diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 1c5fcdbf..0d15a856 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -5,7 +5,7 @@ - Content Slide Plugin Cross-Site Requst Forgery Vulnerability + Content Slide - Cross-Site Requst Forgery Vulnerability CSRF 93871 @@ -16,7 +16,7 @@ - Simple Paypal Shopping Cart Plugin Cross-Site Request Forgery Vulnerability + Simple Paypal Shopping Cart - Cross-Site Request Forgery Vulnerability 52963 93953 @@ -28,7 +28,7 @@ - WP-SendSMS Plugin for WordPress Setting Manipulation CSRF + WP-SendSMS - Setting Manipulation CSRF 53796 94209 @@ -37,7 +37,7 @@ CSRF - WP-SendSMS Plugin for WordPress wp-admin/admin.php Multiple Parameter XSS + WP-SendSMS - wp-admin/admin.php Multiple Parameter XSS 94210 @@ -47,7 +47,7 @@ - Mail Subscribe List Plugin Script Insertion Vulnerability + Mail Subscribe List - Script Insertion Vulnerability 53732 94197 @@ -59,7 +59,7 @@ - VideoJS Cross-Site Scripting Vulnerability + VideoJS Cross - Site Scripting Vulnerability 53437 http://seclists.org/fulldisclosure/2013/May/66 @@ -71,7 +71,7 @@ - VideoJS Cross-Site Scripting Vulnerability + VideoJS Cross - Site Scripting Vulnerability 53426 http://seclists.org/fulldisclosure/2013/May/66 @@ -83,7 +83,7 @@ - VideoJS Cross-Site Scripting Vulnerability + VideoJS Cross - Site Scripting Vulnerability 53445 http://seclists.org/fulldisclosure/2013/May/66 @@ -95,7 +95,7 @@ - VideoJS Cross-Site Scripting Vulnerability + VideoJS Cross - Site Scripting Vulnerability 53396 http://seclists.org/fulldisclosure/2013/May/66 @@ -107,7 +107,7 @@ - VideoJS Cross-Site Scripting Vulnerability + VideoJS Cross - Site Scripting Vulnerability http://seclists.org/fulldisclosure/2013/May/66 @@ -117,7 +117,7 @@ - Crayon Syntax Highlighter Remote File Inclusion Vulnerability + Crayon Syntax Highlighter - Remote File Inclusion Vulnerability 50804 http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/ @@ -130,14 +130,14 @@ - UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability + UnGallery <= 1.5.8 - Local File Disclosure Vulnerability 17704 LFI - UnGallery Arbitrary Command Execution + UnGallery - Arbitrary Command Execution 50875 http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/ @@ -149,7 +149,7 @@ - Thank You Counter Button XSS + Thank You Counter Button - XSS 50977 @@ -160,7 +160,7 @@ - Bookings XSS + Bookings - XSS 50975 @@ -171,7 +171,7 @@ - Cimy User Manager Arbitrary File Disclosure + Cimy User Manager - Arbitrary File Disclosure 50834 http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/ @@ -182,7 +182,7 @@ - WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability + FireStorm Professional Real Estate - "id" SQL Injection Vulnerability 51107 @@ -190,7 +190,7 @@ 2.06.04 - FireStorm Professional Real Estate Plugin Multiple SQL Injection + FireStorm Professional Real Estate - Multiple SQL Injection 50873 @@ -204,14 +204,14 @@ - WP125 Multiple XSS + WP125 Multiple - XSS 50976 XSS - WordPress WP125 Plugin CSRF + WP125 - CSRF http://www.securityfocus.com/bid/58934 @@ -222,7 +222,7 @@ - Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities + All Video Gallery - Multiple SQL Injection Vulnerabilities 50874 http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/ @@ -233,7 +233,7 @@ - BuddyStream XSS + BuddyStream - XSS 50972 @@ -243,7 +243,7 @@ - post-views XSS + post-views - XSS 50982 @@ -313,7 +313,7 @@ - multibox plugin Full Path Disclosure vulnerability + multibox - Full Path Disclosure vulnerability http://1337day.com/exploit/20119 @@ -429,7 +429,7 @@ FPD - Wp-UserOnline <= 0.62 Persistent XSS + Wp-UserOnline <= 0.62 - Persistent XSS http://seclists.org/fulldisclosure/2010/Jul/8 @@ -487,7 +487,7 @@ - Advanced Custom Fields <= 3.5.1 Remote File Inclusion + Advanced Custom Fields <= 3.5.1 - Remote File Inclusion http://packetstormsecurity.com/files/119221/ 51037 @@ -502,7 +502,7 @@ - Wordpress sitepress-multilingual-cms Full Path Disclosure + sitepress-multilingual-cms Full Path Disclosure http://1337day.com/exploit/20067 @@ -512,18 +512,26 @@ - Asset Manager 0.2 Arbitrary File Upload + Asset Manager 0.2 - Arbitrary File Upload + 82653 18993 + 23652 + 49378 + http://www.securityfocus.com/bid/53809 + http://packetstormsecurity.com/files/119133/ UPLOAD - WordPress plugin Asset manager upload.php Arbitrary Code Execution + Asset Manager - upload.php Arbitrary Code Execution + 82653 http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/ + http://packetstormsecurity.com/files/113285/ + http://xforce.iss.net/xforce/xfdb/80823 UPLOAD @@ -754,7 +762,7 @@ XSS - WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities + Carousel Slideshow - Unspecified Vulnerabilities 50377 @@ -836,7 +844,7 @@ XSS - WordPress Image News slider Plugin Unspecified Vulnerabilities + Image News slider - Unspecified Vulnerabilities 50390 @@ -958,7 +966,7 @@ - Answer My Question 1.1 Multiple XSS + Answer My Question 1.1 - Multiple XSS http://www.securityfocus.com/archive/1/524625/30/0/threaded 50655 @@ -984,7 +992,7 @@ MULTI - Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities + Spider Catalog 1.4.6 - Multiple Vulnerabilities 25724 93591 @@ -995,7 +1003,7 @@ - Wordfence 3.3.5 XSS and IAA + Wordfence 3.3.5 - XSS and IAA http://seclists.org/fulldisclosure/2012/Oct/139 51055 @@ -1020,7 +1028,7 @@ MULTI - WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities + Slideshow - Multiple Script Insertion Vulnerabilities 51135 @@ -1095,7 +1103,7 @@ - Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities + Quick Post Widget 1.9.1 - Multiple Cross-site scripting vulnerabilities http://seclists.org/bugtraq/2012/Aug/66 @@ -1105,7 +1113,7 @@ - ThreeWP Email Reflector 1.13 Stored XSS + ThreeWP Email Reflector 1.13 - Stored XSS 20365 @@ -1115,7 +1123,7 @@ - SimpleMail 1.0.6 Stored XSS + SimpleMail 1.0.6 - Stored XSS 20361 50208 @@ -1126,7 +1134,7 @@ - Postie 1.4.3 Stored XSS + Postie 1.4.3 - Stored XSS 20360 50207 @@ -1137,7 +1145,7 @@ - RSVPMaker v2.5.4 Persistent XSS + RSVPMaker v2.5.4 - Persistent XSS 20474 50289 @@ -1148,7 +1156,7 @@ - Mz-jajak <= 2.1 SQL Injection Vulnerability + Mz-jajak <= 2.1 - SQL Injection Vulnerability 20416 50217 @@ -1159,7 +1167,7 @@ - Resume Submissions Job