</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.0.21</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="jigoshop">
-    <vulnerability>
-      <title>Jigoshop 1.8 - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>99485</osvdb>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fcchat">
-    <vulnerability>
-      <title>FCChat 2.2.11-2.2.13 - Upload.php Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/53855</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="another-wordpress-classifieds-plugin">
-    <vulnerability>
-      <title>Another WordPress Classifieds - Unspecified Image Upload Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/52861</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="picturesurf-gallery">
-    <vulnerability>
-      <title>Picturesurf Gallery 1.2 - upload.php Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/53894</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="social-slider-2">
-    <vulnerability>
-      <title>Social Slider &lt;= 5.6.5 - social-slider-2/ajax.php rA Parameter SQL Injection</title>
-      <references>
-        <osvdb>74421</osvdb>
-        <secunia>45549</secunia>
-        <exploitdb>17617</exploitdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>6.0.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="redirection">
-    <vulnerability>
-      <title>Redirection 2.3.3 - view/admin/item.php URL Handling Reflected XSS</title>
-      <references>
-        <osvdb>101774</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.3.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Redirection - view/admin/log_item.php Non-existent Posts Referer HTTP Header XSS</title>
-      <references>
-        <cve>2011-4562</cve>
-        <osvdb>76092</osvdb>
-        <osvdb>77447</osvdb>
-        <secunia>46310</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.2.10</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Redirection - wp-admin/tools.php id Parameter XSS</title>
-      <references>
-        <osvdb>74783</osvdb>
-        <secunia>45782</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.2.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="eshop">
-    <vulnerability>
-      <title>eShop - wp-admin/admin.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>74464</osvdb>
-        <secunia>45553</secunia>
-        <url>http://seclists.org/bugtraq/2011/Aug/52</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>6.2.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="all-in-one-adsense-and-ypn">
-    <vulnerability>
-      <title>All in One Adsense YPN 2.0.1 - all-in-one-adsense-and-ypn.php Unspecified XSS</title>
-      <references>
-        <osvdb>74900</osvdb>
-        <secunia>45579</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>All in One Adsense YPN 2.0.1 - all-in-one-adsense-and-ypn.php Direct Request AdSense Account Manipulation</title>
-      <references>
-        <osvdb>74899</osvdb>
-        <secunia>45579</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="SearchNSave">
-    <vulnerability>
-      <title>Search N Save - SearchNSave/error_log Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>95196</osvdb>
-        <secunia>54078</secunia>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="taggator">
-    <vulnerability>
-      <title>TagGator - 'tagid' Parameter SQL Injection Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/52908</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="uploadify-integration">
-    <vulnerability>
-      <title>Uploadify Integration 0.9.6 - Multiple Cross Site Scripting Vulnerabilities</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/52944</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wpsc-mijnpress">
-    <vulnerability>
-      <title>WPsc MijnPress - 'rwflush' Parameter Cross Site Scripting Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/53302</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="leaflet-maps-marker">
-    <vulnerability>
-      <title>Leaflet Maps Marker 3.5.2 - Two SQL Injection Vulnerabilities</title>
-      <references>
-        <secunia>53855</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.5.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="google-xml-sitemaps-generator">
-    <vulnerability>
-      <title>XML Sitemap Generator 3.2.8 - XML File Overwrite Arbitrary Code Execution</title>
-      <references>
-        <osvdb>89411</osvdb>
-        <url>http://packetstormsecurity.com/files/119357/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="spam-free-wordpress">
-    <vulnerability>
-      <title>Spam Free Plugin 1.9.2 - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>88954</osvdb>
-        <url>http://xforce.iss.net/xforce/xfdb/81007</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Spam Free Plugin 1.9.2 - IP Blocklist Restriction Bypass</title>
-      <references>
-        <osvdb>88955</osvdb>
-        <url>http://xforce.iss.net/xforce/xfdb/81006</url>
-        <url>http://packetstormsecurity.com/files/119274/</url>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="editorial-calendar">
-    <vulnerability>
-      <title>Editorial Calendar 2.6 - Post Title XSS</title>
-      <references>
-        <osvdb>90226</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Editorial Calendar 2.6 - Permission Verification Arbitrary Calendar Post Deletion</title>
-      <references>
-        <osvdb>90227</osvdb>
-        <secunia>52218</secunia>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>2.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Editorial Calendar 2.6 - Post Query Multiple Filter SQL Injection</title>
-      <references>
-        <osvdb>90228</osvdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="shareyourcart">
-    <vulnerability>
-      <title>ShareYourCart 1.6.1 - SDK Multiple Unspecified Path Disclosure</title>
-      <references>
-        <osvdb>81618</osvdb>
-        <cve>2012-4332</cve>
-        <secunia>48960</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.7.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="alo-easymail">
-    <vulnerability>
-      <title>ALO EasyMail Newsletter 2.4.7 - Multiple Unspecified XSS</title>
-      <references>
-        <osvdb>82324</osvdb>
-        <secunia>49320</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.4.8</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="contact-form-7">
-    <vulnerability>
-      <title>Contact Form 7 &lt;= 3.7.1 - Security Bypass Vulnerability</title>
-      <references>
-        <cve>2014-2265</cve>
-        <url>http://www.securityfocus.com/bid/66381/</url>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.7.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Contact Form 7 &amp; Old WP Versions - Crafted File Extension Upload Remote Code Execution</title>
-      <references>
-        <osvdb>102776</osvdb>
-        <url>http://packetstormsecurity.com/files/125018/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Feb/0</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Contact Form 7 &lt;= 3.5.2 - Arbitrary File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>100189</osvdb>
-        <url>http://packetstormsecurity.com/files/124154/</url>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>3.5.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="store-locator">
-    <vulnerability>
-      <title>Store Locator &lt;= 2.6.1 - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <osvdb>100485</osvdb>
-        <secunia>55276</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.12</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="optinfirex">
-    <vulnerability>
-      <title>Optinfirex - lp/index.php id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>100435</osvdb>
-        <url>http://packetstormsecurity.com/files/124188/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="amerisale-re">
-    <vulnerability>
-      <title>Amerisale-Re - Remote Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/124992/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Amerisale-Re - netriesdetail/upload.php edit Parameter Reflected XSS</title>
-      <references>
-        <osvdb>100434</osvdb>
-        <url>http://packetstormsecurity.com/files/124187/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/89263</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="js-multihotel">
-    <vulnerability>
-      <title>JS MultiHotel 2.2.1 - includes/show_image.php file Parameter Remote File Inclusion DoS</title>
-      <references>
-        <osvdb>105185</osvdb>
-        <url>http://packetstormsecurity.com/files/125959/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Mar/428</url>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>JS MultiHotel 2.2.1 - includes/delete_img.php path Parameter Reflected XSS</title>
-      <references>
-        <osvdb>105186</osvdb>
-        <url>http://packetstormsecurity.com/files/125959/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Mar/428</url>
-        <url>http://www.securityfocus.com/bid/66529</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>JS MultiHotel 2.2.1 - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>105187</osvdb>
-        <url>http://packetstormsecurity.com/files/125959/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Mar/428</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>JS MultiHotel 2.2.1 - includes/timthumb.php src Parameter Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>105119</osvdb>
-        <url>http://seclists.org/fulldisclosure/2014/Mar/413</url>
-        <url>http://www.securityfocus.com/bid/66529</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>JS MultiHotel 2.2.1 - refreshDate.php roomid Parameter Reflected XSS</title>
-      <references>
-        <osvdb>100575</osvdb>
-        <secunia>55919</secunia>
-        <url>http://packetstormsecurity.com/files/124239/</url>
-        <url>http://www.securityfocus.com/bid/64045</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dzs-videogallery">
-    <vulnerability>
-      <title>DZS Video Gallery - ajax.php source Parameter Reflected XSS</title>
-      <references>
-        <osvdb>103283</osvdb>
-        <secunia>56904</secunia>
-        <url>http://packetstormsecurity.com/files/125179/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>DZS Video Gallery - upload.php File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>100620</osvdb>
-        <exploitdb>29834</exploitdb>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>DZS Video Gallery 3.1.3 - Remote File Disclosure</title>
-      <references>
-        <osvdb>100750</osvdb>
-        <url>http://packetstormsecurity.com/files/124317/</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>DZS Video Gallery - preview_allchars.swf logoLink Parameter Reflected XSS</title>
-      <references>
-        <osvdb>107521</osvdb>
-        <cve>2014-3923</cve>
-        <url>http://packetstormsecurity.com/files/126846/</url>
-        <url>http://www.securityfocus.com/bid/67698</url>
-        <url>http://seclists.org/fulldisclosure/2014/May/157</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>DZS Video Gallery - deploy/preview_skin_overlay.swf logoLink Parameter Reflected XSS</title>
-      <references>
-        <osvdb>107522</osvdb>
-        <cve>2014-3923</cve>
-        <url>http://packetstormsecurity.com/files/126846/</url>
-        <url>http://www.securityfocus.com/bid/67698</url>
-        <url>http://seclists.org/fulldisclosure/2014/May/157</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>DZS Video Gallery - deploy/preview.swf logoLink Parameter Reflected XSS</title>
-      <references>
-        <osvdb>107523</osvdb>
-        <cve>2014-3923</cve>
-        <url>http://packetstormsecurity.com/files/126846/</url>
-        <url>http://www.securityfocus.com/bid/67698</url>
-        <url>http://seclists.org/fulldisclosure/2014/May/157</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>DZS Video Gallery - preview_skin_rouge.swf logoLink Parameter Reflected XSS</title>
-      <references>
-        <osvdb>107524</osvdb>
-        <cve>2014-3923</cve>
-        <url>http://packetstormsecurity.com/files/126846/</url>
-        <url>http://www.securityfocus.com/bid/67698</url>
-        <url>http://seclists.org/fulldisclosure/2014/May/157</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="askapache-firefox-adsense">
-    <vulnerability>
-      <title>AskApache Firefox Adsense 3.0 - Unspecified CSRF</title>
-      <references>
-        <osvdb>100662</osvdb>
-        <cve>2013-6992</cve>
-        <url>https://www.htbridge.com/advisory/HTB23188</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ad-minister">
-    <vulnerability>
-      <title>Ad-minister 0.6 - Unspecified XSS</title>
-      <references>
-        <osvdb>100663</osvdb>
-        <cve>2013-6993</cve>
-        <url>http://packetstormsecurity.com/files/124604/</url>
-        <url>https://www.htbridge.com/advisory/HTB23187</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="tdo-mini-forms-wordpress-plugin">
-    <vulnerability>
-      <title>TDO Mini Forms 0.13.9 - tdomf-upload-inline.php File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>100847</osvdb>
-        <url>http://packetstormsecurity.com/files/124352/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="huskerportfolio">
-    <vulnerability>
-      <title>HuskerPortfolio 0.3 - huskerPortfolio.php File Upload CSRF</title>
-      <references>
-        <osvdb>100845</osvdb>
-        <url>http://packetstormsecurity.com/files/124359/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="formcraft">
-    <vulnerability>
-      <title>FormCraft - form.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>100877</osvdb>
-        <secunia>56044</secunia>
-        <url>http://packetstormsecurity.com/files/124343/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-<!-- Fake vuln, see: Commit https://github.com/wpscanteam/wpscan/commit/40f96dd2bde8ed262c6d9428734624510a93fad4
-  <plugin name="photosmash-galleries">
-    <vulnerability>
-      <title>PhotoSmash Galleries 1.0.7 - bwbps-uploader.php File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>100878</osvdb>
-        <url>http://packetstormsecurity.com/files/124342/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
--->
-  <plugin name="zarzadzanie_kontem">
-    <vulnerability>
-      <title>Zarzadzanie Kontem - ajaxfilemanager.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>87834</osvdb>
-        <url>http://packetstormsecurity.com/files/118322/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ads-box">
-    <vulnerability>
-      <title>Ads Box - iframe_ampl.php count Parameter SQL Injection</title>
-      <references>
-        <osvdb>88257</osvdb>
-        <url>http://packetstormsecurity.com/files/118342/</url>
-        <url>http://www.securityfocus.com/bid/56681</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80256</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="broken-link-checker">
-    <vulnerability>
-      <title>Broken Link Checker 1.9.1 - Bulk Action Form URL Handling XSS</title>
-      <references>
-        <osvdb>101059</osvdb>
-        <secunia>56053</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Broken Link Checker 1.9.1 - Sort Direction Query Argument Handling XSS</title>
-      <references>
-        <osvdb>101066</osvdb>
-        <secunia>56053</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="easy-career-openings">
-    <vulnerability>
-      <title>Easy Career Openings - jobid Parameter SQL Injection</title>
-      <references>
-        <osvdb>100677</osvdb>
-        <url>http://packetstormsecurity.com/files/124309/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="q-and-a">
-    <vulnerability>
-      <title>Q and A 1.0.6.2 - Multiple Scripts Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>100793</osvdb>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ml-slider">
-    <vulnerability>
-      <title>Meta Slider 2.5 - metaslider.php id Parameter XSS</title>
-      <references>
-        <osvdb>108611</osvdb>
-        <url>http://packetstormsecurity.com/files/127288/</url>
-        <url>http://www.securityfocus.com/bid/68283</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Meta Slider 2.1.6 - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>100794</osvdb>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="custom-tables">
-    <vulnerability>
-      <title>Custom Tables 3.4.4 - iframe.php key Parameter XSS</title>
-      <references>
-        <osvdb>83646</osvdb>
-        <secunia>49823</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-socializer">
-    <vulnerability>
-      <title>WP Socializer 2.4.2 - admin/wpsr-services-selector.php val Parameter XSS</title>
-      <references>
-        <osvdb>83645</osvdb>
-        <secunia>49824</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="church-admin">
-    <vulnerability>
-      <title>church_admin 0.33.4.5 - includes/validate.php id Parameter XSS</title>
-      <references>
-        <osvdb>83644</osvdb>
-        <secunia>49827</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="phpfreechat">
-    <vulnerability>
-      <title>PHPFreeChat 0.2.8 - lib/csstidy-1.2/css_optimiser.php url Parameter XSS</title>
-      <references>
-        <osvdb>83642</osvdb>
-        <secunia>49826</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-embed-code">
-    <vulnerability>
-      <title>Artiss Code Embed 2.0.1 - wp-admin/admin.php suffix Parameter XSS</title>
-      <references>
-        <osvdb>83686</osvdb>
-        <secunia>49848</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="dewplayer-flash-mp3-player">
-    <vulnerability>
-      <title>Dewplayer - dewplayer-vinyl.swf xml Parameter XML File Handling XSS</title>
-      <references>
-        <osvdb>101353</osvdb>
-        <url>http://packetstormsecurity.com/files/124582/</url>
-        <url>http://www.securityfocus.com/bid/64506</url>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Dewplayer - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS</title>
-      <references>
-        <osvdb>101352</osvdb>
-        <url>http://packetstormsecurity.com/files/124582/</url>
-        <url>http://www.securityfocus.com/bid/64506</url>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Dewplayer &lt;= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness</title>
-      <references>
-        <osvdb>101440</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/209</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="advanced-dewplayer">
-    <vulnerability>
-      <title>Advanced Dewplayer - dewplayer-vinyl.swf xml Parameter XML File Handling XSS</title>
-      <references>
-        <osvdb>101353</osvdb>
-        <url>http://packetstormsecurity.com/files/124582/</url>
-        <url>http://www.securityfocus.com/bid/64506</url>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Dewplayer - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS</title>
-      <references>
-        <osvdb>101352</osvdb>
-        <url>http://packetstormsecurity.com/files/124582/</url>
-        <url>http://www.securityfocus.com/bid/64506</url>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Advanced Dewplayer &lt;= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness</title>
-      <references>
-        <osvdb>101440</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/209</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Advanced Dewplayer &lt;= 1.2 - download-file.php dew_file Parameter Traversal Arbitrary File Access</title>
-      <references>
-        <osvdb>101513</osvdb>
-        <secunia>55941</secunia>
-        <url>http://seclists.org/oss-sec/2013/q4/566</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="sem-wysiwyg">
-    <vulnerability>
-      <title>SEM WYSIWYG - Arbitrary File Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/115789/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="recommend-a-friend">
-    <vulnerability>
-      <title>Recommend a friend 2.0.2 - inc/raf_form.php current_url Parameter Reflected XSS</title>
-      <references>
-        <osvdb>101487</osvdb>
-        <secunia>56209</secunia>
-        <cve>2013-7276</cve>
-        <url>http://packetstormsecurity.com/files/124587/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="securimage-wp">
-    <vulnerability>
-      <title>Securimage-WP 3.2.4 - siwp_test.php URI XSS</title>
-      <references>
-        <osvdb>93259</osvdb>
-        <secunia>53376</secunia>
-        <url>http://packetstormsecurity.com/files/121588/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/84186</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="amazon-affiliate-link-localizer">
-    <vulnerability>
-      <title>Amazon Affiliate Link Localizer 1.8.2 - amazon_affiliate_link_localizer.php amzn_com Parameter XSS</title>
-      <references>
-        <osvdb>100783</osvdb>
-        <url>http://www.dfcode.org/code.php?id=27</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="maxbuttons">
-    <vulnerability>
-      <title>MaxButtons 1.19.0 - includes/maxbuttons-button-css.php Authentication Bypass</title>
-      <references>
-        <osvdb>101773</osvdb>
-        <secunia>56272</secunia>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>1.20.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="aprils-super-functions-pack">
-    <vulnerability>
-      <title>April's Super Functions Pack 1.4.7 - readme.php page Parameter Reflected XSS</title>
-      <references>
-        <osvdb>101807</osvdb>
-        <secunia>55576</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.8</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordpress-connect">
-    <vulnerability>
-      <title>WordPress Connect 2.0.3 - Editor Pages Unspecified XSS</title>
-      <references>
-        <osvdb>101716</osvdb>
-        <secunia>56238</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="page-layout-builder">
-    <vulnerability>
-      <title>Page Layout Builder 1.3.4 - includes/layout-settings.php layout_settings_id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>101723</osvdb>
-        <secunia>56214</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Page Layout Builder 1.3.4 - Unspecified Issue</title>
-      <references>
-        <osvdb>101724</osvdb>
-        <secunia>56214</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.3.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="foliopress-wysiwyg">
-    <vulnerability>
-      <title>Foliopress WYSIWYG - Unspecified XSS</title>
-      <references>
-        <osvdb>101726</osvdb>
-        <secunia>56261</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.6.8.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="intouch">
-    <vulnerability>
-      <title>intouch 2.0 - intouch.js.php intouch_failure Parameter Reflected XSS</title>
-      <references>
-        <osvdb>101822</osvdb>
-        <url>http://packetstormsecurity.com/files/124687/</url>
-        <url>http://www.securityfocus.com/bid/64680</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="nmedia-mailchimp-widget">
-    <vulnerability>
-      <title>Nmedia MailChimp 3.1 - api_mailchimp/postToMailChimp.php abs_path Parameter XSS</title>
-      <references>
-        <osvdb>83083</osvdb>
-        <secunia>49538</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ns-utilities">
-    <vulnerability>
-      <title>NS Utilities 1.0 - Unspecified Remote Issue</title>
-      <references>
-        <osvdb>82944</osvdb>
-        <secunia>49476</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="spiffy">
-    <vulnerability>
-      <title>Spiffy XSPF Player 0.1 - playlist.php playlist_id Parameter SQL Injection</title>
-      <references>
-        <osvdb>92258</osvdb>
-        <cve>2013-3530</cve>
-        <url>http://packetstormsecurity.com/files/121204/</url>
-        <url>http://www.securityfocus.com/bid/58976</url>
-        <url>http://xforce.iss.net/xforce/xfdb/83345</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="easy-media-gallery">
-    <vulnerability>
-      <title>Easy Media Gallery 1.2.29 - wp-admin/edit.php Multiple Parameter Stored XSS</title>
-      <references>
-        <osvdb>103779</osvdb>
-        <url>http://packetstormsecurity.com/files/125396/</url>
-        <url>http://www.securityfocus.com/bid/65804</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Easy Media Gallery 1.2.25 - includes/emg-settings.php spg_add_admin Function Admin User Creation CSRF</title>
-      <references>
-        <osvdb>101941</osvdb>
-        <secunia>56408</secunia>
-        <url>http://incolumitas.com/2013/12/17/exploiting-wordpress-plugins-using-insecure-admin-forms-no-3-example-exploit-included/</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.2.27</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-members">
-    <vulnerability>
-      <title>WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS</title>
-      <references>
-        <osvdb>101946</osvdb>
-        <secunia>56271</secunia>
-        <url>http://packetstormsecurity.com/files/124720/</url>
-        <url>http://www.securityfocus.com/bid/64713</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.8.10</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>101947</osvdb>
-        <secunia>56271</secunia>
-        <url>http://packetstormsecurity.com/files/124720/</url>
-        <url>http://www.securityfocus.com/bid/64713</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.8.10</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wpmbytplayer">
-    <vulnerability>
-      <title>mb.YTPlayer for background videos 1.7.2 - TinyMCE Popup Unspecified Issue</title>
-      <references>
-        <osvdb>101718</osvdb>
-        <secunia>56270</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.7.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="keyring">
-    <vulnerability>
-      <title>Keyring 1.5 - OAuth Example Page XSS</title>
-      <references>
-        <secunia>56367</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="avchat-3">
-    <vulnerability>
-      <title>AVChat Video Chat 1.4.1 - index_popup.php Multiple Parameters Reflected XSS</title>
-      <references>
-        <osvdb>102206</osvdb>
-        <secunia>56447</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="groupdocs-comparison">
-    <vulnerability>
-      <title>GroupDocs Comparison 1.0.2 - grpdocscomparison.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>102297</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="groupdocs-signature">
-    <vulnerability>
-      <title>GroupDocs Signature 1.2.0 - grpdocs-dialog.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>102298</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>GroupDocs Signature 1.2.0 - options.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>102299</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="groupdocs-viewer">
-    <vulnerability>
-      <title>GroupDocs Viewer 1.4.1 - options.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>102299</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>GroupDocs Viewer 1.4.1 - grpdocs-dialog.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>102300</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="groupdocs-documents-annotation">
-    <vulnerability>
-      <title>GroupDocs Document Annotation 1.3.8 - options.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>102299</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>GroupDocs Document Annotation 1.3.8 - grpdocs-dialog.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>102301</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="athlon-manage-calameo-publications">
-    <vulnerability>
-      <title>Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102433</osvdb>
-        <secunia>56428</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ss-downloads">
-    <vulnerability>
-      <title>SS Downloads  1.4.4.1 - services/getfile.php file Parameter XSS</title>
-      <references>
-        <osvdb>102501</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>SS Downloads  1.4.4.1 - ss-downloads.php Multiple Variables XSS</title>
-      <references>
