From 94106debe48d8ce85b8e034960eb344b271b6329 Mon Sep 17 00:00:00 2001
From: ethicalhack3r <ryandewhurst@gmail.com>
Date: Sun, 27 Jan 2013 15:57:30 +0100
Subject: [PATCH 1/3] Added WP 3.5 XSS advisory.

---
 data/wp_vulns.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index e35ecafa..1f4bc32b 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -22,6 +22,11 @@
                  xsi:noNamespaceSchemaLocation="vuln.xsd">
 
   <wordpress version="3.5">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>XMLRPC Pingback API Internal/External Port Scanning</title>
       <reference>https://github.com/FireFart/WordpressPingbackPortScanner</reference>

From 27a6aed7441db9ba27f22cf8218f7653aa4e4e98 Mon Sep 17 00:00:00 2001
From: ethicalhack3r <ryandewhurst@gmail.com>
Date: Sun, 27 Jan 2013 16:12:23 +0100
Subject: [PATCH 2/3] Added plupload XSS issue to older versions of wp.

---
 data/wp_vulns.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index 1f4bc32b..9661998f 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -40,6 +40,11 @@
   </wordpress>
 
   <wordpress version="3.4.2">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>WordPress 3.4.2 Cross Site Request Forgery</title>
       <reference>http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html</reference>
@@ -58,6 +63,11 @@
   </wordpress>
 
   <wordpress version="3.4.1">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>XMLRPC Pingback API Internal/External Port Scanning</title>
       <reference>https://github.com/FireFart/WordpressPingbackPortScanner</reference>
@@ -71,6 +81,11 @@
   </wordpress>
 
   <wordpress version="3.4">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>XMLRPC Pingback API Internal/External Port Scanning</title>
       <reference>https://github.com/FireFart/WordpressPingbackPortScanner</reference>
@@ -84,6 +99,11 @@
   </wordpress>
 
   <wordpress version="3.4-beta4">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
       <reference>http://www.exploit-db.com/exploits/18791/</reference>
@@ -102,6 +122,11 @@
   </wordpress>
 
   <wordpress version="3.3.3">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>XMLRPC Pingback API Internal/External Port Scanning</title>
       <reference>https://github.com/FireFart/WordpressPingbackPortScanner</reference>
@@ -115,6 +140,11 @@
   </wordpress>
 
   <wordpress version="3.3.2">
+    <vulnerability>
+      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
       <reference>http://www.exploit-db.com/exploits/18791/</reference>

From f0577549d8b6d587a31fef84f1a94e65bd74613d Mon Sep 17 00:00:00 2001
From: ethicalhack3r <ryandewhurst@gmail.com>
Date: Sun, 27 Jan 2013 16:16:30 +0100
Subject: [PATCH 3/3] Better description to plupload vuln.

---
 data/wp_vulns.xml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index 9661998f..f5a67ec0 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -23,7 +23,7 @@
 
   <wordpress version="3.5">
     <vulnerability>
-      <title>WordPress 3.5 Cross-Site Scripting (XSS)</title>
+      <title>WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)</title>
       <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
       <type>XSS</type>
     </vulnerability>
@@ -41,7 +41,7 @@
 
   <wordpress version="3.4.2">
     <vulnerability>
-      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <title>WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)</title>
       <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
       <type>XSS</type>
     </vulnerability>
@@ -64,7 +64,7 @@
 
   <wordpress version="3.4.1">
     <vulnerability>
-      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <title>WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)</title>
       <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
       <type>XSS</type>
     </vulnerability>
@@ -82,7 +82,7 @@
 
   <wordpress version="3.4">
     <vulnerability>
-      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <title>WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)</title>
       <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
       <type>XSS</type>
     </vulnerability>
@@ -100,7 +100,7 @@
 
   <wordpress version="3.4-beta4">
     <vulnerability>
-      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <title>WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)</title>
       <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
       <type>XSS</type>
     </vulnerability>
@@ -123,7 +123,7 @@
 
   <wordpress version="3.3.3">
     <vulnerability>
-      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <title>WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)</title>
       <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
       <type>XSS</type>
     </vulnerability>
@@ -141,7 +141,7 @@
 
   <wordpress version="3.3.2">
     <vulnerability>
-      <title>WordPress 3.5 Cross-Site Scripting (XSS) (Issue 3)</title>
+      <title>WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)</title>
       <reference>https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues</reference>
       <type>XSS</type>
     </vulnerability>