Posting v2.5.1 Unrestricted File Upload + Resume Submissions Job Posting v2.5.1 - Unrestricted File Upload http://packetstormsecurity.com/files/114716/ @@ -1169,7 +1177,7 @@ - WP-Predict v1.0 Blind SQL Injection + WP-Predict v1.0 - Blind SQL Injection 19715 @@ -1180,7 +1188,7 @@ - Backup Plugin Information Disclosure + Backup - Information Disclosure 19524 50038 @@ -1192,7 +1200,7 @@ - MoodThingy Widget v0.8.7 Blind SQL Injection + MoodThingy Widget v0.8.7 - Blind SQL Injection 19572 @@ -1202,7 +1210,7 @@ - Paid Business Listings v1.0.2 Blind SQL Injection + Paid Business Listings v1.0.2 - Blind SQL Injection 19481 @@ -1212,7 +1220,7 @@ - Website FAQ Plugin v1.0 SQL Injection + Website FAQ 1.0 - SQL Injection 19400 @@ -1222,7 +1230,7 @@ - Fancy Gallery 1.2.4 Shell Upload + Fancy Gallery 1.2.4 - Shell Upload http://packetstormsecurity.com/files/114114/ @@ -1232,7 +1240,7 @@ - Flip Book 1.0 Shell Upload + Flip Book 1.0 - Shell Upload http://packetstormsecurity.com/files/114112/ @@ -1242,7 +1250,7 @@ - Ajax Multi Upload 1.1 Shell Upload + Ajax Multi Upload 1.1 - Shell Upload http://packetstormsecurity.com/files/114109/ @@ -1252,7 +1260,7 @@ - Schreikasten 0.14.13 XSS + Schreikasten 0.14.13 - XSS 19294 @@ -1262,7 +1270,7 @@ - Wordpress Automatic 2.0.3 CSRF + Automatic 2.0.3 - CSRF http://packetstormsecurity.com/files/113763/ @@ -1289,7 +1297,7 @@ - Auctions Plugin 2.0.1.3 Arbitrary + <title>Auctions - 2.0.1.3 - Arbitrary File Upload Vulnerability @@ -1301,7 +1309,7 @@ - LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability + LB Mixed Slideshow 1.0 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113844/ @@ -1311,7 +1319,7 @@ - Lim4wp 1.1.1 Arbitrary File Upload Vulnerability + Lim4wp 1.1.1 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113846/ @@ -1321,7 +1329,7 @@ - Wp-ImageZoom 1.0.3 Remote File Disclosure + Wp-ImageZoom 1.0.3 - Remote File Disclosure http://packetstormsecurity.com/files/113845/ @@ -1331,7 +1339,7 @@ - Invit0r 0.22 Shell Upload + Invit0r 0.22 - Shell Upload http://packetstormsecurity.com/files/113639/ @@ -1341,7 +1349,7 @@ - Annonces 1.2.0.1 Shell Upload + Annonces 1.2.0.1 - Shell Upload http://packetstormsecurity.com/files/113637/ @@ -1351,7 +1359,7 @@ - Contus Video Gallery 1.3 Arbitrary + <title>Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability @@ -1363,16 +1371,14 @@ - Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability + Contus HD FLV Player <= 1.3 - SQL Injection Vulnerability 17678 SQLI - Contus HD FLV Player 1.7 Arbitrary - File Upload Vulnerability - + Contus HD FLV Player 1.7 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113570/ @@ -1383,7 +1389,7 @@ - User Meta Version 1.1.1 Arbitrary File Upload Vulnerability + User Meta Version 1.1.1 - Arbitrary File Upload Vulnerability 19052 @@ -1393,7 +1399,7 @@ - Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability + Top Quark Architecture Version 2.10 - Arbitrary File Upload Vulnerability 19053 @@ -1403,7 +1409,7 @@ - SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability + SfBrowser Version 1.4.5 - Arbitrary File Upload Vulnerability 19054 @@ -1420,14 +1426,14 @@ XSS - Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability + Pica Photo Gallery 1.0 - Arbitrary File Upload Vulnerability 19055 UPLOAD - PICA Photo Gallery 1.0 Remote File Disclosure + PICA Photo Gallery 1.0 - Remote File Disclosure 19016 @@ -1444,14 +1450,14 @@ XSS - WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues + Mac Photo Gallery - Two Security Bypass Security Issues 49923 AUTHBYPASS - WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities + Mac Photo Gallery - Multiple Script Insertion Vulnerabilities 49836 @@ -1459,7 +1465,7 @@ 3.0 - Mac Photo Gallery 2.7 Arbitrary File Upload + Mac Photo Gallery 2.7 - Arbitrary File Upload 19056 @@ -1469,7 +1475,7 @@ - drag and drop file upload 0.1 Arbitrary File Upload Vulnerability + drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability 19057 @@ -1489,7 +1495,7 @@ - wp-gpx-max version 1.1.21 Arbitrary File Upload + wp-gpx-max version 1.1.21 - Arbitrary File Upload 19050 @@ -1499,7 +1505,7 @@ - Front File Manager Plugin 0.1 Arbitrary File Upload + Front File Manager 0.1 - Arbitrary File Upload 19012 @@ -1509,14 +1515,14 @@ - Front End Upload 0.5.3 Arbitrary File Upload + Front End Upload 0.5.3 - Arbitrary File Upload 19008 UPLOAD - Front End Upload v0.5.4 Arbitrary PHP File Upload + Front End Upload v0.5.4 - Arbitrary PHP File Upload 20083 @@ -1526,7 +1532,7 @@ - Omni Secure Files 0.1.13 Arbitrary File Upload + Omni Secure Files 0.1.13 - Arbitrary File Upload 19009 @@ -1536,7 +1542,7 @@ - Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability + Easy Contact Forms Export 1.1.0 - Information Disclosure Vulnerability 19013 @@ -1546,7 +1552,7 @@ - Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability + Plugin: Newsletter 1.5 - Remote File Disclosure Vulnerability 19018 @@ -1556,7 +1562,7 @@ - RBX Gallery 2.1 Arbitrary File Upload + RBX Gallery 2.1 - Arbitrary File Upload 19019 @@ -1566,7 +1572,7 @@ - Simple Download Button Shortcode 1.0 Remote File Disclosure + Simple Download Button Shortcode 1.0 - Remote File Disclosure 19020 @@ -1576,7 +1582,7 @@ - Thinkun Remind 1.1.3 Remote File Disclosure + Thinkun Remind 1.1.3 - Remote File Disclosure 19021 @@ -1586,7 +1592,7 @@ - Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure + Tinymce Thumbnail Gallery 1.0.7 - Remote File Disclosure 19022 @@ -1596,7 +1602,7 @@ - wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload + wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload 19023 @@ -1606,7 +1612,7 @@ - Gallery 3.06 Arbitrary File Upload + Gallery 3.06 - Arbitrary File Upload 18998 @@ -1616,7 +1622,7 @@ - Font Uploader 1.2.4 Arbitrary File Upload + Font Uploader 1.2.4 - Arbitrary File Upload 18994 82657 @@ -1643,7 +1649,7 @@ - WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload + WP Marketplace 1.5.0-1.6.1 - Arbitrary File Upload 18988 @@ -1682,17 +1688,17 @@ - Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload + Foxypress 0.4.1.1-0.4.2.1 - Arbitrary File Upload http://packetstormsecurity.com/files/113576/ + http://www.securityfocus.com/bid/53805 18991 