-        <osvdb>102502</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>SS Downloads  1.4.4.1 - templates/download.php Multiple Parameters Reflected XSS</title>
-      <references>
-        <osvdb>102503</osvdb>
-        <secunia>56428</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>SS Downloads  1.4.4.1 - templates/register.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102504</osvdb>
-        <secunia>56428</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>SS Downloads  1.4.4.1 - templates/emailsent.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102537</osvdb>
-        <secunia>56532</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>SS Downloads  1.4.4.1 - templates/emailform.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102538</osvdb>
-        <secunia>56532</secunia>
-        <url>http://packetstormsecurity.com/files/124958/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>SS Downloads  1.4.4.1 - templates/emailandnameform.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102539</osvdb>
-        <secunia>56532</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="global-flash-galleries">
-    <vulnerability>
-      <title>Global Flash Galleries - popup.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>104907</osvdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Global Flash Galleries - swfupload.php Unauthenticated Image Upload Weakness</title>
-      <references>
-        <osvdb>102423</osvdb>
-        <url>http://packetstormsecurity.com/files/124850/</url>
-        <url>http://www.securityfocus.com/bid/65060</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="social-connect">
-    <vulnerability>
-      <title>Social Connect 0.10.1 - diagnostics/test.php testing Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102411</osvdb>
-        <secunia>56587</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.10.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="let-them-unsubscribe">
-    <vulnerability>
-      <title>Let Them Unsubscribe 1.0 - let-them-unsubscribe.php Multiple Unspecified Issues</title>
-      <references>
-        <osvdb>102500</osvdb>
-        <secunia>56659</secunia>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="seo-image">
-    <vulnerability>
-      <title>SEO Friendly Images 2.7.4 - seo-friendly-images.php Add Page CSRF</title>
-      <references>
-        <osvdb>101789</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.7.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>SEO Friendly Images 2.7.4 - seo-friendly-images.php Multiple Parameters XSS</title>
-      <references>
-        <osvdb>101790</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.7.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wordpress-social-ring">
-    <vulnerability>
-      <title>Social Ring 1.0 - share.php url Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102424</osvdb>
-        <url>http://packetstormsecurity.com/files/124851/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.1.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="flagallery-skins">
-    <vulnerability>
-      <title>GRAND FlAGallery Skins - compact_music_player/gallery.php playlist Parameter SQL Injection</title>
-      <references>
-        <osvdb>93581</osvdb>
-        <url>http://packetstormsecurity.com/files/121699/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="contus-video-gallery">
-    <vulnerability>
-      <title>Contus Video Gallery - index.php playid Parameter SQL Injection</title>
-      <references>
-        <osvdb>93369</osvdb>
-        <cve>2013-3478</cve>
-        <secunia>51344</secunia>
-        <url>http://www.securityfocus.com/bid/59845</url>
-        <url>http://xforce.iss.net/xforce/xfdb/84239</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="webengage">
-    <vulnerability>
-      <title>WebEngage 2.0.0 - callback.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102560</osvdb>
-        <secunia>56700</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WebEngage 2.0.0 - renderer.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102561</osvdb>
-        <secunia>56700</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WebEngage 2.0.0 - resize.php height Parameter XSS</title>
-      <references>
-        <osvdb>102562</osvdb>
-        <secunia>56700</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="fetch-tweets">
-    <vulnerability>
-      <title>Fetch Tweets 1.3.3.6 - class/FetchTweets_Event_.php Missing Permission Check Unspecified Issue</title>
-      <references>
-        <osvdb>102578</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="seolinkrotator">
-    <vulnerability>
-      <title>Seo Link Rotator - pusher.php title Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102594</osvdb>
-        <secunia>56710</secunia>
-        <url>http://packetstormsecurity.com/files/124959/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="nokia-mapsplaces">
-    <vulnerability>
-      <title>Nokia Maps and Places 1.6.6 - place.html href Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102669</osvdb>
-        <cve>2014-1750</cve>
-        <secunia>56604</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.6.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="webinar_plugin">
-    <vulnerability>
-      <title>Easy Webinar - get_widget.php wid Parameter SQL Injection</title>
-      <references>
-        <osvdb>86754</osvdb>
-        <exploitdb>22300</exploitdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.6.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-social-invitations">
-    <vulnerability>
-      <title>WP Social Invitations &lt;=1.4.4.2 - test.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102741</osvdb>
-        <secunia>56711</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.4.4.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="infusionsoft">
-    <vulnerability>
-      <title>Infusionsoft Gravity Forms Add-on 1.5.6 - Unspecified XSS</title>
-      <references>
-        <osvdb>102742</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="comment-control">
-    <vulnerability>
-      <title>Comment Control 0.3.0 - comment-control.php type Parameter SQL Injection</title>
-      <references>
-        <osvdb>102581</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>0.3.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wptouch">
-    <vulnerability>
-      <title>WPtouch 3.x - Insecure Nonce Generation</title>
-      <references>
-        <url>http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html</url>
-        <metasploit>exploit/unix/webapp/wp_wptouch_file_upload</metasploit>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>3.4.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WPtouch 1.9.27 - 'wptouch_redirect' Parameter URI Redirection Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/48348</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.9.30</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WPtouch 1.9.19.4 - wp-content/plugins/wptouch/include/adsense-new.php wptouch_settings Parameter XSS</title>
-      <references>
-        <osvdb>69538</osvdb>
-        <cve>2010-4779</cve>
-        <secunia>42438</secunia>
-        <url>http://www.securityfocus.com/bid/45139</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.20</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WPtouch 1.9.8 - ajax/file_upload.php Crafted Content-Type File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>102582</osvdb>
-      </references>
-      <type>RCE</type>
-      <fixed_in>1.9.8.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WPtouch 1.9.8 - include/submit.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>102583</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.9.8.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="better-search">
-    <vulnerability>
-      <title>Better Search 1.2.1 - admin.inc.php Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>102584</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="very-simple-contact-form">
-    <vulnerability>
-      <title>Very Simple Contact Form 1.1 - Unspecified Issue</title>
-      <references>
-        <osvdb>102798</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="stop-user-enumeration">
-    <vulnerability>
-      <title>Stop User Enumeration 1.2.4 - POST Request Protection Bypass</title>
-      <references>
-        <osvdb>102799</osvdb>
-        <secunia>56643</secunia>
-        <url>http://packetstormsecurity.com/files/125035/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Feb/3</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="delightful-downloads">
-    <vulnerability>
-      <title>Delightful Downloads 1.3.1.1 - meta-boxes.php dedo_meta_boxes_save Function Multiple Action Authorization Bypass</title>
-      <references>
-        <osvdb>102932</osvdb>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>1.3.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Delightful Downloads 1.3.1.1 - includes/functions.php User-Agent HTTP Header Stored XSS</title>
-      <references>
-        <osvdb>102928</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.3.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mobiloud-mobile-app-plugin">
-    <vulnerability>
-      <title>Mobiloud 1.9.0 - comments/disqus_count.php shortname Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102898</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Mobiloud 1.9.0 - comments/disqus.php shortname Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102899</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="all_in_one_carousel">
-    <vulnerability>
-      <title>all_in_one_carousel 1.2.20 - /tpl/add_carousel.php id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>103351</osvdb>
-        <secunia>56962</secunia>
-        <url>http://seclists.org/bugtraq/2014/Feb/38</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="frontend-uploader">
-    <vulnerability>
-      <title>Frontend Uploader - Unspecified File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>103454</osvdb>
-        <exploitdb>31570</exploitdb>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-security-scan">
-    <vulnerability>
-      <title>Acunetix WP Security 4.0.3 - /wp-admin/admin.php wps-database Page Backup Generation CSRF Weakness</title>
-      <references>
-        <osvdb>103467</osvdb>
-        <url>http://packetstormsecurity.com/files/125218/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="aryo-activity-log">
-    <vulnerability>
-      <title>Aryo Activity Log - Full Path Disclosure</title>
-      <references>
-        <url>https://github.com/KingYes/wordpress-aryo-activity-log/pull/27</url>
-      </references>
-      <type>FPD</type>
-      <fixed_in>2.0.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-jquery-spam">
-    <vulnerability>
-      <title>WP jQuery Spam 1.1 - dynamic.php id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>103579</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="media-file-renamer">
-    <vulnerability>
-      <title>Media File Renamer v1.7.0 - Persistent XSS</title>
-      <references>
-        <cve>2014-2040</cve>
-        <url>http://packetstormsecurity.com/files/125378/</url>
-        <url>http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="flash-player-widget">
-    <vulnerability>
-      <title>Flash Player Widget - dewplayer.swf Content Spoofing</title>
-      <references>
-        <url>http://www.openwall.com/lists/oss-security/2013/12/30/5</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="alpine-photo-tile-for-instagram">
-    <vulnerability>
-      <title>Alpine PhotoTile For Instagram 1.2.6.5 - wp-admin/options-general.php general_lightbox_params Parameter XSS Weakness</title>
-      <references>
-        <osvdb>103822</osvdb>
-        <secunia>57198</secunia>
-        <url>http://packetstormsecurity.com/files/125418/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="widget-control-powered-by-everyblock">
-    <vulnerability>
-      <title>Widget Control Powered By Everyblock 1.0.1 - wp-admin/admin.php idDropdown Parameter XSS Weakness</title>
-      <references>
-        <osvdb>103831</osvdb>
-        <secunia>57203</secunia>
-        <url>http://packetstormsecurity.com/files/125421/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="search-everything">
-    <vulnerability>
-      <title>Search Everything 8.1.0 - options.php Unspecified CSRF</title>
-      <references>
-        <osvdb>106733</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>8.1.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Search Everything 7.0.4 - Unspecified Issue</title>
-      <references>
-        <osvdb>104058</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>8.0</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Search Everything 7.0.2 - search-everything.php s Parameter SQL Injection</title>
-      <references>
-        <osvdb>103718</osvdb>
-        <secunia>56802</secunia>
-        <url>http://www.securityfocus.com/bid/65765</url>
-        <cve>2014-2316</cve>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>7.0.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="zedity">
-    <vulnerability>
-      <title>Zedity 2.5 - wp-admin/admin-ajax.php zedity_ajax Action zaction Parameter XSS</title>
-      <references>
-        <osvdb>103789</osvdb>
-        <secunia>57026</secunia>
-        <url>http://www.securityfocus.com/bid/65799</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Zedity 2.4 - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/125402/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-post-to-pdf">
-    <vulnerability>
-      <title>WP Post to PDF 2.3.1 - wp-admin/options.php wpptopdf headerFontSize Parameter XSS</title>
-      <references>
-        <osvdb>103872</osvdb>
-        <url>http://packetstormsecurity.com/files/125432/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bsk-pdf-manager">
-    <vulnerability>
-      <title>BSK PDF Manager 1.3.2 - wp-admin/admin.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>108913</osvdb>
-        <cve>2014-4944</cve>
-        <url>http://packetstormsecurity.com/files/127407/</url>
-        <url>http://www.securityfocus.com/bid/68488</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>BSK PDF Manager 1.3 - wp-admin/admin.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>103873</osvdb>
-        <url>http://packetstormsecurity.com/files/125422/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mp3-jplayer">
-    <vulnerability>
-      <title>MP3-jPlayer 1.8.7 - wp-admin/options-general.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>103875</osvdb>
-        <url>http://packetstormsecurity.com/files/125417/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>MP3-jPlayer 1.8.3 - jPlayer.swf XSS</title>
-      <references>
-        <osvdb>92254</osvdb>
-      </references>
-      <fixed_in>1.8.4</fixed_in>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="google-analytics-mu">
-    <vulnerability>
-      <title>Google Analytics MU 2.3 - google-analytics-mu-network.php Analytics Code Manipulation CSRF</title>
-      <references>
-        <osvdb>103937</osvdb>
-        <secunia>56157</secunia>
-        <url>http://packetstormsecurity.com/files/125514/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Mar/20</url>
-        <url>http://www.securityfocus.com/bid/65926</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="repagent">
-    <vulnerability>
-      <title>Repagent - dewplayer-vinyl.swf xml Parameter XML File Handling XSS</title>
-      <references>
-        <osvdb>101353</osvdb>
-        <url>http://packetstormsecurity.com/files/124582/</url>
-        <url>http://www.securityfocus.com/bid/64506</url>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Repagent - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS</title>
-      <references>
-        <osvdb>101352</osvdb>
-        <url>http://packetstormsecurity.com/files/124582/</url>
-        <url>http://www.securityfocus.com/bid/64506</url>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="LayerSlider">
-    <vulnerability>
-      <title>LayerSlider 4.6.1 - wp-admin/admin.php Style Editing CSRF</title>
-      <references>
-        <osvdb>104393</osvdb>
-        <secunia>57930</secunia>
-        <url>http://packetstormsecurity.com/files/125637/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>LayerSlider 4.6.1 - LayerSlider/editor.php skin Parameter Remote Path Traversal File Access</title>
-      <references>
-        <osvdb>104394</osvdb>
-        <secunia>57309</secunia>
-        <url>http://packetstormsecurity.com/files/125637/</url>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="xcloner-backup-and-restore">
-    <vulnerability>
-      <title>XCloner 3.1.0 - Multiple Actions CSRF</title>
-      <references>
-        <cve>2014-2340</cve>
-        <cve>2014-2579</cve>
-        <osvdb>104402</osvdb>
-        <secunia>57362</secunia>
-        <exploitdb>32701</exploitdb>
-        <url>http://packetstormsecurity.com/files/125991/</url>
-        <url>https://www.htbridge.com/advisory/HTB23206</url>
-        <url>https://www.htbridge.com/advisory/HTB23207</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>3.1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="guiform">
-    <vulnerability>
-      <title>GuiForm 1.4.10 - class/class-ajax.php Entry Saving CSRF</title>
-      <references>
-        <osvdb>104399</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.5.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="clickdesk-live-support-chat-plugin">
-    <vulnerability>
-      <title>ClickDesk - Live Chat Widget Multiple Field XSS</title>
-      <references>
-        <osvdb>104037</osvdb>
-        <url>http://packetstormsecurity.com/files/125528/</url>
-        <url>http://www.securityfocus.com/bid/65971</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="duplicate-post">
-    <vulnerability>
-      <title>Duplicate Post 2.5 - duplicate-post-admin.php User Login Cookie Value SQL Injection</title>
-      <references>
-        <osvdb>104669</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Duplicate Post 2.5 - options-general.php post Parameter Reflected XSS</title>
-      <references>
-        <osvdb>104670</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="mtouch-quiz">
-    <vulnerability>
-      <title>mTouch Quiz 3.0.6 - question.php quiz Parameter Reflected XSS</title>
-      <references>
-        <osvdb>104667</osvdb>
-        <url>http://www.securityfocus.com/bid/66306</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>mTouch Quiz 3.0.6 - question.php quiz Parameter SQL Injection</title>
-      <references>
-        <osvdb>104668</osvdb>
-        <url>http://www.securityfocus.com/bid/66306</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.0.7</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-retail-menus">
-    <vulnerability>
-      <title>Simple Retail Menus 4.0.1 - includes/actions.php targetmenu Parameter SQL Injection</title>
-      <references>
-        <osvdb>104680</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>4.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Simple Retail Menus 4.0.1 - includes/mode-edit.php targetmenu Parameter SQL Injection</title>
-      <references>
-        <osvdb>104682</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>4.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="user-domain-whitelist">
-    <vulnerability>
-      <title>User Domain Whitelist 1.4 - user-domain-whitelist.php domain_whitelist Parameter Stored XSS</title>
-      <references>
-        <osvdb>104681</osvdb>
-        <secunia>57490</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>User Domain Whitelist 1.4 -  user-domain-whitelist.php Domain Whitelisting Manipulation CSRF</title>
-      <references>
-        <osvdb>104683</osvdb>
-        <secunia>57490</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="subscribe-to-comments-reloaded">
-    <vulnerability>
-      <title>Subscribe To Comments Reloaded 140204 - options/index.php manager_page Parameter Stored XSS Weakness</title>
-      <references>
-        <osvdb>104698</osvdb>
-        <secunia>57015</secunia>
-        <url>http://www.securityfocus.com/bid/66288</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>140219</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Subscribe To Comments Reloaded 140204 - options/index.php Admin Settings Manipulation CSRF</title>
-      <references>
-        <osvdb>104699</osvdb>
-        <secunia>57015</secunia>
-        <url>http://www.securityfocus.com/bid/66288</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>140219</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="analytics360">
-    <vulnerability>
-      <title>Analytics360 1.2.1 - analytics360.php Multiple Action CSRF</title>
-      <references>
-        <osvdb>104743</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.2.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Analytics360 1.2 - analytics360.php a360_error Parameter Reflected XSS</title>
-      <references>
-        <osvdb>104744</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="the-events-calendar">
-    <vulnerability>
-      <title>The Events Calendar 3.0 - lib/template-classes/month.php tribe-bar-search Parameter Reflected XSS</title>
-      <references>
-        <osvdb>104785</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="form-maker">
-    <vulnerability>
-      <title>Form Maker 1.6.4 - front_end_form_maker.php Unspecified XSS</title>
-      <references>
-        <osvdb>104870</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.6.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="1-jquery-photo-gallery-slideshow-flash">
-    <vulnerability>
-      <title>ZooEffect 1.08 - wp-1pluginjquery.php HTTP Referer Header Reflected XSS</title>
-      <references>
-        <osvdb>104876</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.09</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="google-analytics-dashboard">
-    <vulnerability>
-      <title>Google Analytics Dashboard 2.0.4 - gad-admin-pages-posts.php pid Parameter SQL Injection</title>
-      <references>
-        <osvdb>104877</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.0.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="blogvault-real-time-backup">
-    <vulnerability>
-      <title>blogVault 1.08 - Missing Account Empty Secret Key Generation</title>
-      <references>
-        <osvdb>107570</osvdb>
-      </references>
-      <type>BYPASS</type>
-      <fixed_in>1.09</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>blogVault 1.05 - admin.php blogVault Key Setting CSRF</title>
-      <references>
-        <osvdb>104906</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.06</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="captcha">
-    <vulnerability>
-      <title>Captcha 2.12-3.8.1 - captcha bypass</title>
-      <references>
-        <url>http://www.antoine-cervoise.fr/2014/03/27/contournement-du-plugin-captcha-pour-wordpress-v-3-8-1-et-anterieures/</url>
-        <url>https://github.com/cervoise/pentest-scripts/blob/master/web/cms/captcha-bypass/wordpress-plugins/captcha/bypass-3.8.1-and-previous.php</url>
-      </references>
-      <type>BYPASS</type>
-      <fixed_in>3.8.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-html-sitemap">
-    <vulnerability>
-      <title>WP HTML Sitemap 1.2 - wp-html-sitemap.html Sitemap Deletion CSRF</title>
-      <references>
-        <osvdb>105084</osvdb>
-        <url>http://packetstormsecurity.com/files/125933/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Mar/400</url>
-        <url>https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="groups">
-    <vulnerability>
-      <title>Groups 1.4.5 - Negated Role Capability Handling Elevated Privilege Issue</title>
-      <references>
-        <osvdb>104940</osvdb>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>1.4.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="html5-jquery-audio-player">
-    <vulnerability>
-      <title>HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php Multiple Parameter Stored XSS Weakness</title>
-      <references>
-        <osvdb>104951</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>104952</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>2.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="shrimptest">
-    <vulnerability>
-      <title>ShrimpTest 1.0b2 - plugins/metric-conversion.php Multiple Unspecified XSS</title>
-      <references>
-        <osvdb>104956</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0b3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>ShrimpTest 1.0b2 - plugins/plugin-notification.php Unspecified XSS</title>
-      <references>
-        <osvdb>104957</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0b3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>ShrimpTest 1.0b2 - plugins/variant-shortcode.php Unspecified XSS</title>
-      <references>
-        <osvdb>104958</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0b3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>ShrimpTest 1.0b2 - admin/experiments.php Multiple Unspecified XSS</title>
-      <references>
-        <osvdb>104959</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0b3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>ShrimpTest 1.0b2 - admin/experiment-new.php Multiple Unspecified XSS</title>
-      <references>
-        <osvdb>104960</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0b3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="activehelper-livehelp">
-    <vulnerability>
-      <title>ActiveHelper LiveHelp Server 3.2.2 - server/import/status.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>104990</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.4.0</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>ActiveHelper LiveHelp Server 3.2.2 - server/import/tracker.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>104991</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.4.0</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>ActiveHelper LiveHelp Server 3.2.2 - server/import/javascript.php Multiple Vector SQL Injection</title>
-      <references>
-        <osvdb>104992</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.4.0</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>ActiveHelper LiveHelp Server 3.2.2 - server/frames.php DEPARTMENT Parameter SQL Injection</title>
-      <references>
-        <osvdb>104993</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.4.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="springboard-video-quick-publish">
-    <vulnerability>
-      <title>Springboard Video Quick Publish 0.2.6 - videolist.php paged Parameter Reflected XSS</title>
-      <references>
-        <osvdb>105992</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.2.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Springboard Video Quick Publish 0.2.6 - springboardvideo.php video_id Parameter XSS</title>
-      <references>
-        <osvdb>105993</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.2.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Springboard Video Quick Publish 0.2.6 - sb_search.php paged Parameter Reflected XSS</title>
-      <references>
-        <osvdb>105994</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.2.7</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Springboard Video Quick Publish 0.2.4 - Unspecified Issue</title>
-      <references>
-        <osvdb>105007</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>0.2.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ignitiondeck">
-    <vulnerability>
-      <title>IgnitionDeck 1.1 - Purchase Form Unspecified XSS</title>
-      <references>
-        <osvdb>105008</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ajax-pagination">
-    <vulnerability>
-      <title>Ajax Pagination 1.1 - wp-admin/admin-ajax.php loop Parameter Local File Inclusion</title>
-      <references>
-        <osvdb>105087</osvdb>
-        <exploitdb>32622</exploitdb>
