From 6dee0c7e4b08125bac190cec25c480e194fe567e Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Fri, 18 Oct 2013 17:56:50 +0200
Subject: [PATCH 1/5] Added OSVDB #98668

---
 data/plugin_vulns.xml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index c03d717f..e2838b15 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7411,4 +7411,17 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="dexs-pm-system">
+    <vulnerability>
+      <title>Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS</title>
+      <references>
+        <osvdb>98668</osvdb>
+        <secunia>55296</secunia>
+        <exploitdb>28970</exploitdb>
+        <url>http://www.securityfocus.com/bid/63021</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

From bf3795bced3b029bea63b2a89f2c5849e03d86a9 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sat, 19 Oct 2013 13:53:56 +0200
Subject: [PATCH 2/5] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index e2838b15..eb95f2f6 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7378,10 +7378,12 @@
 
   <plugin name="dexs-pm-system">
     <vulnerability>
-      <title>Dexs PM System Cross Site Scripting</title>
+      <title>Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS</title>
       <references>
+        <osvdb>98668</osvdb>
+        <secunia>55296</secunia>
         <exploitdb>28970</exploitdb>
-        <url>http://packetstormsecurity.com/files/123634/</url>
+        <url>http://www.securityfocus.com/bid/63021</url>
       </references>
       <type>XSS</type>
     </vulnerability>
@@ -7411,17 +7413,4 @@
     </vulnerability>
   </plugin>
 
-  <plugin name="dexs-pm-system">
-    <vulnerability>
-      <title>Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS</title>
-      <references>
-        <osvdb>98668</osvdb>
-        <secunia>55296</secunia>
-        <exploitdb>28970</exploitdb>
-        <url>http://www.securityfocus.com/bid/63021</url>
-      </references>
-      <type>XSS</type>
-    </vulnerability>
-  </plugin>
-
 </vulnerabilities>

From 49883bbc3a50da2119ed39cc1bf08bb8b7c5c0c2 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sat, 19 Oct 2013 21:27:24 +0200
Subject: [PATCH 3/5] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index eb95f2f6..664ebbb4 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7002,8 +7002,9 @@
 
   <plugin name="nospampti">
     <vulnerability>
-      <title>NOSpamPTI 2.1 - Blind SQL Injection</title>
+      <title>NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection</title>
       <references>
+        <osvdb>97528</osvdb>
         <exploitdb>28485</exploitdb>
         <cve>2013-5917</cve>
         <url>http://packetstormsecurity.com/files/123331/</url>
@@ -7368,8 +7369,9 @@
 
   <plugin name="finalist">
     <vulnerability>
-      <title>Finalist - Cross Site Scripting</title>
+      <title>Finalist - /wp-content/plugins/finalist/vote.php id Parameter Reflected XSS</title>
       <references>
+        <osvdb>98665</osvdb>
         <url>http://packetstormsecurity.com/files/123597/</url>
       </references>
       <type>XSS</type>

From edf2ac481b736091cfc233859c1dfca5e2c7da5c Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sun, 20 Oct 2013 12:06:21 +0200
Subject: [PATCH 4/5] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 53 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 52 insertions(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 664ebbb4..c6ca89ce 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -870,6 +870,16 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="wp-image-resizer">
+    <vulnerability>
+      <title>Image Resizer - Cross Site Scripting</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/123651/</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
   <plugin name="wp-levoslideshow">
     <vulnerability>
       <title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
@@ -4775,13 +4785,20 @@
 
   <plugin name="woocommerce">
     <vulnerability>
-      <title>WooCommerce - index.php calc_shipping_state Parameter XSS</title>
+      <title>WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS</title>
       <references>
         <osvdb>95480</osvdb>
       </references>
       <type>XSS</type>
       <fixed_in>2.0.13</fixed_in>
     </vulnerability>
+    <vulnerability>
+      <title>WooCommerce 2.0.17 - Cross Site Scripting</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/123684/</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
   </plugin>
 
   <plugin name="wp-e-commerce-predictive-search">
@@ -7114,6 +7131,18 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="quick-paypal-payments">
+    <vulnerability>
+      <title>Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS</title>
+      <references>
+        <osvdb>98715</osvdb>
+        <secunia>55292</secunia>
+        <url>http://packetstormsecurity.com/files/123662/</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
   <plugin name="email-newsletter">
     <vulnerability>
       <title>Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability</title>
@@ -7415,4 +7444,26 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="wp-realty">
+    <vulnerability>
+      <title>WP Realty - Blind SQL Injection</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/123655/</url>
+      </references>
+      <type>SQLI</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="social-sharing-toolkit">
+    <vulnerability>
+      <title>Social Sharing Toolkit 2.2.1 - Setting Manipulation CSRF</title>
+      <references>
+        <osvdb>98717</osvdb>
+        <cve>2013-2701</cve>
+        <secunia>52951</secunia>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

From 88611ad3e8160a0eef6509c98f7115cf4f16af3f Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sun, 20 Oct 2013 12:16:49 +0200
Subject: [PATCH 5/5] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index c6ca89ce..8ee9ef4b 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7444,16 +7444,6 @@
     </vulnerability>
   </plugin>
 
-  <plugin name="wp-realty">
-    <vulnerability>
-      <title>WP Realty - Blind SQL Injection</title>
-      <references>
-        <url>http://packetstormsecurity.com/files/123655/</url>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
   <plugin name="social-sharing-toolkit">
     <vulnerability>
       <title>Social Sharing Toolkit 2.2.1 - Setting Manipulation CSRF</title>