19100 - UPLOAD - FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection + FoxyPress 0.4.2.5 - XSS / CSRF / SQL Injection http://packetstormsecurity.com/files/117768/ 51109 @@ -1703,7 +1709,7 @@ - Track That Stat <= 1.0.8 Cross Site Scripting + Track That Stat <= 1.0.8 - Cross Site Scripting http://packetstormsecurity.com/files/112722/ http://www.securityfocus.com/bid/53551 @@ -1714,7 +1720,7 @@ - WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting + WP-Facethumb Gallery <= 0.1 - Reflected Cross Site Scripting http://packetstormsecurity.com/files/112658/ @@ -1724,7 +1730,7 @@ - Survey And Quiz Tool <= 2.9.2 Cross Site Scripting + Survey And Quiz Tool <= 2.9.2 - Cross Site Scripting http://packetstormsecurity.com/files/112685/ @@ -1734,7 +1740,7 @@ - WP Statistics <= 2.2.4 Cross Site Scripting + WP Statistics <= 2.2.4 - Cross Site Scripting http://packetstormsecurity.com/files/112686/ @@ -1744,14 +1750,14 @@ - WP Easy Gallery <= 1.7 Cross Site Scripting + WP Easy Gallery <= 1.7 - Cross Site Scripting http://packetstormsecurity.com/files/112687/ XSS - WP Easy Gallery <= 2.7 CSRF + WP Easy Gallery <= 2.7 - CSRF http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery @@ -1761,7 +1767,7 @@ - Subscribe2 <= 8.0 Cross Site Scripting + Subscribe2 <= 8.0 - Cross Site Scripting http://packetstormsecurity.com/files/112688/ @@ -1771,7 +1777,7 @@ - Soundcloud Is Gold <= 2.1 Cross Site Scripting + Soundcloud Is Gold <= 2.1 - Cross Site Scripting http://packetstormsecurity.com/files/112689/ @@ -1807,7 +1813,7 @@ - Share And Follow <= 1.80.3 Cross Site Scripting + Share And Follow <= 1.80.3 - Cross Site Scripting http://packetstormsecurity.com/files/112691/ @@ -1817,7 +1823,7 @@ - SABRE <= 1.2.0 Cross Site Scripting + SABRE <= 1.2.0 - Cross Site Scripting http://packetstormsecurity.com/files/112692/ @@ -1827,21 +1833,21 @@ - Pretty Link Lite <= 1.5.2 Cross Site Scripting + Pretty Link Lite <= 1.5.2 - Cross Site Scripting http://packetstormsecurity.com/files/112693/ XSS - Pretty Link Lite <= 1.6.1 Cross Site Scripting + Pretty Link Lite <= 1.6.1 - Cross Site Scripting 50980 XSS - WordPress pretty-link plugin XSS in SWF + pretty-link - XSS in SWF http://seclists.org/bugtraq/2013/Feb/100 http://packetstormsecurity.com/files/120433/ @@ -1853,7 +1859,7 @@ - Newsletter Manager <= 1.0 Cross Site Scripting + Newsletter Manager <= 1.0 - Cross Site Scripting http://packetstormsecurity.com/files/112694/ @@ -1863,7 +1869,7 @@ - Network Publisher <= 5.0.1 Cross Site Scripting + Network Publisher <= 5.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112695/ @@ -1873,7 +1879,7 @@ - LeagueManager <= 3.7 Cross Site Scripting + LeagueManager <= 3.7 - Cross Site Scripting http://packetstormsecurity.com/files/112698/ 49949 @@ -1881,7 +1887,7 @@ XSS - LeagueManager v3.8 SQL Injection + LeagueManager v3.8 - SQL Injection 24789 2013-1852 @@ -1893,7 +1899,7 @@ - Leaflet <= 0.0.1 Cross Site Scripting + Leaflet <= 0.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112699/ @@ -1903,7 +1909,7 @@ - PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting + PDF And Print Button Joliprint <= 1.3.0 - Cross Site Scripting http://packetstormsecurity.com/files/112700/ @@ -1913,7 +1919,7 @@ - IFrame Admin Pages <= 0.1 Cross Site Scripting + IFrame Admin Pages <= 0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112701/ @@ -1923,7 +1929,7 @@ - EZPZ One Click Backup <= 12.03.10 Cross Site Scripting + EZPZ One Click Backup <= 12.03.10 - Cross Site Scripting http://packetstormsecurity.com/files/112705/ @@ -1933,7 +1939,7 @@ - Dynamic Widgets <= 1.5.1 Cross Site Scripting + Dynamic Widgets <= 1.5.1 - Cross Site Scripting http://packetstormsecurity.com/files/112706/ @@ -1943,7 +1949,7 @@ - Download Monitor < 3.3.6.2 Cross Site Scripting + Download Monitor < 3.3.6.2 - Cross Site Scripting http://www.securityfocus.com/bid/61407 53116 @@ -1954,7 +1960,7 @@ 3.3.6.2 - Download Monitor <= 3.3.5.7 Cross Site Scripting + Download Monitor <= 3.3.5.7 - Cross Site Scripting http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html 50511 @@ -1962,7 +1968,7 @@ XSS - Download Monitor <= 3.3.5.4 Cross Site Scripting + Download Monitor <= 3.3.5.4 - Cross Site Scripting http://packetstormsecurity.com/files/112707/ @@ -1972,7 +1978,7 @@ - Download Manager <= 2.2 Cross Site Scripting + Download Manager <= 2.2 - Cross Site Scripting http://packetstormsecurity.com/files/112708/ @@ -1982,7 +1988,7 @@ - Code Styling Localization <= 1.99.16 Cross Site Scripting + Code Styling Localization <= 1.99.16 - Cross Site Scripting http://packetstormsecurity.com/files/112709/ @@ -1992,7 +1998,7 @@ - Catablog <= 1.6 Cross Site Scripting + Catablog <= 1.6 - Cross Site Scripting http://packetstormsecurity.com/files/112619/ @@ -2002,7 +2008,7 @@ - Bad Behavior <= 2.24 Cross Site Scripting + Bad Behavior <= 2.24 - Cross Site Scripting http://packetstormsecurity.com/files/112619/ @@ -2033,7 +2039,7 @@ - Better WP Security <= 3.5.3 Stored XSS + Better WP Security <= 3.5.3 - Stored XSS https://github.com/wpscanteam/wpscan/issues/251 http://www.securityfocus.com/archive/1/527634/30/0/threaded @@ -2045,7 +2051,7 @@ 3.5.4 - Better WP Security v3.4.3 Multiple XSS + Better WP Security v3.4.3 - Multiple XSS http://seclists.org/bugtraq/2012/Oct/9 @@ -2053,7 +2059,7 @@ 3.4.4 - Better WP Security <= 3.2.4 Cross Site Scripting + Better WP Security <= 3.2.4 - Cross Site Scripting http://packetstormsecurity.com/files/112617/ @@ -2064,7 +2070,7 @@ - Custom Contact Forms <= 5.0.0.1 Cross Site Scripting + Custom Contact Forms <= 5.0.