-        <url>http://packetstormsecurity.com/files/125929/</url>
-        <url>http://seclists.org/fulldisclosure/2014/Mar/398</url>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="tt-guest-post-submit">
-    <vulnerability>
-      <title>TT Guest Post Submit 1.0.0 - tt-guest-post-submit-submit.php rootpath Parameter Remote File Inclusion</title>
-      <references>
-        <osvdb>105120</osvdb>
-      </references>
-      <type>RFI</type>
-      <fixed_in>1.0.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="salesforce-wordpress-to-lead">
-    <vulnerability>
-      <title>WordPress-to-Lead for Salesforce CRM 1.0.4 - ov_plugin_tools.php textinput Function XSS</title>
-      <references>
-        <osvdb>105146</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress-to-Lead for Salesforce CRM 1.0.1 - salesforce.php salesforce_form_shortcode Function Error Message Handling XSS</title>
-      <references>
-        <osvdb>105148</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress-to-Lead for Salesforce CRM 1.0 - salesforce.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>105147</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="disable-comments">
-    <vulnerability>
-      <title>Disable Comments 1.0.3 - disable_comments_settings.php Comment Status Manipulation CSRF</title>
-      <references>
-        <osvdb>105245</osvdb>
-        <cve>2014-2550</cve>
-        <secunia>57613</secunia>
-        <url>http://www.securityfocus.com/bid/66564</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.0.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-business-intelligence-lite">
-    <vulnerability>
-      <title>WP Business intelligence lite &lt;= 1.0.6 - Remote Code Execution Exploit</title>
-      <references>
-        <secunia>57590</secunia>
-        <url>http://packetstormsecurity.com/files/125927/</url>
-        <url>http://cxsecurity.com/issue/WLB-2014030243</url>
-      </references>
-      <type>RCE</type>
-      <fixed_in>1.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="barclaycart">
-    <vulnerability>
-      <title>Barclaycart - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/125552/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="Premium_Gallery_Manager">
-    <vulnerability>
-      <title>Premium Gallery Manager - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/125586/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="jetpack">
-    <vulnerability>
-      <title>Jetpack &lt;= 2.9.2 - class.jetpack.php XML-RPC Access Control Bypass</title>
-      <references>
-        <osvdb>105714</osvdb>
-        <cve>2014-0173</cve>
-        <secunia>57729</secunia>
-        <url>http://jetpack.me/2014/04/10/jetpack-security-update/</url>
-      </references>
-      <type>BYPASS</type>
-      <fixed_in>2.9.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="lazyest-gallery">
-    <vulnerability>
-      <title>Lazyest Gallery &lt;= 1.1.20 - EXIF Script Insertion Vulnerability</title>
-      <references>
-        <cve>2014-2333</cve>
-        <osvdb>105680</osvdb>
-        <secunia>57746</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.1.21</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Lazyest Gallery 1.1.7 - Crafted Folder Name Unspecified Issue</title>
-      <references>
-        <osvdb>105728</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.1.8</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Lazyest Gallery 0.10.4.3 - Multiple File/Directory Insecure Permissions Local Content Manipulation</title>
-      <references>
-        <osvdb>105818</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>0.10.4.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Lazyest Gallery 0.4.2 - Multiple Unspecified Issues</title>
-      <references>
-        <osvdb>107400</osvdb>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="post-expirator">
-    <vulnerability>
-      <title>Post Expirator &lt;= 2.1.1 - Cross-Site Request Forgery Vulnerability</title>
-      <references>
-        <secunia>57503</secunia>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>2.1.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="quick-pagepost-redirect-plugin">
-    <vulnerability>
-      <title>Quick Page Post Redirect 5.0.4 - redirect-updates.php quickppr_redirects Parameter Stored XSS</title>
-      <references>
-        <osvdb>105707</osvdb>
-        <cve>2014-2598</cve>
-        <secunia>57883</secunia>
-        <exploitdb>32867</exploitdb>
-        <url>http://www.securityfocus.com/bid/66790</url>
-        <url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>5.0.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Quick Page Post Redirect 5.0.4 - redirect-updates.php Multiple Admin Function CSRF</title>
-      <references>
-        <osvdb>105708</osvdb>
-        <cve>2014-2598</cve>
-        <secunia>57883</secunia>
-        <exploitdb>32867</exploitdb>
-        <url>http://www.securityfocus.com/bid/66790</url>
-        <url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>5.0.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="twitget">
-    <vulnerability>
-      <title>Twitget 3.3.1 - twitget.php Twitter Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>105705</osvdb>
-        <cve>2014-2559</cve>
-        <exploitdb>32868</exploitdb>
-        <url>https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1/</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Twitget 3.3.1 - twitget.php twitget_consumer_key Parameter Stored XSS</title>
-      <references>
-        <osvdb>105704</osvdb>
-        <cve>2014-2559</cve>
-        <exploitdb>32868</exploitdb>
-        <url>https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1/</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="hk-exif-tags">
-    <vulnerability>
-      <title>HK Exif Tags 1.11 - hk_exif_tags.php hk_exif_tags_images_process Function EXIF Tags Handling Stored XSS</title>
-      <references>
-        <osvdb>105725</osvdb>
-        <secunia>57753</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.12</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="unconfirmed">
-    <vulnerability>
-      <title>Unconfirmed &lt;= 1.2.4 - unconfirmed.php s Parameter Reflected XSS</title>
-      <references>
-        <osvdb>105722</osvdb>
-        <secunia>57838</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.2.5</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="liveoptim">
-    <vulnerability>
-      <title>LiveOptim 1.4.3 - Configuration Setting Manipulation CSRF</title>
-      <references>
-        <osvdb>105986</osvdb>
-        <secunia>57990</secunia>
-        <url>http://www.securityfocus.com/bid/66939</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.4.4</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-conditional-captcha">
-    <vulnerability>
-      <title>Conditional CAPTCHA 3.6 - wp-conditional-captcha.php Settings Page CSRF</title>
-      <references>
-        <osvdb>106014</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-js-external-link-info">
-    <vulnerability>
-      <title>JS External Link Info 1.21 - redirect.php blog Parameter XSS</title>
-      <references>
-        <osvdb>106125</osvdb>
-        <url>http://packetstormsecurity.com/files/126238/</url>
-        <url>http://www.securityfocus.com/bid/66999</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-fields">
-    <vulnerability>
-      <title>Simple Fields 1.1.6 - inc-admin-options.php Admin Functions CSRF</title>
-      <references>
-        <osvdb>106316</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Simple Fields 0.3.5 - simple_fields.php wp_abspath Parameter Remote File Inclusion</title>
-      <references>
-        <osvdb>106622</osvdb>
-      </references>
-      <type>RFI</type>
-      <fixed_in>0.3.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="work-the-flow-file-upload">
-    <vulnerability>
-      <title>Work The Flow File Upload 1.2.1 - wp-admin/admin-ajax.php accept_file_types Parameter Manipulation File Upload Restriction Bypass</title>
-      <references>
-        <osvdb>106366</osvdb>
-        <secunia>58216</secunia>
-        <url>http://www.securityfocus.com/bid/67083</url>
-        <url>http://packetstormsecurity.com/files/126333/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="file-gallery">
-    <vulnerability>
-      <title>File Gallery 1.7.9 - Settings Page create_function Function Remote Command Execution</title>
-      <references>
-        <osvdb>106417</osvdb>
-        <cve>2014-2558</cve>
-        <secunia>58216</secunia>
-        <url>http://www.securityfocus.com/bid/67120</url>
-      </references>
-      <type>RCE</type>
-      <fixed_in>1.7.9.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="nextcellent-gallery-nextgen-legacy">
-    <vulnerability>
-      <title>NextCellent Gallery 1.9.13 - admin/manage-images.php Multiple Field Stored XSS Weakness</title>
-      <references>
-        <osvdb>106474</osvdb>
-        <url>http://www.securityfocus.com/bid/67085</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.9.18</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-affiliate-platform">
-    <vulnerability>
-      <title>WP Affiliate Manager - login.php msg Parameter XSS</title>
-      <references>
-        <osvdb>106533</osvdb>
-        <url>http://packetstormsecurity.com/files/126424/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="query-interface">
-    <vulnerability>
-      <title>Query Interface 1.1 - Multiple Unspecified Issues</title>
-      <references>
-        <osvdb>106642</osvdb>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>1.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="photo-gallery">
-    <vulnerability>
-      <title>Photo-Gallery - UploadHandler.php File Upload CSRF</title>
-      <references>
-        <osvdb>106732</osvdb>
-        <url>http://packetstormsecurity.com/files/126521/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="infusion4wp">
-    <vulnerability>
-     <title>iMember360is 3.9.001 - XSS / Disclosure / Code Execution</title>
-      <references>
-        <url>http://1337day.com/exploit/22184</url>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.9.002</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="acumbamail-signup-forms">
-    <vulnerability>
-     <title>Acumbamail 1.0.4  - acumbamail.class.php callAPI() Function MitM Information Disclosure</title>
-      <references>
-        <osvdb>106711</osvdb>
-        <secunia>67220</secunia>
-        <url>http://www.securityfocus.com/bid/67220</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.0.4.1</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="tinymce-colorpicker">
-    <vulnerability>
-     <title>TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Color Saving CSRF</title>
-      <references>
-        <osvdb>106854</osvdb>
-        <secunia>58095</secunia>
-        <url>http://www.securityfocus.com/bid/67333</url>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-     <title>TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Missing edit_others_posts Capability Check</title>
-      <references>
-        <osvdb>106854</osvdb>
-        <secunia>58095</secunia>
-        <url>http://www.securityfocus.com/bid/67333</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="contact-bank">
-    <vulnerability>
-     <title>Contact Bank 2.0.19 - Multiple Unspecified Issues</title>
-      <references>
-        <osvdb>106868</osvdb>
-        <secunia>67334</secunia>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0.20</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bonuspressx">
-    <vulnerability>
-     <title>Bonuspressx - ar_submit.php n Parameter XSS</title>
-      <references>
-        <osvdb>106931</osvdb>
-        <url>http://packetstormsecurity.com/files/126595/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="profile-builder">
-    <vulnerability>
-     <title>Profile Builder 1.1.59 - front-end/wppb.recover.password.php Password Recovery Bypass</title>
-      <references>
-        <osvdb>106986</osvdb>
-        <secunia>58511</secunia>
-        <url>http://www.securityfocus.com/bid/67331</url>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>1.1.60</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="basic-google-maps-placemarks">
-    <vulnerability>
-     <title>Basic Google Maps Placemarks 1.10.2 - settings.php Multiple Fields Stored XSS Weakness</title>
-      <references>
-        <osvdb>107121</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.10.3</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="simple-popup">
-    <vulnerability>
-     <title>Simple Popup - popup.php z Parameter XSS</title>
-      <references>
-        <osvdb>107294</osvdb>
-        <cve>2014-3921</cve>
-        <url>http://packetstormsecurity.com/files/126763/</url>
-        <url>http://www.securityfocus.com/bid/67562</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="bib2html">
-    <vulnerability>
-     <title>bib2html 0.9.3 - /OSBiB/create/index.php styleShortName Parameter XSS</title>
-      <references>
-        <osvdb>107296</osvdb>
-        <cve>2014-3870</cve>
-        <url>http://packetstormsecurity.com/files/126782/</url>
-        <url>http://www.securityfocus.com/bid/67589</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="conversionninja">
-    <vulnerability>
-     <title>Conversion Ninja - /lp/index.php id Parameter XSS</title>
-      <references>
-        <cve>2014-4017</cve>
-        <osvdb>107297</osvdb>
-        <url>http://packetstormsecurity.com/files/126781/</url>
-        <url>http://www.securityfocus.com/bid/67590</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cool-video-gallery">
-    <vulnerability>
-     <title>Cool Video Gallery 1.8 - admin/gallery-details.php Multiple Actions CSRF</title>
-      <references>
-        <osvdb>107354</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-     <title>Cool Video Gallery 1.8 - admin/gallery-manage.php Gallery Deletion CSRF</title>
-      <references>
-        <osvdb>107355</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-     <title>Cool Video Gallery 1.8 - admin/gallery-settings.php Gallery Settings Manipulation CSRF</title>
-      <references>
-        <osvdb>107356</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-     <title>Cool Video Gallery 1.8 - admin/gallery-sort.php Gallery Sort Order Manipulation CSRF</title>
-      <references>
-        <osvdb>107357</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-     <title>Cool Video Gallery 1.8 - admin/player-settings.php Player Settings Manipulation CSRF</title>
-      <references>
-        <osvdb>107358</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-     <title>Cool Video Gallery 1.8 - admin/plugin-uninstall.php Plugin Uninstallation CSRF</title>
-      <references>
-        <osvdb>107359</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-     <title>Cool Video Gallery 1.8 - admin/video-sitemap.php XML Video Sitemap Generation CSRF</title>
-      <references>
-        <osvdb>107360</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.9</fixed_in>
-    </vulnerability>
-    <vulnerability>
-     <title>Cool Video Gallery 1.8 - lib/core.php Multiple Actions CSRF</title>
-      <references>
-        <osvdb>107361</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="gtranslate">
-    <vulnerability>
-     <title>GTranslate 1.0.12 - gtranslate.php Widget Code Editing CSRF</title>
-      <references>
-        <osvdb>107399</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>1.0.13</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="world-of-warcraft-armory-table">
-    <vulnerability>
-     <title>World of Warcraft Armory Table 0.2.5 - WoWArmoryTable.php page Parameter Reflected XSS</title>
-      <references>
-        <osvdb>107479</osvdb>
-        <secunia>58596</secunia>
-        <url>http://www.securityfocus.com/bid/67628</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>0.2.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="participants-database">
-    <vulnerability>
-     <title>Participants Database 1.5.4.8 - pdb-signup CSV_type Action query Parameter SQL Injection</title>
-      <references>
-        <osvdb>107626</osvdb>
-        <cve>2014-3961</cve>
-        <secunia>58816</secunia>
-        <url>http://www.exploit-db.com/exploits/33613</url>
-        <url>http://packetstormsecurity.com/files/126878/</url>
-        <url>http://www.securityfocus.com/bid/67769</url>
-        <url>http://www.securityfocus.com/bid/67938</url>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.5.4.9</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="popup-images">
-    <vulnerability>
-     <title>Popup Images - popup-images/popup.php z Parameter XSS</title>
-      <references>
-        <osvdb>107627</osvdb>
-        <url>http://packetstormsecurity.com/files/126872/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ose-firewall">
-    <vulnerability>
-     <title>Centrora Security 3.2.1 - Multiple Admin Actions CSRF</title>
-      <references>
-        <osvdb>107658</osvdb>
-      </references>
-      <type>CSRF</type>
-      <fixed_in>3.3.0</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="lively-chat-support">
-    <vulnerability>
-     <title>Lively Chat Support 1.0.29 - Unspecified Issue</title>
-      <references>
-        <osvdb>107689</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.0.30</fixed_in>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="feature-comments">
-    <vulnerability>
-     <title>Featured Comments 1.2.1 - wp-admin/admin-ajax.php Comment Status Manipulation CSRF</title>
-      <references>
-        <osvdb>107844</osvdb>
-        <cve>2014-4163</cve>
-        <url>https://security.dxw.com/advisories/csrf-in-featured-comments-1-2-1-allows-an-attacker-to-set-and-unset-comment-statuses/</url>
-        <url>http://www.securityfocus.com/bid/67955</url>
-        <url>http://packetstormsecurity.com/files/127023/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-football">
-    <vulnerability>
-     <title>wp-football 1.1 - templates/template_worldCup_preview.php league Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108336</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-     <title>wp-football 1.1 - templates/template_default_preview.php league Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108337</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-     <title>wp-football 1.1 - football_phases_list.php id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108338</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-     <title>wp-football 1.1 - football_matches_phase.php id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108339</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-     <title>wp-football 1.1 - football_matches_load.php id_league Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108340</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-     <title>wp-football 1.1 - football_matches_list.php id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108341</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-     <title>wp-football 1.1 - football_groups_list.php id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108342</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-     <title>wp-football 1.1 - football-functions.php f Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108343</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-     <title>wp-football 1.1 - football_criteria.php league Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108344</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-     <title>wp-football 1.1 - football_classification.php league Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108345</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="member-approval">
-    <vulnerability>
-     <title>Member Approval 131109 - wp-admin/options-general.php Option Manipulation CSRF</title>
-      <references>
-        <osvdb>107845</osvdb>
-        <cve>2014-3850</cve>
-        <url>http://www.securityfocus.com/bid/67952</url>
-        <url>http://packetstormsecurity.com/files/127024/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="jw-player-plugin-for-wordpress">
-    <vulnerability>
-     <title>JW Player 2.1.2 - wp-admin/admin.php Player Deletion CSRF</title>
-      <references>
-        <cve>2014-4030</cve>
-        <osvdb>107846</osvdb>
-        <url>http://www.securityfocus.com/bid/67954</url>
-        <url>http://packetstormsecurity.com/files/127025/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="adminonline">
-    <vulnerability>
-     <title>AdminOnline - download.php file Parameter Remote Path Traversal File Access</title>
-      <references>
-        <osvdb>108024</osvdb>
-        <url>http://packetstormsecurity.com/files/127046/</url>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="ruven-toolkit">
-    <vulnerability>
-     <title>Ruven Toolkit 1.1 - tinymce/popup.php popup Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108312</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="verification-code-for-comments">
-    <vulnerability>
-     <title>Verification Code for Comments 2.1.0 - vcc.js.php Multiple Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108313</osvdb>
-        <cve>2014-4565</cve>
-        <url>http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wpcb">
-    <vulnerability>
-     <title>wpcb 2.4.8 - facture.php id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108407</osvdb>
-        <cve>2014-4581</cve>
-        <url>http://www.securityfocus.com/bid/68357</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-app-maker">
-    <vulnerability>
-     <title>WP App Maker 1.0.16.4 - icons-launcher.php uid Parameter Reflected XSS</title>
-      <references>
-        <osvdb>108408</osvdb>
-        <cve>2014-4578</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-amasin-the-amazon-affiliate-shop">
-    <vulnerability>
-     <title>wp-amasin-the-amazon-affiliate-shop 0.9.6 - reviews.php url Parameter Local File Inclusion</title>
-      <references>
-        <osvdb>108501</osvdb>
-        <cve>2014-4577</cve>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="cross-rss">
-    <vulnerability>
-     <title>Cross RSS 1.7 - proxy.php rss Parameter Local File Inclusion</title>
-      <references>
-        <osvdb>108502</osvdb>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wphotfiles">
-    <vulnerability>
-     <title>Hot Files &lt; 1.0.0 - Cross-site scripting (XSS) vulnerability in tpls/editmedia.php</title>
-      <references>
-        <cve>2014-4588</cve>
-        <osvdb>108720</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="yahoo-updates-for-wordpress">
-    <vulnerability>
-     <title>Yahoo Updates &lt; 1.0 - XSS vulnerabilities in yupdates_application.php</title>
-      <references>
-        <cve>2014-4603</cve>
-        <url>http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="toolpage">
-    <vulnerability>
-     <title>Toolpage 1.6.1 - XSS vulnerability in includes/getTipo.php</title>
-      <references>
-        <cve>2014-4560</cve>
-        <osvdb>108704</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="url-cloak-encrypt">
-    <vulnerability>
-     <title>Cloak and Encrypt &lt; 2.0 - XSS vulnerability in go.php</title>
-      <references>
-        <cve>2014-4563</cve>
-        <osvdb>108895</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-url-cloak-encrypt-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="validated">
-    <vulnerability>
-     <title>Validated &lt; 1.0.2 - XSS vulnerability in check.php</title>
-      <references>
-        <osvdb>108659</osvdb>
-        <cve>2014-4564</cve>
-        <url>http://www.securityfocus.com/bid/68320</url>
-        <url>http://codevigilant.com/disclosure/wp-plugin-validated-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="verweise-wordpress-twitter">
-    <vulnerability>
-     <title>Verwei.se WordPress Twitter &lt; 1.0 2 - XSS vulnerability in res/fake_twitter/frame.php</title>
-      <references>
-        <cve>2014-4566</cve>
-        <url>http://codevigilant.com/disclosure/wp-plugin-verweise-wordpress-twitter-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="easy-banners">
-    <vulnerability>
-     <title>Easy Banners 1.4 - XSS vulnerability in wp-admin/options-general.php</title>
-      <references>
-        <osvdb>108626</osvdb>
-        <cve>2014-4723</cve>
-        <url>http://packetstormsecurity.com/files/127293/</url>
-        <url>http://www.securityfocus.com/bid/68281</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="custom-banners">
-    <vulnerability>
-     <title>Custom Banners plugin 1.2.2.2 - XSS vulnerability in custom_banners_registered_name parameter to wp-admin/options.php</title>
-      <references>
-        <osvdb>108683</osvdb>
-        <cve>2014-4724</cve>
-        <url>http://packetstormsecurity.com/files/127291/</url>
-        <url>http://www.securityfocus.com/bid/68279</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="video-posts-webcam-recorder">
-    <vulnerability>
-     <title>Video Posts Webcam Recorder plugin &lt; 1.55.4 - XSS vulnerability in posts/videowhisper/r_logout.php</title>
-      <references>
-        <cve>2014-4568</cve>
-        <url>http://codevigilant.com/disclosure/wp-plugin-video-posts-webcam-recorder-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="zeenshare">
-    <vulnerability>
-     <title>ZeenShare plugin &lt; 1.0.1 - XSS vulnerability in redirect_to_zeenshare.php via the zs_sid parameter</title>
-      <references>
-        <cve>2014-4606</cve>
-        <url>http://codevigilant.com/disclosure/wp-plugin-zeenshare-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="zdstats">
-    <vulnerability>
-     <title>ZdStatistics &lt; 2.0.1 - XSS vulnerability in cal/test.php via the lang parameter</title>
-      <references>
-        <cve>2014-4605</cve>
-        <osvdb>108731</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-zdstats-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="your-text-manager">
-    <vulnerability>
-     <title>Your Text Manager &lt; 0.3.0 - XSS vulnerability in settings/pwsettings.php via the ytmpw parameter</title>
-      <references>
-        <cve>2014-4604</cve>
-        <url>http://codevigilant.com/disclosure/wp-plugin-your-text-manager-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="xen-carousel">
-    <vulnerability>
-     <title>XEN Carousel &lt; 0.12.2 - XSS vulnerabilities in xencarousel-admin.js.php via path or ajaxpath parameter</title>
-      <references>
-        <cve>2014-4602</cve>
-        <url>http://codevigilant.com/disclosure/wp-plugin-xen-carousel-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-media-player">
-    <vulnerability>
-     <title>WP Silverlight Media Player &lt; 0.8 - XSS vulnerability in uploader.php via the post_id parameter</title>
-      <references>
-        <cve>2014-4589</cve>
-        <osvdb>108721</osvdb>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-media-player-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-microblogs">
-    <vulnerability>
-     <title>WP Microblogs plugin &lt; 0.4.0 - XSS vulnerability in get.php via the oauth_verifier parameter</title>
-      <references>
-        <cve>2014-4590</cve>
-        <url>http://codevigilant.com/disclosure/wp-plugin-wp-microblogs-a3-cross-site-scripting-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-php-widget">
-    <vulnerability>
-      <title>WP PHP Widget 1.0.2 - Full Path Disclosure vulnerability</title>
-      <references>
-        <cve>2013-0721</cve>
-        <osvdb>88846</osvdb>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="socialgrid">
-    <vulnerability>
-      <title>SocialGrid 2.3 - inline-admin.js.php default_services Parameter XSS</title>
-      <references>
-        <osvdb>71966</osvdb>
-        <secunia>44256</secunia>
-        <url>http://seclists.org/bugtraq/2011/Apr/176</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
-  <plugin name="wp-easycart">
-    <vulnerability>
-      <title>EasyCart 2.0.5 - inc/admin/phpinfo.php Direct Request Remote Information Disclosure</title>