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112616/ @@ -2074,14 +2080,14 @@ - 2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting + 2-Click-Socialmedia-Buttons <= 0.34 - Cross Site Scripting http://packetstormsecurity.com/files/112615/ XSS - 2-Click-Socialmedia-Buttons <= 0.32.2 Cross Site Scripting + 2-Click-Socialmedia-Buttons <= 0.32.2 - Cross Site Scripting http://packetstormsecurity.com/files/112711/ @@ -2091,7 +2097,7 @@ - Login With Ajax plugin Cross Site Scripting + Login With Ajax - Cross Site Scripting 49013 @@ -2099,7 +2105,7 @@ 3.0.4.1 - WordPress Login With Ajax Plugin Cross-Site Request Forgery Vulnerability + Login With Ajax - Cross-Site Request Forgery Vulnerability 52950 @@ -2110,14 +2116,14 @@ - Media Library Categories plugin <= 1.0.6 SQL Injection Vulnerability + Media Library Categories <= 1.0.6 - SQL Injection Vulnerability 17628 SQLI - Media Library Categories plugin <= 1.1.1 Cross Site Scripting + Media Library Categories <= 1.1.1 - Cross Site Scripting http://packetstormsecurity.com/files/112697/ @@ -2127,7 +2133,7 @@ - FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload + FCKeditor Deans With Pwwangs Code <= 1.0.0 - Remote Shell Upload http://packetstormsecurity.com/files/111319/ @@ -2137,7 +2143,7 @@ - WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability + Zingiri Web Shop - Cookie SQL Injection Vulnerability 49398 @@ -2145,7 +2151,7 @@ 2.4.8 - Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities + Zingiri Web Shop <= 2.4.0 - Multiple XSS Vulnerabilities 18787 48991 @@ -2153,14 +2159,14 @@ XSS - Zingiri Web Shop <= 2.3.5 Cross Site Scripting + Zingiri Web Shop <= 2.3.5 - Cross Site Scripting http://packetstormsecurity.com/files/112684/ XSS - Zingiri Web Shop 2.4.3 Shell Upload + Zingiri Web Shop 2.4.3 - Shell Upload http://packetstormsecurity.com/files/113668/ @@ -2170,7 +2176,7 @@ - Organizer 1.2.1 Cross Site Scripting / Path Disclosure + Organizer 1.2.1 - Cross Site Scripting / Path Disclosure http://packetstormsecurity.com/files/112086/ http://packetstormsecurity.com/files/113800/ @@ -2181,7 +2187,7 @@ - Zingiri Tickets plugin File Disclosure + Zingiri Tickets - File Disclosure http://packetstormsecurity.com/files/111904/ @@ -2201,17 +2207,35 @@ - Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress + All-in-One Event Calendar 1.4 - Multiple XSS vulnerabilities http://seclists.org/bugtraq/2012/Apr/70 XSS + + All-in-One Event Calendar 1.9 - wp-admin/post-new.php Multiple Parameter XSS + + 96271 + 54038 + + XSS + 1.10 + + + All-in-One Event Calendar 1.9 - index.php Multiple Parameter SQL Injection + + 96272 + 54038 + + SQLI + 1.10 + - Buddypress <= 1.5.5 SQL Injection + Buddypress <= 1.5.5 - SQL Injection 18690 @@ -2221,7 +2245,7 @@ - Register Plus Redux <= 3.8.3 Cross Site Scripting + Register Plus Redux <= 3.8.3 - Cross Site Scripting http://packetstormsecurity.com/files/111367/ @@ -2231,7 +2255,7 @@ - Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability + Magn WP Drag and Drop <= 1.1.4 - Upload Shell Upload Vulnerability http://packetstormsecurity.com/files/110103/ @@ -2241,7 +2265,7 @@ - Kish Guest Posting 1.0 Arbitrary File Upload + Kish Guest Posting 1.0 - Arbitrary File Upload 18412 @@ -2251,14 +2275,14 @@ - AllWebMenus Shell Upload <= 1.1.9 Shell Upload + AllWebMenus Shell Upload <= 1.1.9 - Shell Upload http://packetstormsecurity.com/files/108946/ RFI - AllWebMenus 1.1.3 Remote File Inclusion + AllWebMenus 1.1.3 - Remote File Inclusion 17861 @@ -2268,7 +2292,7 @@ - Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting + Shortcode Redirect <= 1.0.01 - Stored Cross Site Scripting http://packetstormsecurity.com/files/108914/ @@ -2278,7 +2302,7 @@ - uCan Post plugin <= 1.0.09 Stored XSS + uCan Post <= 1.0.09 - Stored XSS 18390 @@ -2288,7 +2312,7 @@ - WP Cycle Playlist plugin Multiple Vulnerabilities + WP Cycle Playlist - Multiple Vulnerabilities http://1337day.com/exploits/17396 @@ -2298,7 +2322,7 @@ - myEASYbackup 1.0.8.1 Directory Traversal + myEASYbackup 1.0.8.1 - Directory Traversal http://packetstormsecurity.com/files/108711/ @@ -2308,35 +2332,38 @@ - Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability + Count per Day 3.2.5 - counter.php XSS Vulnerability + 90893 24859 + 52436 + http://packetstormsecurity.com/files/120649/ XSS - Count Per Day 3.2.3 Cross Site Scripting + Count Per Day 3.2.3 - Cross Site Scripting http://packetstormsecurity.com/files/115904/ XSS - Count Per Day 3.1.1 Cross Site Scripting + Count Per Day 3.1.1 - Cross Site Scripting http://packetstormsecurity.com/files/114787/ XSS - Count Per Day plugin <= 3.1.1 Multiple Vulnerabilities + Count Per Day <= 3.1.1 - Multiple Vulnerabilities 18355 MULTI - Count per Day plugin <= 2.17 SQL Injection Vulnerability + Count per Day <= 2.17 - SQL Injection Vulnerability 17857 @@ -2346,7 +2373,7 @@ - WP-AutoYoutube plugin <= 0.1 Blind SQL Injection Vulnerability + WP-AutoYoutube <= 0.1 - Blind SQL Injection Vulnerability http://1337day.com/exploits/17368 @@ -2356,7 +2383,7 @@ - Age Verification plugin <= 0.4 Open Redirect + Age Verification <= 0.4 - Open Redirect 18350 @@ -2366,7 +2393,7 @@ - Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting + Yousaytoo Auto Publishing <= 1.0 - Cross Site Scripting http://packetstormsecurity.com/files/108470/ @@ -2376,7 +2403,7 @@ - Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities + Pay With Tweet <= 1.1 - Multiple Vulnerabilities 18330 @@ -2386,7 +2413,7 @@ - Whois Search <= 1.4.2 Cross Site Scripting + Whois Search <= 1.4.2 - Cross Site Scripting http://packetstormsecurity.com/files/108271/ @@ -2396,7 +2423,7 @@ - BLIND SQL injection UPM-POLLS plugin 1.0.4 + UPM-POLLS 1.0.4 - BLIND SQL injection 18231 @@ -2406,7 +2433,7 @@ - Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS) + Disqus Comment System <= 2.68 - Reflected Cross-Site Scripting (XSS) http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/ @@ -2416,7 +2443,7 @@ - Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability + Google reCAPTCHA <= 3.1.3 - Reflected XSS Vulnerability http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html @@ -2426,7 +2453,7 @@ - Link Library plugin <= 5.2.1 SQL Injection + Link Library <= 5.2.1 - SQL Injection 17887 @@ -2436,7 +2463,7 @@ - CevherShare 2.0 plugin SQL Injection Vulnerability + CevherShare 2.0 - SQL Injection Vulnerability 17891 @@ -2446,7 +2473,7 @@ - meenews 5.1 plugin Cross-Site Scripting Vulnerabilities + meenews 5.1 - Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/151 @@ -2467,7 +2494,7 @@ - adminimize 1.7.21 Cross-Site Scripting Vulnerabilities + adminimize 1.7.21 - Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/135 @@ -2477,7 +2504,7 @@ - Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability + Advanced Text Widget <= 2.0.0 - Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/133 @@ -2487,7 +2514,7 @@ - MM Duplicate plugin <= 1.2 SQL Injection Vulnerability + MM Duplicate <= 1.2 - SQL Injection Vulnerability 17707 @@ -2497,7 +2524,7 @@ - Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability + Menu Creator <= 1.1.7 - SQL Injection Vulnerability 17689 @@ -2507,7 +2534,7 @@ - Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability + Allow PHP in Posts and Pages <= 2.0.0.RC1 - SQL Injection Vulnerability 17688 @@ -2517,7 +2544,7 @@ - Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability + Global Content Blocks <= 1.2 - SQL Injection Vulnerability 17687 @@ -2527,7 +2554,7 @@ - Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability + Ajax Gallery <= 3.0 - SQL Injection Vulnerability 17686 @@ -2537,7 +2564,7 @@ - WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability + WP DS FAQ <= 1.3.2 - SQL Injection Vulnerability 17683 @@ -2547,7 +2574,7 @@ - OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability + OdiHost Newsletter <= 1.0 - SQL Injection Vulnerability 17681 @@ -2557,7 +2584,7 @@ - Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability + Easy Contact Form Lite <= 1.0.7 - SQL Injection Vulnerability 17680 @@ -2567,14 +2594,14 @@ - WP Symposium plugin <= 0.64 SQL Injection Vulnerability + WP Symposium <= 0.64 - SQL Injection Vulnerability 17679 SQLI - WP Symposium plugin <= 12.12 Multiple SQL Injection Vulnerabilities + WP Symposium <= 12.12 - Multiple SQL Injection Vulnerabilities 50674 http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/ @@ -2582,7 +2609,7 @@ SQLI - WordPress WP Symposium Plugin "u" XSS + WP Symposium "u" XSS 52864 @@ -2590,7 +2617,7 @@ 13.04 - WordPress WP Symposium Plugin "u" Redirection Weakness + WP Symposium "u" Redirection Weakness 52925 @@ -2600,7 +2627,7 @@ - File Groups plugin <= 1.1.2 SQL Injection Vulnerability + File Groups <= 1.1.2 - SQL Injection Vulnerability 17677 @@ -2610,7 +2637,7 @@ - IP-Logger plugin <= 3.0 SQL Injection Vulnerability + IP-Logger <= 3.0 - SQL Injection Vulnerability 17673 @@ -2620,7 +2647,7 @@ - Beer Recipes v.1.0 XSS + Beer Recipes v.1.0 - XSS 17453 @@ -2630,7 +2657,7 @@ - Is-human <=1.4.2 Remote Command Execution Vulnerability + Is-human <=1.4.2 - Remote Command Execution Vulnerability 17299 @@ -2640,7 +2667,7 @@ - EditorMonkey plugin (FCKeditor) Arbitrary File Upload + EditorMonkey (FCKeditor) Arbitrary File Upload 17284 @@ -2650,7 +2677,7 @@ - SermonBrowser 0.43 SQL Injection + SermonBrowser 0.43 - SQL Injection 17214 @@ -2660,7 +2687,7 @@ - Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities + Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities 17207 @@ -2670,7 +2697,7 @@ - WP Custom Pages 0.5.0.1 LFI Vulnerability + WP Custom Pages 0.5.0.1 - LFI Vulnerability 17119 @@ -2680,7 +2707,7 @@ - WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities + GRAND FlAGallery - Multiple Vulnerabilities 51100 @@ -2694,7 +2721,7 @@ XSS - GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities + GRAND Flash Album Gallery 1.9.0 and 2.0.0 - Multiple Vulnerabilities http://packetstormsecurity.com/files/117665/ http://www.waraxe.us/advisory-94.html @@ -2703,28 +2730,28 @@ MULTI - GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities + GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities 16947 MULTI - GRAND Flash Album Gallery <= 1.56 XSS Vulnerability + GRAND Flash Album Gallery <= 1.56 - XSS Vulnerability http://seclists.org/bugtraq/2011/Nov/186 XSS - GRAND Flash Album Gallery <= 1.71 XSS Vulnerability + GRAND Flash Album Gallery <= 1.71 - XSS Vulnerability http://packetstormsecurity.com/files/112704/ XSS - WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability + GRAND FlAGallery - "gid" SQL Injection Vulnerability 53356 @@ -2732,7 +2759,7 @@ 2.56 - GRAND FlAGallery Plugin "s" Cross-Site Scripting Vulnerability + GRAND FlAGallery - "s" Cross-Site Scripting Vulnerability 53111 93714 @@ -2744,7 +2771,7 @@ - PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit + PHP Speedy <= 0.5.2 - (admin_container.php) Remote Code Exec Exploit 16273 @@ -2754,7 +2781,7 @@ - OPS Old Post Spinner 2.2.1 LFI Vulnerability + OPS Old Post Spinner 2.2.1 - LFI Vulnerability 16251 @@ -2764,7 +2791,7 @@ - jQuery Mega Menu 1.0 Local File Inclusion + jQuery Mega Menu 1.0 - Local File Inclusion 16250 @@ -2774,7 +2801,7 @@ - IWantOneButton 3.0.1 Multiple Vulnerabilities + IWantOneButton 3.0.1 - Multiple Vulnerabilities 16236 @@ -2784,21 +2811,21 @@ - WP Forum Server 1.6.5 SQL Injection Vulnerability + WP Forum Server 1.6.5 - SQL Injection Vulnerability 16235 SQLI - WP Forum Server plugin <= 1.7 SQL Injection Vulnerability + WP Forum Server <= 1.7 - SQL Injection Vulnerability 17828 SQLI - WP Forum Server plugin <= 1.7.3 SQL Injection / XSS Vulnerabilities + WP Forum Server <= 1.7.3 - SQL Injection / XSS Vulnerabilities http://packetstormsecurity.com/files/112703/ @@ -2808,7 +2835,7 @@ - Relevanssi 2.7.2 Stored XSS Vulnerability + Relevanssi 2.7.2 - Stored XSS Vulnerability 16233 @@ -2818,7 +2845,7 @@ - GigPress 2.1.10 Stored XSS Vulnerability + GigPress 2.1.10 - Stored XSS Vulnerability 16232 @@ -2828,24 +2855,30 @@ - WordPress Comment Rating 2.9.32 SQL Injection / Bypass + Comment Rating 2.9.32 - Security Bypass Weakness and SQL Injection + 90676 + 24552 + 52348 http://packetstormsecurity.com/files/120569/ MULTI - Comment Rating 2.9.23 Multiple Vulnerabilities + Comment Rating 2.9.23 - Multiple Vulnerabilities + 71044 + 43406 16221 MULTI + 2.9.24 - Z-Vote 1.1 SQL Injection Vulnerability + Z-Vote 1.1 - SQL Injection Vulnerability 16218 @@ -2877,42 +2910,42 @@ - Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection + Mingle Forum <= 1.0.32.1 - Cross Site Scripting / SQL Injection http://packetstormsecurity.com/files/108915/ MULTI - Mingle Forum <= 1.0.31 SQL Injection Vulnerability + Mingle Forum <= 1.0.31 - SQL Injection Vulnerability 17894 SQLI - Mingle Forum <= 1.0.26 Multiple Vulnerabilities + Mingle Forum <= 1.0.26 - Multiple Vulnerabilities 15943 MULTI - Mingle Forum <= 1.0.33 Cross Site Scripting + Mingle Forum <= 1.0.33 - Cross Site Scripting http://packetstormsecurity.com/files/112696/ MULTI - Mingle Forum 1.0.33.3 Multiple Parameter SQL Injection + Mingle Forum 1.0.33.3 - Multiple Parameter SQL Injection 90434 SQLI - Mingle Forum 1.0.35 Privilege Escalation CSRF + Mingle Forum 1.0.35 - Privilege Escalation CSRF 96905 2013-0736 @@ -2924,7 +2957,7 @@ - Accept Signups 0.1 XSS + Accept Signups 0.1 - XSS 15808 @@ -2991,7 +3024,7 @@ - Vulnerabilities in Cimy Counter for WordPress + Cimy Counter - Vulnerabilities 14057 @@ -3025,7 +3058,7 @@ MULTI - NextGEN Gallery 1.9.12 Arbitrary File Upload + NextGEN Gallery 1.9.12 - Arbitrary File Upload http://wordpress.org/plugins/nextgen-gallery/changelog/ 94232 @@ -3078,7 +3111,7 @@ - Vulnerabilities in WP-Cumulus <= 1.20 for WordPress + WP-Cumulus <= 1.20 - Vulnerabilities 10228 @@ -3096,7 +3129,7 @@ - WP-Syntax <= 0.9.1 Remote Command Execution + WP-Syntax <= 0.9.1 - Remote Command Execution 9431 @@ -3106,7 +3139,7 @@ - My Category Order <= 2.8 SQL Injection Vulnerability + My Category Order <= 2.8 - SQL Injection Vulnerability 9150 @@ -3116,7 +3149,7 @@ - Related Sites 2.1 Blind SQL Injection Vulnerability + Related Sites 2.1 - Blind SQL Injection Vulnerability 9054 @@ -3133,14 +3166,14 @@ XSS - DM Albums 1.9.2 Remote File Disclosure Vulnerability + DM Albums 1.9.2 - Remote File Disclosure Vulnerability 9048 LFI - DM Albums 1.9.2 Remote File Inclusion Vuln + DM Albums 1.9.2 - Remote File Inclusion Vuln 9043 @@ -3150,21 +3183,21 @@ - Photoracer 1.0 (id) SQL Injection Vulnerability + Photoracer 1.0 - (id) SQL Injection Vulnerability 8961 SQLI - Photoracer plugin <= 1.0 SQL Injection Vulnerability + Photoracer <= 1.0 - SQL Injection Vulnerability 17720 SQLI - Photoracer plugin <= 1.0 Multiple Vulnerabilities + Photoracer <= 1.0 - Multiple Vulnerabilities 17731 @@ -3184,7 +3217,7 @@ - fMoblog 2.1 (id) SQL Injection Vulnerability + fMoblog 2.1 - (id) SQL Injection Vulnerability 8229 @@ -3194,7 +3227,7 @@ - Page Flip Image Gallery <= 0.2.2 Remote FD Vuln + Page Flip Image Gallery <= 0.2.2 - Remote FD Vuln 50902 2008-5752 @@ -3209,7 +3242,7 @@ - e-Commerce <= 3.4 Arbitrary File Upload Exploit + e-Commerce <= 3.4 - Arbitrary File Upload Exploit 6867 @@ -3219,7 +3252,7 @@ - Download Manager 0.2 Arbitrary File Upload Exploit + Download Manager 0.2 - Arbitrary File Upload Exploit 6127 @@ -3229,7 +3262,7 @@ - Spreadsheet <= 0.6 SQL Injection Vulnerability + Spreadsheet <= 0.6 - SQL Injection Vulnerability 5486 @@ -3249,7 +3282,7 @@ - Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities + Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities 5194 @@ -3269,14 +3302,14 @@ - Simple Forum 2.0-2.1 SQL Injection Vulnerability + Simple Forum 2.0-2.1 - SQL Injection Vulnerability 5126 SQLI - Simple Forum 1.10-1.11 SQL Injection Vulnerability + Simple Forum 1.10-1.11 - SQL Injection Vulnerability 5127 @@ -3313,7 +3346,7 @@ - dmsguestbook 1.7.0 Multiple Remote Vulnerabilities + dmsguestbook 1.7.0 - Multiple Remote Vulnerabilities 5035 @@ -3323,7 +3356,7 @@ - WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit + WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit 5017 @@ -3333,7 +3366,7 @@ - Adserve 0.2 adclick.php SQL Injection Exploit + Adserve 0.2 - adclick.php SQL Injection Exploit 5013 @@ -3353,7 +3386,7 @@ - WP-Cal 0.3 editevent.php SQL Injection Vulnerability + WP-Cal 0.3 - editevent.php SQL Injection Vulnerability 4992 @@ -3363,14 +3396,14 @@ - plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability + plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability 4939 SQLI - plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability + plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability 7738 @@ -3400,7 +3433,7 @@ - PictPress <= 0.91 Remote File Disclosure Vulnerability + PictPress <= 0.91 - Remote File Disclosure Vulnerability 4695 @@ -3420,7 +3453,7 @@ - plugin myflash <= 1.00 (wppath) RFI Vulnerability + plugin myflash <= 1.00 - (wppath) RFI Vulnerability 3828 @@ -3430,7 +3463,7 @@ - plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability + plugin wordTube <= 1.43 - (wpPATH) RFI Vulnerability 3825 @@ -3440,7 +3473,7 @@ - plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability + plugin wp-Table <= 1.43 - (inc_dir) RFI Vulnerability 3824 @@ -3450,7 +3483,7 @@ - myGallery <= 1.4b4 Remote File Inclusion Vulnerability + myGallery <= 1.4b4 - Remote File Inclusion Vulnerability 3814 @@ -3460,7 +3493,7 @@ - SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability + SendIt <= 1.5.9 - Blind SQL Injection Vulnerability 17716 @@ -3470,7 +3503,7 @@ - Js-appointment plugin <= 1.5 SQL Injection Vulnerability + Js-appointment <= 1.5 - SQL Injection Vulnerability 17724 @@ -3480,14 +3513,14 @@ - MM Forms Community <= 1.2.3 SQL Injection Vulnerability + MM Forms Community <= 1.2.3 - SQL Injection Vulnerability 17725 SQLI - MM Forms Community 2.2.6 Arbitrary File Upload + MM Forms Community 2.2.6 - Arbitrary File Upload 18997 @@ -3497,7 +3530,7 @@ - Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability + Super CAPTCHA <= 2.2.4 - SQL Injection Vulnerability 17728 @@ -3507,7 +3540,7 @@ - Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability + Collision Testimonials <= 3.0 - SQL Injection Vulnerability 17729 @@ -3517,7 +3550,7 @@ - Oqey Headers plugin <= 0.3 SQL Injection Vulnerability + Oqey Headers <= 0.3 - SQL Injection Vulnerability 17730 @@ -3527,7 +3560,7 @@ - Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability + Facebook Promotions <= 1.3.3 - SQL Injection Vulnerability 17737 @@ -3537,14 +3570,14 @@ - Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability + Evarisk <= 5.1.3.6 - SQL Injection Vulnerability 17738 SQLI - Evarisk 5.1.5.4 Shell Upload + Evarisk 5.1.5.4 - Shell Upload http://packetstormsecurity.com/files/113638/ @@ -3554,7 +3587,7 @@ - Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability + Profiles <= 2.0RC1 - SQL Injection Vulnerability 17739 @@ -3564,7 +3597,7 @@ - mySTAT plugin <= 2.6 SQL Injection Vulnerability + mySTAT <= 2.6 - SQL Injection Vulnerability 17740 @@ -3574,7 +3607,7 @@ - SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability + SH Slideshow <= 3.1.4 - SQL Injection Vulnerability 17748 @@ -3584,7 +3617,7 @@ - iCopyright(R) Article Tools plugin <= 1.1.4 SQL Injection Vulnerability + iCopyright(R) Article