-      <references>
-        <osvdb>109030</osvdb>
-        <cve>2014-4942</cve>
-        <url>http://www.securityfocus.com/bid/68692</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0.6</fixed_in>
-    </vulnerability>
-  </plugin>
-
-</vulnerabilities>
diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
deleted file mode 100644
index 052254bc..00000000
--- a/data/theme_vulns.xml
+++ /dev/null
@@ -1,3585 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                 xsi:noNamespaceSchemaLocation="vuln.xsd">
-
-  <theme name="crius">
-    <vulnerability>
-      <title>Crius - VideoJS Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53427</secunia>
-        <url>http://seclists.org/fulldisclosure/2013/May/77</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="source">
-    <vulnerability>
-      <title>Source - VideoJS Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53457</secunia>
-        <url>http://seclists.org/fulldisclosure/2013/May/77</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="i-love-it">
-    <vulnerability>
-      <title>I Love It - VideoJS Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53548</secunia>
-        <url>http://seclists.org/fulldisclosure/2013/May/77</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="smartstart">
-    <vulnerability>
-      <title>Smart Start - VideoJS Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53460</secunia>
-        <url>http://seclists.org/fulldisclosure/2013/May/77</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="covertvideopress">
-    <vulnerability>
-      <title>Covert Videopress - VideoJS Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53494</secunia>
-        <url>http://seclists.org/fulldisclosure/2013/May/77</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="photolio">
-    <vulnerability>
-      <title>Photolio - VideoJS Cross-Site Scripting Vulnerability</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2013/May/77</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="onepagewebsite">
-    <vulnerability>
-      <title>onepagewebsite - Full Path Disclosure vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20027</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="vithy">
-    <vulnerability>
-      <title>vithy - Full Path Disclosure vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20040</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>vithy - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/19830</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>vithy - Custom Background Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/125827/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="appius">
-    <vulnerability>
-      <title>appius - Full Path Disclosure vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20039</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>appius - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/19831</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>appius - Custom Background Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/125827/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="yvora">
-    <vulnerability>
-      <title>yvora - Full Path Disclosure vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20038</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>yvora - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/19834</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="shotzz">
-    <vulnerability>
-      <title>Shotzz - Full Path Disclosure vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20041</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Shotzz - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/19829</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Shotzz - Custom Background Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/125827/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="dagda">
-    <vulnerability>
-      <title>dagda - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/19832</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>dagda - Custom Background Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/125827/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="moneymasters">
-    <vulnerability>
-      <title>moneymasters - Full Path Disclosure vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20077</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>moneymasters - File Upload Vulnerability (metasploit)</title>
-      <references>
-        <url>http://1337day.com/exploit/20076</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="ovum">
-    <vulnerability>
-      <title>XSS vulnerability in Imediapixel premium WordPress themes</title>
-      <references>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="avanix">
-    <vulnerability>
-      <title>XSS vulnerability in Imediapixel premium WordPress themes</title>
-      <references>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="ebiz">
-    <vulnerability>
-      <title>XSS vulnerability in Imediapixel premium WordPress themes</title>
-      <references>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="ecobiz">
-    <vulnerability>
-      <title>XSS vulnerability in Imediapixel premium WordPress themes</title>
-      <references>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="traject">
-    <vulnerability>
-      <title>XSS vulnerability in Parallelus premium WordPress themes</title>
-      <references>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="intersect">
-    <vulnerability>
-      <title>XSS vulnerability in Parallelus premium WordPress themes</title>
-      <references>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="salutation">
-    <vulnerability>
-      <title>XSS vulnerability in Parallelus premium WordPress themes</title>
-      <references>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="unite">
-    <vulnerability>
-      <title>XSS vulnerability in Parallelus premium WordPress themes</title>
-      <references>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="shapeless">
-    <vulnerability>
-      <title>Shapeless - Unspecified XSS</title>
-      <references>
-        <osvdb>85919</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="brisk">
-    <vulnerability>
-      <title>Brisk - Unspecified XSS</title>
-      <references>
-        <osvdb>85918</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="blaze">
-    <vulnerability>
-      <title>Blaze - Unspecified XSS</title>
-      <references>
-        <osvdb>85917</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="eunice">
-    <vulnerability>
-      <title>Eunice - Unspecified XSS</title>
-      <references>
-        <osvdb>85916</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="explicit">
-    <vulnerability>
-      <title>Explicit - Unspecified XSS</title>
-      <references>
-        <osvdb>85915</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="essence">
-    <vulnerability>
-      <title>Essence - Unspecified XSS</title>
-      <references>
-        <osvdb>85914</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="paramount">
-    <vulnerability>
-      <title>Paramount - Unspecified XSS</title>
-      <references>
-        <osvdb>85913</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="picturefactory">
-    <vulnerability>
-      <title>PictureFactory - Unspecified XSS</title>
-      <references>
-        <osvdb>85912</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="sparky">
-    <vulnerability>
-      <title>Sparky - Unspecified XSS</title>
-      <references>
-        <osvdb>85911</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="theagency">
-    <vulnerability>
-      <title>TheAgency - Unspecified XSS</title>
-      <references>
-        <osvdb>85910</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="konzept">
-    <vulnerability>
-      <title>Konzept - Unspecified XSS</title>
-      <references>
-        <osvdb>85920</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="daisho">
-    <vulnerability>
-      <title>Daisho - Unspecified XSS</title>
-      <references>
-        <osvdb>85921</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="choices">
-    <vulnerability>
-      <title>Choices - Unspecified XSS</title>
-      <references>
-        <osvdb>86755</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="brightbox">
-    <vulnerability>
-      <title>Brightbox - Unspecified XSS</title>
-      <references>
-        <osvdb>86756</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="broadscope">
-    <vulnerability>
-      <title>Broadscope - Unspecified XSS</title>
-      <references>
-        <osvdb>86757</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="corona">
-    <vulnerability>
-      <title>Corona - Unspecified XSS</title>
-      <references>
-        <osvdb>86758</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="flashlight">
-    <vulnerability>
-      <title>Flashlight - Unspecified XSS</title>
-      <references>
-        <osvdb>86759</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="coalition">
-    <vulnerability>
-      <title>Coalition - Unspecified XSS</title>
-      <references>
-        <osvdb>86760</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="shoutbox">
-    <vulnerability>
-      <title>Shoutbox - Unspecified XSS</title>
-      <references>
-        <osvdb>86761</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="velvet">
-    <vulnerability>
-      <title>Velvet - Unspecified XSS</title>
-      <references>
-        <osvdb>86762</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="upscale">
-    <vulnerability>
-      <title>Upscale - Unspecified XSS</title>
-      <references>
-        <osvdb>86763</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="expose">
-    <vulnerability>
-      <title>Expose - Unspecified XSS</title>
-      <references>
-        <osvdb>86764</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="abundance">
-    <vulnerability>
-      <title>Abundance - Unspecified XSS</title>
-      <references>
-        <osvdb>86765</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="eunoia">
-    <vulnerability>
-      <title>Eunoia - Unspecified XSS</title>
-      <references>
-        <osvdb>86766</osvdb>
-        <url>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="wise">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="webfolio">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="colorbold">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="rockwell">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="xmas">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="designpile">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="alltuts">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="boldy">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="simplo">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="diary">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="journalcrunch">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="prosume">
-    <vulnerability>
-      <title>Site5 Wordpress Themes Email Spoofing</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/114750/</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.0</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="famous">
-    <vulnerability>
-      <title>Famous 2.0.5 - Shell Upload</title>
-      <references>
-        <osvdb>83013</osvdb>
-        <url>http://packetstormsecurity.org/files/113842/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="deep-blue">
-    <vulnerability>
-      <title>Deep-Blue 1.9.2 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <osvdb>83014</osvdb>
-        <secunia>49611</secunia>
-        <url>http://packetstormsecurity.org/files/113843/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="classipress">
-    <vulnerability>
-      <title>Classipress &lt;= 3.1.4 - Stored XSS</title>
-      <references>
-        <cve>2011-5257</cve>
-        <osvdb>76712</osvdb>
-        <exploitdb>18053</exploitdb>
-        <url>http://cxsecurity.com/issue/WLB-2011110001</url>
-      </references>
-      <fixed_in>3.1.5</fixed_in>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="merchant">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="smpl">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="drawar">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="sentient">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="whitelight">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="unsigned">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="shelflife">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="olya">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="sliding">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="beveled">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="empire-commerce">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="buro-commerce">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="briefed-commerce">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="wikeasi">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="currents">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="emporium">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="biznizz-commerce">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="kaboodle-commerce">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="inspire-commerce">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="teamster">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="argentum">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="statua-commerce">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="simplicity-commerce">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="canvas-commerce">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="wootique">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="woostore">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="coquette">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="buro">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="swatch">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="announcement">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="empire">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="supportpress">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="editorial">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="statua">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="briefed">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="faultpress">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="kaboodle">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="savinggrace">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="premiere">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="simplicity">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="deliciousmagazine">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="bookclub">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="boldnews">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="placeholder">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="biznizz">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="auld">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="listings">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="elefolio">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="chapters">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="continuum">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="diner">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="skeptical">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="caffeinated">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="crisp">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="sealight">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="estate">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="tma">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="coda">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="inspire">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="apz">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="spectrum">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="diarise">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="boast">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="retreat">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="cityguide">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="canvas">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="postcard">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="delegate">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="mystream">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="optimize">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="backstage">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="bueno">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="digitalfarm">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="headlines">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="therapy">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="rockstar">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="DailyDeal">
-    <vulnerability>
-      <title>DailyDeal - File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>98924</osvdb>
-        <url>http://packetstormsecurity.com/files/123748/</url>
-        <url>http://templatic.com/app-themes/daily-deal-premium-wordpress-app-theme</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="dailyedition">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="object">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="coffeebreak">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="mainstream">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="featurepitch">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="thejournal">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="aperture">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="metamorphosis">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="bloggingstream">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="thestation">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="groovyvideo">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="irresistible">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="cushy">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="wootube">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="abstract">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="busybee">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="blogtheme">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="typebased">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="overeasy">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="snapshot">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="openair">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="freshnews">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="livewire">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="flashnews">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Flash News - thumb.php src Parameter XSS</title>
-      <references>
-        <osvdb>89887</osvdb>
-        <url>http://packetstormsecurity.com/files/120037/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
-        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Flash News - Multiple Script Path Disclosure</title>
-      <references>
-        <osvdb>89888</osvdb>
-        <url>http://packetstormsecurity.com/files/120037/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
-        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Flash News - includes/test.php a Parameter XSS</title>
-      <references>
-        <osvdb>89889</osvdb>
-        <url>http://packetstormsecurity.com/files/120037/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
-        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Flash News - includes/test.php Direct Request Information Disclosure</title>
-      <references>
-        <osvdb>89890</osvdb>
-        <url>http://packetstormsecurity.com/files/120037/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
-        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Flash News - thumb.php src Parameter File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>89891</osvdb>
-        <url>http://packetstormsecurity.com/files/120037/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
-        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Flash News - thumb.php src Parameter Remote DoS</title>
-      <references>
-        <osvdb>89892</osvdb>
-        <url>http://packetstormsecurity.com/files/120037/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Feb/8</url>
-        <url>http://cxsecurity.com/issue/WLB-2013020010</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="gazette">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="premiumnews">
-    <vulnerability>
-      <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
-      <references>
-        <url>https://gist.github.com/2523147</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="dt-chocolate">
-    <vulnerability>
-      <title>dt-chocolate - jPlayer XSS</title>
-      <references>
-        <secunia>56379</secunia>
-        <url>http://packetstormsecurity.com/files/124756/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>dt-chocolate - Image Open redirect</title>
-      <references>
-        <url>http://cxsecurity.com/issue/WLB-2013020011</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple vulnerabilities in Chocolate WP theme for WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2013/Jan/215</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="sandbox">
-    <vulnerability>
-      <title>sandbox - Arbitrary File Upload/FD Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20228</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="clockstone">
-    <vulnerability>
-      <title>Clockstone 1.2 - upload.php Arbitrary File Upload Vulnerability</title>
-      <references>
-        <osvdb>88622</osvdb>
-        <secunia>51619</secunia>
-        <url>http://www.exploit-db.com/exploits/23494</url>
-        <url>http://www.securityfocus.com/bid/56988</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80725</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="archin">
-    <vulnerability>
-      <title>Archin 3.2 - Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
-      <references>
-        <secunia>50711</secunia>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Archin 3.2 - hades_framework/option_panel/ajax.php Configuration Option Manipulation</title>
-      <references>
-        <osvdb>86991</osvdb>
-        <exploitdb>21646</exploitdb>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="purity">
-    <vulnerability>
-      <title>Purity - Multiple Cross-Site Scripting Vulnerabilities</title>
-      <references>
-        <secunia>50627</secunia>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="pinboard">
-    <vulnerability>
-      <title>Pinboard 1.0.6 - includes/theme-options.php tab Parameter XSS</title>
-      <references>
-        <osvdb>90070</osvdb>
-        <cve>2013-0286</cve>
-        <secunia>52079</secunia>
-        <url>http://seclists.org/oss-sec/2013/q1/274</url>
-        <url>http://cxsecurity.com/issue/WLB-2013020062</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Pinboard - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124151/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="montezuma">
-    <vulnerability>
-      <title>montezuma &lt;= 1.1.3 - XSS in ZeroClipboard.swf</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="scarlet">
-    <vulnerability>
-      <title>scarlet &lt;= 1.1.3 - XSS in ZeroClipboard.swf</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="allure-real-estate-theme-for-placester">
-    <vulnerability>
-      <title>allure-real-estate-theme-for-placester &lt;= 0.1.1 - XSS in ZeroClipboard.swf</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="allure-real-estate-theme-for-real-estate">
-    <vulnerability>
-      <title>allure-real-estate-theme-for-real-estate &lt;= 0.1.1 - XSS in ZeroClipboard.swf</title>
-      <references>
-        <url>http://1337day.com/exploit/20396</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="felici">
-    <vulnerability>
-      <title>felici - XSS Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/20560</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>felici - Custom Background Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/125830/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="classic">
-    <vulnerability>
-      <title>Classic 1.5 - PHP_SELF XSS</title>
-      <references>
-        <osvdb>38450</osvdb>
-        <cve>2007-4483</cve>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="brilliant">
-    <vulnerability>
-      <title>brilliant - File Upload Vulnerability</title>
-      <references>
-        <url>http://ruinedsec.wordpress.com/2013/04/03/wordpress-themes-exploits-are-in-action-wpscan/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="colormix">
-    <vulnerability>
-      <title>Colormix - Multiple vulnerabilities</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/121372/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Apr/172</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="jobroller">
-    <vulnerability>
-      <title>XSS in jobroller theme</title>
-      <references>
-        <url>http://cxsecurity.com/issue/WLB-2013060089</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="ambience">
-    <vulnerability>
-      <title>Xss In wordpress ambience theme</title>
-      <references>
-        <url>http://www.websecuritywatch.com/wordpress-ambience-xss/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="slash-wp">
-    <vulnerability>
-      <title>Slash WP - FPD, XSS and CS vulnerabilities</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/123748/</url>
-        <url>http://seclists.org/fulldisclosure/2013/Jun/166</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="persuasion">
-    <vulnerability>
-      <title>Persuasion - PrettyPhoto DOM XSS</title>
-      <references>
-        <url>http://www.rafayhackingarticles.net/2013/05/kali-linux-dom-based-xss-writeup.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Persuasion &lt;= 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://packetstormsecurity.com/files/124547/</url>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Persuasion &lt;= 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://packetstormsecurity.com/files/124547/</url>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="More">
-    <vulnerability>
-      <title>MORE+ - PrettyPhoto XSS Vulnerability</title>
-      <references>
-        <secunia>54924</secunia>
-        <url>http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0177.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="silverorchid">
-    <vulnerability>
-      <title>silverOrchid &lt;= 1.5.0 - XSS Vulnerability</title>
-      <references>
-        <osvdb>96723</osvdb>
-        <secunia>54662</secunia>
-        <url>http://packetstormsecurity.com/files/122986/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="Caulk">
-    <vulnerability>
-      <title>Caulk - path disclosure vulnerability</title>
-      <references>
-        <osvdb>90889</osvdb>
-        <url>http://packetstormsecurity.com/files/120632/</url>
-        <url>http://themeforest.net/item/caulk/76108</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="WPLocalPlaces">
-    <vulnerability>
-      <title>WPLocalPlaces - File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>98806</osvdb>
-        <url>http://packetstormsecurity.com/files/123697/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="photocrati-theme">
-    <vulnerability>
-      <title>Photocrati 4.7.3 - photocrati-gallery/ecomm-sizes.php prod_id Parameter Reflected XSS</title>
-      <references>
-        <osvdb>102717</osvdb>
-        <secunia>56690</secunia>