Tools <= 1.1.4 - SQL Injection Vulnerability 17749 @@ -3594,7 +3627,7 @@ - Advertizer plugin <= 1.0 SQL Injection Vulnerability + Advertizer <= 1.0 - SQL Injection Vulnerability 17750 @@ -3604,21 +3637,21 @@ - Event Registration plugin <= 5.44 SQL Injection Vulnerability + Event Registration <= 5.44 - SQL Injection Vulnerability 17814 SQLI - Event Registration plugin <= 5.43 SQL Injection Vulnerability + Event Registration <= 5.43 - SQL Injection Vulnerability 17751 SQLI - Event Registration 5.32 SQL Injection Vulnerability + Event Registration 5.32 - SQL Injection Vulnerability 15513 @@ -3628,7 +3661,7 @@ - Craw Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability + Craw Rate Tracker <= 2.0.2 - SQL Injection Vulnerability 17755 @@ -3638,7 +3671,7 @@ - wp audio gallery playlist plugin <= 0.12 SQL Injection Vulnerability + wp audio gallery playlist <= 0.12 - SQL Injection Vulnerability 17756 @@ -3648,7 +3681,7 @@ - WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability + yolink Search "s" Cross-Site Scripting Vulnerability 52030 @@ -3656,7 +3689,7 @@ 2.6 - yolink Search plugin <= 1.1.4 SQL Injection Vulnerability + yolink Search <= 1.1.4 - SQL Injection Vulnerability 17757 @@ -3666,7 +3699,7 @@ - PureHTML plugin <= 1.0.0 SQL Injection Vulnerability + PureHTML <= 1.0.0 - SQL Injection Vulnerability 17758 @@ -3676,7 +3709,7 @@ - Couponer plugin <= 1.2 SQL Injection Vulnerability + Couponer <= 1.2 - SQL Injection Vulnerability 17759 @@ -3686,7 +3719,7 @@ - grapefile plugin <= 1.1 Arbitrary File Upload + grapefile <= 1.1 - Arbitrary File Upload 17760 @@ -3696,7 +3729,7 @@ - image-gallery-with-slideshow plugin <= 1.5 Arbitrary File Upload / SQL Injection + image-gallery-with-slideshow <= 1.5 - Arbitrary File Upload / SQL Injection 17761 @@ -3706,7 +3739,7 @@ - Donation plugin <= 1.0 SQL Injection Vulnerability + Donation <= 1.0 - SQL Injection Vulnerability 17763 @@ -3716,14 +3749,14 @@ - WP Bannerize plugin <= 2.8.6 SQL Injection Vulnerability + WP Bannerize <= 2.8.6 - SQL Injection Vulnerability 17764 SQLI - WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability + WP Bannerize <= 2.8.7 - SQL Injection Vulnerability 17906 @@ -3733,7 +3766,7 @@ - SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability + SearchAutocomplete <= 1.0.8 - SQL Injection Vulnerability 17767 @@ -3743,7 +3776,7 @@ - VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability + VideoWhisper Video Presentation <= 1.1 - SQL Injection Vulnerability 17771 @@ -3760,7 +3793,7 @@ - Facebook Opengraph Meta plugin <= 1.0 SQL Injection Vulnerability + Facebook Opengraph Meta <= 1.0 - SQL Injection Vulnerability 17773 @@ -3770,7 +3803,7 @@ - Zotpress plugin <= 4.4 SQL Injection Vulnerability + Zotpress <= 4.4 - SQL Injection Vulnerability 17778 @@ -3780,7 +3813,7 @@ - oQey Gallery plugin <= 0.4.8 SQL Injection Vulnerability + oQey Gallery <= 0.4.8 - SQL Injection Vulnerability 17779 @@ -3790,7 +3823,7 @@ - Tweet Old Post plugin <= 3.2.5 SQL Injection Vulnerability + Tweet Old Post <= 3.2.5 - SQL Injection Vulnerability 17789 @@ -3800,7 +3833,7 @@ - post highlights plugin <= 2.2 SQL Injection Vulnerability + post highlights <= 2.2 - SQL Injection Vulnerability 17790 @@ -3810,7 +3843,7 @@ - KNR Author List Widget plugin <= 2.0.0 SQL Injection Vulnerability + KNR Author List Widget <= 2.0.0 - SQL Injection Vulnerability 17791 @@ -3820,7 +3853,7 @@ - SCORM Cloud plugin <= 1.0.6.6 SQL Injection Vulnerability + SCORM Cloud <= 1.0.6.6 - SQL Injection Vulnerability 17793 @@ -3830,7 +3863,7 @@ - Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability + Eventify - Simple Events <= 1.7.f SQL Injection Vulnerability 17794 @@ -3840,7 +3873,7 @@ - Paid Downloads plugin <= 2.01 SQL Injection Vulnerability + Paid Downloads <= 2.01 - SQL Injection Vulnerability 17797 @@ -3850,7 +3883,7 @@ - Community Events plugin <= 1.2.1 SQL Injection Vulnerability + Community Events <= 1.2.1 - SQL Injection Vulnerability 17798 @@ -3860,7 +3893,7 @@ - 1-flash-gallery <= 1.9.0 XSS in ZeroClipboard.swf + 1-flash-gallery <= 1.9.0 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 @@ -3877,14 +3910,14 @@ - WP-Filebase Download Manager plugin <= 0.2.9 SQL Injection Vulnerability + WP-Filebase Download Manager <= 0.2.9 - SQL Injection Vulnerability 17808 SQLI - WordPress WP-Filebase Plugin Unspecified Vulnerabilities + WP-Filebase Unspecified Vulnerabilities 51269 @@ -3895,7 +3928,7 @@ - A to Z Category Listing plugin <= 1.3 SQL Injection Vulnerability + A to Z Category Listing <= 1.3 - SQL Injection Vulnerability 17809 @@ -3905,14 +3938,14 @@ - WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability + WP e-Commerce <= 3.8.6 - SQL Injection Vulnerability 17832 SQLI - WP-e-Commerce plugin v3.8.9.5 Cross Site Scripting Vulnerability + WP-e-Commerce v3.8.9.5 - Cross Site Scripting Vulnerability http://1337day.com/exploit/20517 @@ -3922,7 +3955,7 @@ - Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability + Filedownload 0.1 - (download.php) Remote File Disclosure Vulnerability 17858 @@ -3932,14 +3965,14 @@ - TheCartPress <= 1.6 Cross Site Sripting + TheCartPress <= 1.6 - Cross Site Sripting http://packetstormsecurity.com/files/108272/ XSS - TheCartPress 1.1.1 Remote File Inclusion + TheCartPress 1.1.1 - Remote File Inclusion 17860 @@ -3949,7 +3982,7 @@ - WPEasyStats 1.8 Remote File Inclusion + WPEasyStats 1.8 - Remote File Inclusion 17862 @@ -3959,7 +3992,7 @@ - Annonces 1.2.0.0 Remote File Inclusion + Annonces 1.2.0.0 - Remote File Inclusion 17863 @@ -3969,7 +4002,7 @@ - Livesig 0.4 Remote File Inclusion + Livesig 0.4 - Remote File Inclusion 17864 @@ -3979,7 +4012,7 @@ - Disclosure Policy 1.0 Remote File Inclusion + Disclosure Policy 1.0 - Remote File Inclusion 17865 @@ -3989,7 +4022,7 @@ - Mailing List 1.3.2 Remote File Inclusion + Mailing List 1.3.2 - Remote File Inclusion 17866 @@ -4007,14 +4040,14 @@ - Zingiri Web Shop 2.2.0 Remote File Inclusion + Zingiri Web Shop 2.2.0 - Remote File Inclusion 17867 RFI - Zingiri Web Shop <= 2.2.3 Remote Code Execution + Zingiri Web Shop <= 2.2.3 - Remote Code Execution 18111 @@ -4024,14 +4057,14 @@ - Mini Mail Dashboard Widget 1.36 Remote File Inclusion + Mini Mail Dashboard