-        <url>http://packetstormsecurity.com/files/124986/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Photocrati - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>92836</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Apr/238</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="music">
-    <vulnerability>
-      <title>Music - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>92837</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Apr/238</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="imperial-fairytale">
-    <vulnerability>
-      <title>Imperial Fairytale - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>92838</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Apr/238</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Imperial Fairytale - jPlayer Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53210</secunia>
-        <url>http://seclists.org/oss-sec/2013/q2/177</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="feather12">
-    <vulnerability>
-      <title>Feather12 - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>92839</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Apr/238</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="studiozen">
-    <vulnerability>
-      <title>Studio Zen - Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>92840</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Apr/238</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Studio Zen - jPlayer Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>53212</secunia>
-        <url> http://seclists.org/oss-sec/2013/q2/177</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="area53">
-    <vulnerability>
-      <title>AREA53 &lt;= 1.0.5 - File Upload Code Execution</title>
-      <references>
-        <osvdb>98927</osvdb>
-        <exploitdb>29068</exploitdb>
-        <url>http://www.securityfocus.com/bid/63306</url>
-        <url>http://1337day.com/exploit/21442</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="sahifa">
-    <vulnerability>
-      <title>Sahifa 2.4.0 - Multiple Script Path Disclosure Direct Request Path Disclosure</title>
-      <references>
-        <osvdb>88926</osvdb>
-        <url>http://packetstormsecurity.com/files/119191/</url>
-        <url>http://www.securityfocus.com/bid/57109</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Sahifa 2.4.0 - Site Setting Reset CSRF</title>
-      <references>
-        <osvdb>88927</osvdb>
-        <url>http://packetstormsecurity.com/files/119191/</url>
-        <url>http://www.securityfocus.com/bid/57109</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="simpledark">
-    <vulnerability>
-      <title>SimpleDark 1.2.10 - 's' Parameter Cross Site Scripting Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/46615</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="geoplaces4">
-    <vulnerability>
-      <title>GeoPlaces - File Upload Handling Remote Command Execution</title>
-      <references>
-        <osvdb>98975</osvdb>
-        <url>http://packetstormsecurity.com/files/123773/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="curvo">
-    <vulnerability>
-      <title>Curvo - wp-content/themes/curvo/functions/upload-handler.php File Upload CSRF</title>
-      <references>
-        <osvdb>99043</osvdb>
-        <exploitdb>29211</exploitdb>
-        <url>http://packetstormsecurity.com/files/123799/</url>
-        <url>http://packetstormsecurity.com/files/123820/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="MoneyTheme">
-    <vulnerability>
-      <title>Money - wp-content/themes/MoneyTheme/uploads/upload.php File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>99187</osvdb>
-        <url>http://packetstormsecurity.com/files/123819/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="saico">
-    <vulnerability>
-      <title>Saico - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <exploitdb>29150</exploitdb>
-        <url>http://1337day.com/exploit/21440</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="ThisWay">
-    <vulnerability>
-      <title>ThisWay - remote shell upload vulnerability</title>
-      <references>
-        <secunia>55587</secunia>
-        <url>http://packetstormsecurity.com/files/123895/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="ThinkResponsive">
-    <vulnerability>
-      <title>Think Responsive 1.0 - Arbitrary shell upload vulnerability</title>
-      <references>
-        <exploitdb>29332</exploitdb>
-        <url>http://packetstormsecurity.com/files/123880/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="anthology">
-    <vulnerability>
-      <title>Anthology - Remote File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/21460</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="amoveo">
-    <vulnerability>
-      <title>Amoveo - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/21451</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="switchblade">
-    <vulnerability>
-      <title>Switchblade 1.3 - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <osvdb>88918</osvdb>
-        <exploitdb>29330</exploitdb>
-        <url>http://1337day.com/exploit/21457</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="magnitudo">
-    <vulnerability>
-      <title>Magnitudo - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/21457</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="ghost">
-    <vulnerability>
-      <title>Ghost - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/21416</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="RightNow">
-    <vulnerability>
-      <title>Right Now - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/21420</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="ColdFusion">
-    <vulnerability>
-      <title>Cold Fusion - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/21431</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="chameleon">
-    <vulnerability>
-      <title>Chameleon - Arbitrary File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/21449</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="kernel-theme">
-    <vulnerability>
-      <title>Kernel Theme - functions/upload-handler.php File Upload Remote Code Execution</title>
-      <references>
-        <osvdb>99553</osvdb>
-        <exploitdb>29482</exploitdb>
-        <url>http://packetstormsecurity.com/files/123954/</url>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="rockstar-theme">
-    <vulnerability>
-      <title>Rockstar - Remote File Upload Vulnerability</title>
-      <references>
-        <exploitdb>29946</exploitdb>
-        <url>http://packetstormsecurity.com/files/123999/</url>
-        <url>http://packetstormsecurity.com/files/124232/</url>
-        <url>http://1337day.com/exploit/21510</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="reganto-theme">
-    <vulnerability>
-      <title>Reganto - Remote File Upload Vulnerability</title>
-      <references>
-        <exploitdb>29946</exploitdb>
-        <url>http://packetstormsecurity.com/files/123999/</url>
-        <url>http://packetstormsecurity.com/files/124232/</url>
-        <url>http://1337day.com/exploit/21511</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="rayoflight-theme">
-    <vulnerability>
-      <title>Ray of Light - Remote File Upload Vulnerability</title>
-      <references>
-        <exploitdb>29946</exploitdb>
-        <url>http://packetstormsecurity.com/files/123999/</url>
-        <url>http://packetstormsecurity.com/files/124232/</url>
-        <url>http://1337day.com/exploit/21512</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="radial-theme">
-    <vulnerability>
-      <title>Radial - Remote File Upload Vulnerability</title>
-      <references>
-        <exploitdb>29946</exploitdb>
-        <url>http://packetstormsecurity.com/files/123999/</url>
-        <url>http://packetstormsecurity.com/files/124232/</url>
-        <url>http://1337day.com/exploit/21513</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="oxygen-theme">
-    <vulnerability>
-      <title>Oxygen - Remote File Upload Vulnerability</title>
-      <references>
-        <exploitdb>29946</exploitdb>
-        <url>http://packetstormsecurity.com/files/123999/</url>
-        <url>http://packetstormsecurity.com/files/124232/</url>
-        <url>http://1337day.com/exploit/21514</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="bulteno-theme">
-    <vulnerability>
-      <title>Bulteno - Remote File Upload Vulnerability</title>
-      <references>
-        <exploitdb>29946</exploitdb>
-        <url>http://packetstormsecurity.com/files/123999/</url>
-        <url>http://packetstormsecurity.com/files/124232/</url>
-        <url>http://1337day.com/exploit/21515</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="bordeaux-theme">
-    <vulnerability>
-      <title>Bordeaux - Remote File Upload Vulnerability</title>
-      <references>
-        <exploitdb>29946</exploitdb>
-        <url>http://packetstormsecurity.com/files/123999/</url>
-        <url>http://packetstormsecurity.com/files/124232/</url>
-        <url>http://1337day.com/exploit/21516</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="agritourismo-theme">
-    <vulnerability>
-      <title>Agritourismo - Remote File Upload Vulnerability</title>
-      <references>
-        <exploitdb>29946</exploitdb>
-        <url>http://packetstormsecurity.com/files/124232/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="highlight">
-    <vulnerability>
-      <title>Highlight Powerful Premium - upload-handler.php File Upload CSRF</title>
-      <references>
-        <osvdb>99703</osvdb>
-        <secunia>55671</secunia>
-        <exploitdb>29525</exploitdb>
-        <url>http://packetstormsecurity.com/files/123974/</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="euclid">
-    <vulnerability>
-      <title>Euclid - CSRF Vulnerability</title>
-      <references>
-        <exploitdb>29667</exploitdb>
-        <url>http://packetstormsecurity.com/files/124043/</url>
-        <url>http://1337day.com/exploit/21538</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="dimension">
-    <vulnerability>
-      <title>Dimension - CSRF Vulnerability</title>
-      <references>
-        <exploitdb>29668</exploitdb>
-        <url>http://packetstormsecurity.com/files/124042/</url>
-        <url>http://1337day.com/exploit/21537</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="amplus">
-    <vulnerability>
-      <title>Amplus - CSRF Vulnerability</title>
-      <references>
-        <exploitdb>29669</exploitdb>
-        <url>http://packetstormsecurity.com/files/124041/</url>
-        <url>http://1337day.com/exploit/21535</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="make_a_statement">
-    <vulnerability>
-      <title>Make A Statement - CSRF Vulnerability</title>
-      <references>
-        <exploitdb>29670</exploitdb>
-        <url>http://packetstormsecurity.com/files/124044/</url>
-        <url>http://1337day.com/exploit/21536</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="ithemes2">
-    <vulnerability>
-      <title>iThemes2 - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="suco">
-    <vulnerability>
-      <title>Suco - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124094/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="elemin">
-    <vulnerability>
-      <title>Elemin - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124149/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="folo">
-    <vulnerability>
-      <title>Folo - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124150/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Folo - Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/124230/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="Bloggie">
-    <vulnerability>
-      <title>Bloggie - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124152/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="blogfolio">
-    <vulnerability>
-      <title>Blogfolio - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124156/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="OptimizePress">
-    <vulnerability>
-      <title>OptimizePress - File Upload Vulnerability</title>
-      <references>
-        <osvdb>100509</osvdb>
-        <cve>2013-7102</cve>
-        <secunia>56379</secunia>
-        <url>http://packetstormsecurity.com/files/124246/</url>
-        <url>http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/</url>
-        <metasploit>exploit/unix/webapp/php_wordpress_optimizepress</metasploit>
-      </references>
-      <type>UPLOAD</type>
-      <fixed_in>1.6</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="blooog">
-    <vulnerability>
-      <title>Blooog 1.1 - jplayer.swf Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/124240/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/89356</url>
-        <cve>2013-7129</cve>
-        <osvdb>92254</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-  <!-- Fake, See https://github.com/wpscanteam/wpscan/issues/383
-  <theme name="twentyten">
-    <vulnerability>
-      <title>TwentyTen 1.1-1.5 - loop.php Multiple File Extension Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>88822</osvdb>
-      </references>
-      <type>RCE</type>
-    </vulnerability>
-  </theme>
-  -->
-  <!--- Fake vuln, see: Commit https://github.com/wpscanteam/wpscan/commit/40f96dd2bde8ed262c6d9428734624510a93fad4
-  <theme name="nest">
-    <vulnerability>
-      <title>Nest - gerador_galeria.php codigo Parameter SQL Injection</title>
-      <references>
-        <osvdb>88298</osvdb>
-        <url>http://www.securityfocus.com/bid/56792</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80503</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </theme>
-  -->
-  <theme name="toolbox">
-    <vulnerability>
-      <title>Toolbox 1.4 - flyer.php mls Parameter SQL Injection</title>
-      <references>
-        <osvdb>88293</osvdb>
-        <url>http://www.securityfocus.com/bid/56745</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="oberliga_theme">
-    <vulnerability>
-      <title>Oberliga - team.php team Parameter SQL Injection</title>
-      <references>
-        <osvdb>88454</osvdb>
-        <url>http://packetstormsecurity.org/files/118368/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80273</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="cstardesign">
-    <vulnerability>
-      <title>CStar Design 2.0 - flashmoXML.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>88291</osvdb>
-        <url>http://www.securityfocus.com/bid/56694</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="malmonation">
-    <vulnerability>
-      <title>Malmonation - debate.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>87866</osvdb>
-        <url>http://packetstormsecurity.org/files/118340/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/80252</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="lightspeed">
-    <vulnerability>
-      <title>LightSpeed - Valums Uploader Shell Upload Exploit</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119241/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <!-- Tested with v1.4, other versions might be vulnerable -->
-  <theme name="eptonic">
-    <vulnerability>
-      <title>Eptonic - Valums Uploader Shell Upload Exploit</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119241/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <!-- Tested with v1.0, other versions might be vulnerable -->
-  <theme name="nuance">
-    <vulnerability>
-      <title>Nuance - Valums Uploader Shell Upload Exploit</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/119241/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="dejavu">
-    <vulnerability>
-      <title>DejaVu 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>DejaVu 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="elegance">
-    <vulnerability>
-      <title>Elegance - lib/scripts/dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Access</title>
-      <references>
-        <osvdb>108100</osvdb>
-        <url>http://packetstormsecurity.com/files/126989/</url>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Elegance 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Elegance 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="echelon">
-    <vulnerability>
-      <title>Echelon - media-upload.php Remote File Upload</title>
-      <references>
-        <osvdb>106929</osvdb>
-        <url>http://www.securityfocus.com/bid/67080</url>
-        <url>http://packetstormsecurity.com/files/126327/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Echelon 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Echelon 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="modular">
-    <vulnerability>
-      <title>Modular 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Modular 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="fusion">
-    <vulnerability>
-      <title>Fusion 2.1 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Fusion 2.1 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.2</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="method">
-    <vulnerability>
-      <title>Method 2.1 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Method 2.1 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.2</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="myriad">
-    <vulnerability>
-      <title>Myriad 2.0 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Myriad 2.0 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.1</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="construct">
-    <vulnerability>
-      <title>Construct 1.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Construct 1.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.5</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="awake">
-    <vulnerability>
-      <title>Awake 3.3 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>2.5</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Awake 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.4</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="infocus">
-    <vulnerability>
-      <title>InFocus - lib/scripts/dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Access</title>
-      <references>
-        <osvdb>108099</osvdb>
-        <url>http://packetstormsecurity.com/files/126988/</url>
-      </references>
-      <type>RFI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>InFocus - prettyPhoto Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>56583</secunia>
-        <url>http://packetstormsecurity.com/files/124960/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>InFocus 3.3 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion</title>
-      <references>
-        <osvdb>101330</osvdb>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>InFocus 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
-      <references>
-        <osvdb>101331</osvdb>
-        <secunia>56359</secunia>
-        <exploitdb>30443</exploitdb>
-        <url>http://www.securityfocus.com/bid/64501</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.4</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="elegant-grunge">
-    <vulnerability>
-      <title>Elegant Grunge 1.0.3 - s Parameter XSS</title>
-      <references>
-        <osvdb>75942</osvdb>
-        <cve>2011-3856</cve>
-        <url>http://www.securityfocus.com/bid/49869</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.0.4</fixed_in>
-    </vulnerability>
-  </theme>
-
-  <theme name="simplebalance">
-    <vulnerability>
-      <title>Simple Balance &lt;= 2.2.1 - index.php s Parameter XSS</title>
-      <references>
-        <osvdb>76722</osvdb>
-        <secunia>46671</secunia>
-        <url>http://packetstormsecurity.com/files/106341/</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="codilight">
-    <vulnerability>
-      <title>Codilight Premium 1.0.0 - admin/front-end/options.php reset Parameter XSS</title>
-      <references>
-        <osvdb>100791</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="iloveit">
-    <vulnerability>
-      <title>Love It - XSS / Content Spoofing / Path Disclosure</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/122386/</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="dandelion">
-    <vulnerability>
-      <title>Dandelion - Arbitry File Upload</title>
-      <references>
-        <osvdb>99043</osvdb>
-        <exploitdb>31424</exploitdb>
-        <url>http://packetstormsecurity.com/files/125098/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="kiddo">
-    <vulnerability>
-      <title>Kiddo - remote shell upload vulnerability</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/125138/</url>
-        <secunia>56874</secunia>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="thecotton_v114">
-    <vulnerability>
-      <title>The Cotton - Remote File Upload Vulnerability</title>
-      <references>
-        <osvdb>103911</osvdb>
-        <url>http://packetstormsecurity.com/files/125506/</url>
-        <url>http://www.securityfocus.com/bid/65958</url>
-        <url>http://seclists.org/bugtraq/2014/Mar/9</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="Realestate">
-    <vulnerability>
-      <title>Real Estate - Templatic Theme CSRF File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/22091</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="dailydeal">
-    <vulnerability>
-      <title>Dailydeal - Templatic Theme CSRF File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/22091</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="nightlife">
-    <vulnerability>
-      <title>Nightlife - Templatic Theme CSRF File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/22091</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="5star">
-    <vulnerability>
-      <title>5star - Templatic Theme CSRF File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/22091</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="specialist">
-    <vulnerability>
-      <title>Specialist - Templatic Theme CSRF File Upload Vulnerability</title>
-      <references>
-        <url>http://1337day.com/exploit/22091</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="flatshop">
-    <vulnerability>
-      <title>Flatshop - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="magazine">
-    <vulnerability>
-      <title>Magazine - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="parallax">
-    <vulnerability>
-      <title>Parallax - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="bold">
-    <vulnerability>
-      <title>Bold - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="metro">
-    <vulnerability>
-      <title>Metro - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="pinshop">
-    <vulnerability>
-      <title>Pinshop - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="agency">
-    <vulnerability>
-      <title>Agency - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="slide">
-    <vulnerability>
-      <title>Slide - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="postline">
-    <vulnerability>
-      <title>Postline - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="fullscreen">
-    <vulnerability>
-      <title>Fulscreen - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="shopo">
-    <vulnerability>
-      <title>Shopo - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="minshop">
-    <vulnerability>
-      <title>Minshop - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="notes">
-    <vulnerability>
-      <title>Notes - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="shopdock">
-    <vulnerability>
-      <title>Shopdock - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="phototouch">
-    <vulnerability>
-      <title>Phototouch - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="basic">
-    <vulnerability>
-      <title>Basic - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="responz">
-    <vulnerability>
-      <title>Responz - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="simfo">
-    <vulnerability>
-      <title>Simfo - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="grido">
-    <vulnerability>
-      <title>Grido - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="tisa">
-    <vulnerability>
-      <title>Tisa - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="funki">
-    <vulnerability>
-      <title>Funki - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="minblr">
-    <vulnerability>
-      <title>Minblr - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="newsy">
-    <vulnerability>
-      <title>Newsy - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="wumblr">
-    <vulnerability>
-      <title>Wumblr - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="rezo">
-    <vulnerability>
-      <title>Rezo - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="photobox">
-    <vulnerability>
-      <title>Photobox - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="edmin">
-    <vulnerability>
-      <title>Edmin - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="koi">
-    <vulnerability>
-      <title>Koi - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="bizco">
-    <vulnerability>
-      <title>Bizco - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="thememin">
-    <vulnerability>
-      <title>Thememin - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="wigi">
-    <vulnerability>
-      <title>Wigi - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="sidepane">
-    <vulnerability>
-      <title>Sidepane - themify-ajax.php File Upload Arbitrary Code Execution</title>
-      <references>
-        <osvdb>100271</osvdb>
-        <url>http://packetstormsecurity.com/files/124097/</url>
-        <url>http://1337day.com/exploit/22090</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="Sixtees">
-    <vulnerability>
-      <title>Sixtees - Shell Upload</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/125491/</url>
-      </references>
-      <type>UPLOAD</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="linenity">
-    <vulnerability>
-      <title>LineNity 1.20 - download.php imgurl Parameter Remote Path Traversal File Access</title>
-      <references>
-        <osvdb>105767</osvdb>
-        <exploitdb>32861</exploitdb>
-      </references>
-      <type>LFI</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="SCv1">
-    <vulnerability>
-      <title>SCv1 - download.php file Parameter Traversal Remote File Access</title>
-      <references>
-        <osvdb>107940</osvdb>
-        <url>http://packetstormsecurity.com/files/127022/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </theme>
-
-  <theme name="magazine-basic">
-    <vulnerability>
-      <title>Magazine Basic - wp-content/themes/magazine-basic/view_artist.php id Parameter SQL Injection</title>
-      <references>
-        <osvdb>87838</osvdb>
-        <url>http://packetstormsecurity.com/files/118321/</url>
-        <url>http://www.securityfocus.com/bid/56664</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </theme>
-
-</vulnerabilities>
diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
deleted file mode 100644
index ae8506c4..00000000
--- a/data/wp_vulns.xml
+++ /dev/null
@@ -1,5196 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                 xsi:noNamespaceSchemaLocation="vuln.xsd">
-
-  <wordpress version="3.8.1">
-    <vulnerability>
-      <title>Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1</title>
-      <references>
-        <url>https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Potential Authentication Cookie Forgery</title>
-      <references>
-        <osvdb>105620</osvdb>
-        <url>https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/</url>
-        <url>https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be</url>
-        <cve>2014-0166</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.8.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Privilege escalation: contributors publishing posts</title>
-      <references>
-        <osvdb>105630</osvdb>
-        <url>https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165</url>
-        <cve>2014-0165</cve>
-      </references>
-      <type>BYPASS</type>
-      <fixed_in>3.8.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Plupload Unspecified XSS</title>
-      <references>
-        <osvdb>105622</osvdb>
-        <secunia>57769</secunia>
-      </references>
-      <type>BYPASS</type>
-      <fixed_in>3.8.2</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.8">
-    <vulnerability>
-      <title>wp-admin/options-writing.php Cleartext Admin Credentials Disclosure</title>
-      <references>
-        <osvdb>101101</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/135</url>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.7.1">
-    <vulnerability>
-      <title>Potential Authentication Cookie Forgery</title>
-      <references>
-        <osvdb>105620</osvdb>
-        <url>https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be</url>
-        <cve>2014-0166</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.7.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Privilege escalation: contributors publishing posts</title>
-      <references>
-        <osvdb>105630</osvdb>
-        <url>https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165</url>
-        <cve>2014-0165</cve>
-      </references>
-      <type>BYPASS</type>
-      <fixed_in>3.7.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/options-writing.php Cleartext Admin Credentials Disclosure</title>
-      <references>
-        <osvdb>101101</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/135</url>
-      </references>
-      <type>AUTHBYPASS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Plupload Unspecified XSS</title>
-      <references>
-        <osvdb>105622</osvdb>
-        <secunia>57769</secunia>
-      </references>
-      <type>BYPASS</type>
-      <fixed_in>3.7.2</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.6">
-    <vulnerability>
-      <title>PHP Object Injection</title>
-      <references>
-        <url>http://vagosec.org/2013/09/wordpress-php-object-injection/</url>
-        <url>http://www.openwall.com/lists/oss-security/2013/09/12/1</url>
-        <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340</url>
-        <url>http://core.trac.wordpress.org/changeset/25325</url>
-        <secunia>54803</secunia>
-        <cve>2013-4338</cve>
-        <osvdb>97211</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/functions.php get_allowed_mime_types Function SWF / EXE File Upload XSS Weakness</title>
-      <references>
-        <osvdb>97210</osvdb>
-        <cve>2013-5739</cve>
-        <url>http://core.trac.wordpress.org/changeset/25322</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/post.php user_ID Parameter Manipulation Post Authorship Spoofing</title>
-      <references>
-        <osvdb>97213</osvdb>
-        <cve>2013-4340</cve>
-        <secunia>54803</secunia>
-        <url>http://core.trac.wordpress.org/changeset/25321</url>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/functions.php get_allowed_mime_types Function HTML File Upload XSS Weakness</title>
-      <references>
-        <osvdb>97214</osvdb>
-        <cve>2013-5738</cve>
-        <url>http://core.trac.wordpress.org/changeset/25322</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple Function Path Disclosure</title>
-      <references>
-        <osvdb>100487</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Nov/220</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple Script Arbitrary Site Redirect</title>
-      <references>
-        <osvdb>101181</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/174</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/edit-tags.php _wp_http_referer Parameter Reflected XSS</title>
-      <references>
-        <osvdb>101182</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Dec/174</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.5.2">
-    <vulnerability>
-      <title>Media Library Multiple Function Path Disclosure</title>
-      <references>
-        <osvdb>100484</osvdb>
-        <url>http://websecurity.com.ua/6795/</url>
-      </references>
-      <type>FPD</type>
-    </vulnerability>
-    <vulnerability>
-      <title>SWFUpload Content Spoofing</title>
-      <references>
-        <url>http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html</url>
-        <url>https://github.com/wpscanteam/wpscan/issues/243</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.5.1">
-    <vulnerability>
-      <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
-      <references>
-        <osvdb>95060</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Jul/70</url>
-      </references>
-      <type>FPD</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.4-3.5.1 DoS in class-phpass.php</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2013/Jun/65</url>
-        <secunia>53676</secunia>
-        <osvdb>94235</osvdb>
-        <cve>2013-2173</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress Multiple XSS</title>
-      <references>
-        <osvdb>94791</osvdb>
-        <osvdb>94785</osvdb>
-        <osvdb>94786</osvdb>
-        <osvdb>94790</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness</title>
-      <references>
-        <osvdb>94787</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress File Upload Unspecified Path Disclosure</title>
-      <references>
-        <osvdb>94788</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure</title>
-      <references>
-        <osvdb>94789</osvdb>
-      </references>
-      <type>XXE</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation</title>
-      <references>
-        <osvdb>94783</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)</title>
-      <references>
-        <osvdb>94784</osvdb>
-      </references>
-      <type>SSRF</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.5">
-    <vulnerability>
-      <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
-      <references>
-        <osvdb>95060</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Jul/70</url>
-      </references>
-      <type>FPD</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.4 - 3.5.1 DoS in class-phpass.php</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2013/Jun/65</url>
-        <secunia>53676</secunia>
-        <osvdb>94235</osvdb>
-        <cve>2013-2173</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
-      <references>
-        <url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Shortcodes / Post Content Multiple Unspecified XSS</title>
-      <references>
-        <osvdb>89576</osvdb>
-        <cve>2013-0236</cve>
-        <secunia>51967</secunia>
-        <url>http://www.securityfocus.com/bid/57554</url>
-        <url>http://securitytracker.com/id?1028045</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Plupload Unspecified XSS</title>
-      <references>
-        <osvdb>89577</osvdb>
-        <cve>2013-0237</cve>
-        <secunia>51967</secunia>
-        <url>http://www.securityfocus.com/bid/57555</url>
-        <url>http://securitytracker.com/id?1028045</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.4.2">
-    <vulnerability>
-      <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
-      <references>
-        <osvdb>95060</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Jul/70</url>
-      </references>
-      <type>FPD</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.4 - 3.5.1 DoS in class-phpass.php</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2013/Jun/65</url>
-        <secunia>53676</secunia>
-        <osvdb>94235</osvdb>
-        <cve>2013-2173</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
-      <references>
-        <url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.4.2 Cross Site Request Forgery</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html</url>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Plupload Unspecified XSS</title>
-      <references>
-        <osvdb>89577</osvdb>
-        <cve>2013-0237</cve>
-        <secunia>51967</secunia>
-        <url>http://www.securityfocus.com/bid/57555</url>
-        <url>http://securitytracker.com/id?1028045</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.4.1">
-    <vulnerability>
-      <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
-      <references>
-        <osvdb>95060</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Jul/70</url>
-      </references>
-      <type>FPD</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.4 - 3.5.1 DoS in class-phpass.php</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2013/Jun/65</url>
-        <secunia>53676</secunia>
-        <osvdb>94235</osvdb>
-        <cve>2013-2173</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
-      <references>
-        <url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Plupload Unspecified XSS</title>
-      <references>
-        <osvdb>89577</osvdb>
-        <cve>2013-0237</cve>
-        <secunia>51967</secunia>
-        <url>http://www.securityfocus.com/bid/57555</url>
-        <url>http://securitytracker.com/id?1028045</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.4">
-    <vulnerability>
-      <title>Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure</title>
-      <references>
-        <osvdb>95060</osvdb>
-        <url>http://seclists.org/fulldisclosure/2013/Jul/70</url>
-      </references>
-      <type>FPD</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.4 - 3.5.1 DoS in class-phpass.php</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2013/Jun/65</url>
-        <secunia>53676</secunia>
-        <osvdb>94235</osvdb>
-        <cve>2013-2173</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.5.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
-      <references>
-        <url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Plupload Unspecified XSS</title>
-      <references>
-        <osvdb>89577</osvdb>
-        <cve>2013-0237</cve>
-        <secunia>51967</secunia>
-        <url>http://www.securityfocus.com/bid/57555</url>
-        <url>http://securitytracker.com/id?1028045</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.4-beta4">
-    <vulnerability>
-      <title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
-      <references>
-        <url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
-      <references>
-        <exploitdb>18791</exploitdb>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Plupload Unspecified XSS</title>
-      <references>
-        <osvdb>89577</osvdb>
-        <cve>2013-0237</cve>
-        <secunia>51967</secunia>
-        <url>http://www.securityfocus.com/bid/57555</url>
-        <url>http://securitytracker.com/id?1028045</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.3.3">
-    <vulnerability>
-      <title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
-      <references>
-        <url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Plupload Unspecified XSS</title>
-      <references>
-        <osvdb>89577</osvdb>
-        <cve>2013-0237</cve>
-        <secunia>51967</secunia>
-        <url>http://www.securityfocus.com/bid/57555</url>
-        <url>http://securitytracker.com/id?1028045</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.3.2">
-    <vulnerability>
-      <title>WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
-      <references>
-        <url>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
-      <references>
-        <exploitdb>18791</exploitdb>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 3.3.2 Cross Site Scripting</title>
-      <references>
-        <url>http://packetstormsecurity.org/files/113254</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Plupload Unspecified XSS</title>
-      <references>
-        <osvdb>89577</osvdb>
-        <cve>2013-0237</cve>
-        <secunia>51967</secunia>
-        <url>http://www.securityfocus.com/bid/57555</url>
-        <url>http://securitytracker.com/id?1028045</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.5.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.3.1">
-    <vulnerability>
-      <title>Multiple vulnerabilities including XSS and Privilege Escalation</title>
-      <references>
-        <url>http://wordpress.org/news/2012/04/wordpress-3-3-2/</url>
-      </references>
-      <type>MULTI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress 3.3.1 - Multiple CSRF Vulnerabilities</title>
-      <references>
-        <exploitdb>18791</exploitdb>
-      </references>
-      <type>CSRF</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.3">
-    <vulnerability>
-      <title>Reflected Cross-Site Scripting in WordPress 3.3</title>
-      <references>
-        <url>http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.2.1">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.2">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.1.4">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.1.3">
-    <vulnerability>
-      <title>wp-admin/link-manager.php Multiple Parameter SQL Injection</title>
-      <references>
-        <osvdb>73723</osvdb>
-        <exploitdb>17465</exploitdb>
-        <secunia>45099</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>3.1.4</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.1.2">
-    <vulnerability>
-      <title>Wordpress &lt;= 3.1.2 Clickjacking Vulnerability</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2011/Sep/219</url>
-        <url>http://www.securityfocus.com/bid/49730</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.1.1">
-    <vulnerability>
-      <title>WordPress wp-includes/formatting.php make_clickable() PCRE Library Remote DoS</title>
-      <references>
-        <osvdb>72142</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.1">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.0.6">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.0.5">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/press-this.php - Privilege Escalation</title>
-      <references>
-        <cve>2011-5270</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.0.4">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/press-this.php - Privilege Escalation</title>
-      <references>
-        <cve>2011-5270</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.0.3">
-    <vulnerability>
-      <title>SQL injection vulnerability in do_trackbacks() Wordpress function</title>
-      <references>
-        <exploitdb>15684</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress 3.0.3 stored XSS IE7,6 NS8.1</title>
-      <references>
-        <exploitdb>15858</exploitdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/press-this.php - Privilege Escalation</title>
-      <references>
-        <cve>2011-5270</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.0.2">
-    <vulnerability>
-      <title>WordPress XML-RPC Interface Access Restriction Bypass</title>
-      <references>
-        <osvdb>69761</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/press-this.php - Privilege Escalation</title>
-      <references>
-        <cve>2011-5270</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.0.1">
-    <vulnerability>
-      <title>WordPress: Information Disclosure via SQL Injection Attack</title>
-      <references>
-        <url>http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/press-this.php - Privilege Escalation</title>
-      <references>
-        <cve>2011-5270</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <osvdb>104693</osvdb>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="3.0">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/press-this.php - Privilege Escalation</title>
-      <references>
-        <cve>2011-5270</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.6</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php</title>
-      <references>
-        <cve>2012-6633</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/media-upload.php sensitive information disclosure or bypass</title>
-      <references>
-        <cve>2012-6634</cve>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft</title>
-      <references>
-        <cve>2012-6635</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.3.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <osvdb>104691</osvdb>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Crafted String URL Redirect Restriction Bypass</title>
-      <references>
-        <osvdb>97212</osvdb>
-        <cve>2013-4339</cve>
-        <secunia>54803</secunia>
-        <exploitdb>28958</exploitdb>
-        <url>http://packetstormsecurity.com/files/123589/</url>
-        <url>http://core.trac.wordpress.org/changeset/25323</url>
-        <url>http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609</url>
-      </references>
-      <type>REDIRECT</type>
-      <fixed_in>3.6.1</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.9.2">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <osvdb>104693</osvdb>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.9.1">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.9">
-    <vulnerability>
-      <title>WordPress 2.9 Failure to Restrict URL Access</title>
-      <references>
-        <exploitdb>11441</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress DOS &lt;= 2.9</title>
-      <references>
-        <exploitdb>11441</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.8.6">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.8.5">
-    <vulnerability>
-      <title>WordPress &lt;= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution</title>
-      <references>
-        <exploitdb>10089</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.8.4">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.8.3">
-    <vulnerability>
-      <title>Wordpress &lt;= 2.8.3 Remote Admin Reset Password Vulnerability</title>
-      <references>
-        <exploitdb>9410</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.8.2">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.8.1">
-    <vulnerability>
-      <title>Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit</title>
-      <references>
-        <exploitdb>9250</exploitdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.8">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.7.1">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.7">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.6.5">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.6.4">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.6.3">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.6.2">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.6.1">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit</title>
-      <references>
-        <exploitdb>6421</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.6">
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.5.1">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.5">
-    <vulnerability>
-      <title>Wordpress 2.5 Cookie Integrity Protection Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/archive/1/archive/1/491356/100/0/threaded</url>
-        <cve>2008-1930</cve>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XSS vulnerability in swfupload in WordPress</title>
-      <references>
-        <url>http://seclists.org/fulldisclosure/2012/Nov/51</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.3.3">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.3.2">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.3.1">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress &lt;= 2.3.1 Charset Remote SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>4721</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.3">
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.2.3">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.2.2">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.2.1">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.2">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit</title>
-      <references>
-        <exploitdb>4113</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit</title>
-      <references>
-        <exploitdb>4039</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.1.3">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit</title>
-      <references>
-        <exploitdb>3960</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.1.2">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress "year" Cross-Site Scripting Vulnerability</title>
-      <references>
-        <secunia>24485</secunia>
-        <url>http://www.securityfocus.com/archive/1/archive/1/462374/100/0/threaded</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit</title>
-      <references>
-        <exploitdb>3656</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.1.1">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress Command Execution and PHP Injection</title>
-      <references>
-        <cve>2007-1277</cve>
-        <secunia>24374</secunia>
-        <url>http://www.securityfocus.com/bid/22797</url>
-        <url>http://xforce.iss.net/xforce/xfdb/32807</url>
-      </references>
-      <type>RCE</type>
-      <fixed_in>2.1.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.1">
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.11">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.10">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.9">
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.8">
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.7">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.6">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress &lt;= 2.0.6 wp-trackback.php Remote SQL Injection Exploit</title>
-      <references>
-        <exploitdb>3109</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.5">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit</title>
-      <references>
-        <exploitdb>3095</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.4">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/18779</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.3">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/18779</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.2">
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress &lt;= 2.0.2 (cache) Remote Shell Injection Exploit</title>
-      <references>
-        <exploitdb>6</exploitdb>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/18779</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0.1">
-    <vulnerability>
-      <title>Wordpress wp-register.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>38577</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="2.0">
-    <vulnerability>
-      <title>Wordpress wp-register.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>38577</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
-      <references>
-        <url>http://www.securityfocus.com/bid/35584/</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/comment.php bypass intended spam restrictions via a crafted URL</title>
-      <references>
-        <cve>2010-5293</cve>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Multiple cross-site scripting (XSS) in the request_filesystem_credentials function in wp-admin/includes/file.php</title>
-      <references>
-        <cve>2010-5294</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Cross-site scripting (XSS) in wp-admin/plugins.php</title>
-      <references>
-        <cve>2010-5295</cve>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>wp-includes/capabilities.php Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5296</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Remote Authenticated Administrator Bypass Intended Access Restrictions via a Delete Action</title>
-      <references>
-        <cve>2010-5297</cve>
-      </references>
-      <type>AUTHBYPASS</type>
-      <fixed_in>3.0</fixed_in>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="1.5.2">
-    <vulnerability>
-      <title>Wordpress wp-register.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>38577</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="1.5.1.3">
-    <vulnerability>
-      <title>Wordpress wp-register.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>38577</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress &lt;= 1.5.1.3 Remote Code Execution eXploit (metasploit)</title>
-      <references>
-        <exploitdb>1145</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="1.5.1.2">
-    <vulnerability>
-      <title>Wordpress wp-register.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>38577</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>Wordpress &lt;= 1.5.1.2 xmlrpc Interface SQL Injection Exploit</title>
-      <references>
-        <osvdb>17636</osvdb>
-        <osvdb>17637</osvdb>
-        <osvdb>17638</osvdb>
-        <osvdb>17639</osvdb>
-        <osvdb>17640</osvdb>
-        <osvdb>17641</osvdb>
-        <cve>2005-2108</cve>
-        <exploitdb>1077</exploitdb>
-        <secunia>15831</secunia>
-        <secunia>15898</secunia>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.5.1.3</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="1.5.1.1">
-    <vulnerability>
-      <title>Wordpress wp-register.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>38577</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress &lt;= 1.5.1.1 &quot;add new admin&quot; SQL Injection Exploit</title>
-      <references>
-        <exploitdb>1059</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress &lt;= 1.5.1.1 SQL Injection Exploit</title>
-      <references>
-        <exploitdb>1033</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="1.5.1">
-    <vulnerability>
-      <title>Wordpress wp-register.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>38577</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>2.0.2</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>XMLRPC Pingback API Internal/External Port Scanning</title>
-      <references>
-        <url>https://github.com/FireFart/WordpressPingbackPortScanner</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress XMLRPC pingback additional issues</title>
-      <references>
-        <url>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</url>
-      </references>
-      <type>UNKNOWN</type>
-    </vulnerability>
-  </wordpress>
-
-  <wordpress version="1.5">
-    <vulnerability>
-      <title>WordPress wp-trackback.php tb_id Parameter SQL Injection</title>
-      <references>
-        <cve>2005-1687</cve>
-        <osvdb>16701</osvdb>
-        <osvdb>16702</osvdb>
-        <osvdb>16703</osvdb>
-      </references>
-      <type>SQLI</type>
-      <fixed_in>1.5.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress post.php p Parameter XSS</title>
-      <references>
-        <osvdb>16702</osvdb>
-        <osvdb>16701</osvdb>
-        <osvdb>16703</osvdb>
-      </references>
-      <type>XSS</type>
-      <fixed_in>1.5.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress Multiple Script Direct Request Path Disclosure</title>
-      <references>
-        <cve>2005-1688</cve>
-        <osvdb>16703</osvdb>
-        <osvdb>16701</osvdb>
-        <osvdb>16702</osvdb>
-      </references>
-      <type>UNKNOWN</type>
-      <fixed_in>1.5.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress Cross-Site Scripting and SQL Injection Vulnerabilities</title>
-      <references>
-        <osvdb>16478</osvdb>
-        <secunia>15324</secunia>
-      </references>
-      <type>MULTI</type>
-      <fixed_in>1.5.1</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WordPress template-functions-post.php Multiple Field XSS</title>
-      <references>
-        <cve>2005-1102</cve>
-        <osvdb>15643</osvdb>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </wordpress>
-
-</vulnerabilities>
diff --git a/lib/common/common_helper.rb b/lib/common/common_helper.rb
index 95cd8d71..dba67dac 100644
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -159,7 +159,7 @@ def json(file)
   begin
     JSON.parse(content)
   rescue => e
-    puts "[ERROR] In JSON file parsing #{e} #{e.backtrace}"
+    raise "[ERROR] In JSON file parsing #{file} #{e} #{e.backtrace}"
   end
 end
 
diff --git a/lib/wpstools/plugins/stats/stats_plugin.rb b/lib/wpstools/plugins/stats/stats_plugin.rb
index d467737d..7c4bd32c 100644
--- a/lib/wpstools/plugins/stats/stats_plugin.rb
+++ b/lib/wpstools/plugins/stats/stats_plugin.rb
@@ -60,26 +60,27 @@ class StatsPlugin < Plugin
   end
 
   def version_vulns_count(file=WP_VULNS_FILE)
-    xml(file).xpath('count(//vulnerability)').to_i
+    asset_vulns_count(json(file))
   end
+
   def fix_version_count(file=WP_VULNS_FILE)
-    xml(file).xpath('count(//fixed_in)').to_i
+    asset_fixed_in_count(json(file))
   end
 
   def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
-    json(file).xpath('count(//vulnerability)').to_i
+    asset_vulns_count(json(file))
   end
 
   def fix_plugin_count(file=PLUGINS_VULNS_FILE)
-    xml(file).xpath('count(//fixed_in)').to_i
+    asset_fixed_in_count(json(file))
   end
 
   def theme_vulns_count(file=THEMES_VULNS_FILE)
-    xml(file).xpath('count(//vulnerability)').to_i
+    asset_vulns_count(json(file))
   end
 
   def fix_theme_count(file=THEMES_VULNS_FILE)
-    xml(file).xpath('count(//fixed_in)').to_i
+    asset_fixed_in_count(json(file))
   end
 
   def total_plugins(file=PLUGINS_FULL_FILE)
@@ -94,4 +95,12 @@ class StatsPlugin < Plugin
     IO.readlines(file).size
   end
 
+  def asset_vulns_count(json)
+    json.map { |asset| asset[asset.keys.inject]['vulnerabilities'].size }.inject(:+)
+  end
+
+  def asset_fixed_in_count(json)
+    json.map { |asset| asset[asset.keys.inject]['vulnerabilities'].map {|a| a['fixed_in'].nil? ? 0 : 1 }.inject(:+) }.inject(:+)
+  end
+
 end
diff --git a/spec/shared_examples/wp_items_detectable.rb b/spec/shared_examples/wp_items_detectable.rb
index c6368cea..574621c0 100644
--- a/spec/shared_examples/wp_items_detectable.rb
+++ b/spec/shared_examples/wp_items_detectable.rb
@@ -52,13 +52,14 @@ shared_examples 'WpItems::Detectable' do
       end
     end
 
-    context 'when an empty file' do
-      let(:file) { empty_file }
+    # should raise error.
+    # context 'when an empty file' do
+    #   let(:file) { empty_file }
 
-      it 'returns an empty Array' do
-        @expected = []
-      end
-    end
+    #   it 'returns an empty Array' do
+    #     @expected = []
+    #   end
+    # end
 
     context 'when a file' do
       let(:file) { targets_items_file }
@@ -82,13 +83,14 @@ shared_examples 'WpItems::Detectable' do
       end
     end
 
-    context 'when an empty file' do
-      let(:vulns_file) { empty_file }
+    # should raise error.
+    # context 'when an empty file' do
+    #   let(:file) { empty_file }
 
-      it 'returns an empty Array' do
-        @expected = []
-      end
-    end
+    #   it 'returns an empty Array' do
+    #     @expected = []
+    #   end
+    # end
 
     context 'when a file' do
       it 'returns the expected Array of WpItem' do
diff --git a/spec/xml_checks_spec.rb b/spec/xml_checks_spec.rb
index ce8eb152..bdc68691 100644
--- a/spec/xml_checks_spec.rb
+++ b/spec/xml_checks_spec.rb
@@ -20,26 +20,11 @@ describe 'XSD checks' do
     end
   end
 
-  it 'check plugin_vulns.xml for syntax errors' do
-    @file = PLUGINS_VULNS_FILE
-    @xsd  = VULNS_XSD
-  end
-
-  it 'check theme_vulns.xml for syntax errors' do
-    @file = THEMES_VULNS_FILE
-    @xsd  = VULNS_XSD
-  end
-
   it 'check wp_versions.xml for syntax errors' do
     @file = WP_VERSIONS_FILE
     @xsd  = WP_VERSIONS_XSD
   end
 
-  it 'check wp_vulns.xml for syntax errors' do
-    @file = WP_VULNS_FILE
-    @xsd  = VULNS_XSD
-  end
-
   it 'check local_vulnerable_files.xml for syntax errors' do
     @file = LOCAL_FILES_FILE
     @xsd  = LOCAL_FILES_XSD
@@ -57,58 +42,11 @@ describe 'Well formed XML checks' do
     end
   end
 
-  it 'check plugin_vulns.xml for syntax errors' do
-    @file = PLUGINS_VULNS_FILE
-  end
-
-  it 'check theme_vulns.xml for syntax errors' do
-    @file = THEMES_VULNS_FILE
-  end
-
   it 'check wp_versions.xml for syntax errors' do
     @file = WP_VERSIONS_FILE
   end
 
-  it 'check wp_vulns.xml for syntax errors' do
-    @file = WP_VULNS_FILE
-  end
-
   it 'check local_vulnerable_files.xml for syntax errors' do
     @file = LOCAL_FILES_FILE
   end
 end
-
-describe 'XML content' do
-  before :all do
-    @vuln_plugins = xml(PLUGINS_VULNS_FILE)
-    @vuln_themes = xml(THEMES_VULNS_FILE)
-  end
-
-  after :each do
-    expect(@result.size).to eq(0), "Items:\n#{@result.join("\n")}"
-  end
-
-  it 'each plugin vuln needs a type node' do
-    @result = @vuln_plugins.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
-  end
-
-  it 'each theme vuln needs a type node' do
-    @result = @vuln_themes.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
-  end
-
-  it 'each plugin vuln needs a title node' do
-    @result = @vuln_plugins.xpath('//vulnerability[not(title)]/../@name').map(&:text)
-  end
-
-  it 'each theme vuln needs a title node' do
-    @result = @vuln_themes.xpath('//vulnerability[not(title)]/../@name').map(&:text)
-  end
-
-  it 'each plugin vuln needs a references node' do
-    @result = @vuln_plugins.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
-  end
-
-  it 'each theme vuln needs a references node' do
-    @result = @vuln_themes.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
-  end
-end