Widget 1.36 - Remote File Inclusion 17868 RFI - Mini Mail Dashboard Widget 1.42 Stored XSS + Mini Mail Dashboard Widget 1.42 - Stored XSS 20358 @@ -4041,7 +4074,7 @@ - Relocate Upload 0.14 Remote File Inclusion + Relocate Upload 0.14 - Remote File Inclusion 17869 @@ -4051,7 +4084,7 @@ - Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability + Category Grid View Gallery 0.1.1 - Shell Upload vulnerability 17872 @@ -4068,7 +4101,7 @@ - Auto Attachments plugin 0.2.9 Shell Upload vulnerability + Auto Attachments 0.2.9 - Shell Upload vulnerability 17872 @@ -4078,7 +4111,7 @@ - WP Marketplace plugin 1.1.0 Shell Upload vulnerability + WP Marketplace 1.1.0 - Shell Upload vulnerability 17872 @@ -4088,7 +4121,7 @@ - DP Thumbnail plugin 1.0 Shell Upload vulnerability + DP Thumbnail 1.0 - Shell Upload vulnerability 17872 @@ -4098,7 +4131,7 @@ - Vk Gallery plugin 1.1.0 Shell Upload vulnerability + Vk Gallery 1.1.0 - Shell Upload vulnerability 17872 @@ -4108,7 +4141,7 @@ - Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability + Rekt Slideshow 1.0.5 - Shell Upload vulnerability 17872 @@ -4118,7 +4151,7 @@ - CAC Featured Content plugin 0.8 Shell Upload vulnerability + CAC Featured Content 0.8 - Shell Upload vulnerability 17872 @@ -4128,7 +4161,7 @@ - Rent A Car plugin 1.0 Shell Upload vulnerability + Rent A Car 1.0 - Shell Upload vulnerability 17872 @@ -4138,7 +4171,7 @@ - LISL Last Image Slider plugin 1.0 Shell Upload vulnerability + LISL Last Image Slider 1.0 - Shell Upload vulnerability 17872 @@ -4148,7 +4181,7 @@ - Islidex plugin 2.7 Shell Upload vulnerability + Islidex 2.7 - Shell Upload vulnerability 17872 @@ -4158,7 +4191,7 @@ - Kino Gallery plugin 1.0 Shell Upload vulnerability + Kino Gallery 1.0 - Shell Upload vulnerability 17872 @@ -4168,7 +4201,7 @@ - Cms Pack plugin 1.3 Shell Upload vulnerability + Cms Pack 1.3 - Shell Upload vulnerability 17872 @@ -4178,7 +4211,7 @@ - A Gallery plugin 0.9 Shell Upload vulnerability + A Gallery 0.9 - Shell Upload vulnerability 17872 @@ -4188,7 +4221,7 @@ - Category List Portfolio Page plugin 0.9 Shell Upload vulnerability + Category List Portfolio Page 0.9 - Shell Upload vulnerability 17872 @@ -4198,7 +4231,7 @@ - Really Easy Slider plugin 0.1 Shell Upload vulnerability + Really Easy Slider 0.1 - Shell Upload vulnerability 17872 @@ -4208,7 +4241,7 @@ - Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability + Verve Meta Boxes 1.2.8 - Shell Upload vulnerability 17872 @@ -4218,7 +4251,7 @@ - User Avatar plugin 1.3.7 shell upload vulnerability + User Avatar 1.3.7 - shell upload vulnerability 17872 @@ -4228,7 +4261,7 @@ - Extend plugin 1.3.7 Shell Upload vulnerability + Extend 1.3.7 - Shell Upload vulnerability 17872 @@ -4238,14 +4271,14 @@ - AdRotate plugin <= 3.6.5 SQL Injection Vulnerability + AdRotate <= 3.6.5 - SQL Injection Vulnerability http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html SQLI - AdRotate plugin <= 3.6.6 SQL Injection Vulnerability + AdRotate <= 3.6.6 - SQL Injection Vulnerability 18114 @@ -4255,7 +4288,7 @@ - WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability + WP-SpamFree 3.2.1 - Spam SQL Injection Vulnerability 17970 @@ -4265,7 +4298,7 @@ - WordPress GD Star Rating Plugin Export Security Bypass Security Issue + GD Star Rating - Export Security Bypass Security Issue 49850 @@ -4273,14 +4306,14 @@ 1.9.19 - GD Star Rating plugin <= 1.9.16 Cross Site Scripting + GD Star Rating <= 1.9.16 - Cross Site Scripting http://packetstormsecurity.com/files/112702/ XSS - GD Star Rating plugin <= 1.9.10 SQL Injection + GD Star Rating <= 1.9.10 - SQL Injection 17973 @@ -4290,7 +4323,7 @@ - Contact Form plugin <= 2.7.5 SQL Injection + Contact Form <= 2.7.5 - SQL Injection 17980 @@ -4300,14 +4333,14 @@ - WP Photo Album Plus <= 4.1.1 SQL Injection + WP Photo Album Plus <= 4.1.1 - SQL Injection 17983 SQLI - WP Photo Album Plus <= 4.8.12 wp-photo-album-plus.php wppa-searchstring XSS + WP Photo Album Plus <= 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS 88851 51669 @@ -4333,7 +4366,7 @@ 4.9.3 - WordPress WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability + WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability 93033 2013-3254 @@ -4384,7 +4417,7 @@ - portable-phpMyAdmin Authentication Bypass + portable-phpMyAdmin - Authentication Bypass 88391 2012-5469 @@ -4398,7 +4431,7 @@ - super-refer-a-friend Full Path Disclosure + super-refer-a-friend - Full Path Disclosure http://1337day.com/exploit/20126 @@ -4444,7 +4477,7 @@ - WP-Super-Cache Remote Code Execution + WP-Super-Cache - Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d @@ -4459,14 +4492,14 @@ - ripe-hd-player 1.0 SQL Injection + ripe-hd-player 1.0 - SQL Injection 24229 SQLI - ripe-hd-player 1.0 Full Path Disclosure + ripe-hd-player 1.0 - Full Path Disclosure 24229 @@ -4476,7 +4509,7 @@ - floating-tweets persistent XSS + floating-tweets persistent - XSS http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ @@ -4495,7 +4528,7 @@ - ipfeuilledechou SQL Injection Vulnerability + ipfeuilledechou - SQL Injection Vulnerability http://www.exploit4arab.com/exploits/377 http://1337day.com/exploits/20206 @@ -4506,7 +4539,7 @@ - Simple Login Log Plugin XSS + Simple Login Log - XSS 51780 @@ -4514,7 +4547,7 @@ 0.9.4 - Simple Login Log Plugin SQL Injection + Simple Login Log SQL Injection 51780 @@ -4558,7 +4591,7 @@ - WordPress File Uploader Plugin PHP File Upload Vulnerability + File Uploader PHP File Upload Vulnerability http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/ @@ -4568,7 +4601,7 @@ - WordPress Poll Plugin Cross-Site Request Forgery Vulnerability + Poll Cross-Site Request Forgery Vulnerability 51925 @@ -4585,7 +4618,7 @@ SQLI - WordPress Poll Plugin Multiple SQL Injection Vulnerabilities + Poll Multiple SQL Injection Vulnerabilities 50910 @@ -4596,7 +4629,7 @@ - Wordpress Developer Formatter CSRF and XSS Vulnerability + Developer Formatter CSRF and XSS Vulnerability http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt http://1337day.com/exploits/20210 @@ -4608,7 +4641,7 @@ - WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability + DVS Custom Notification Cross-Site Request Forgery Vulnerability 51531 @@ -4663,7 +4696,7 @@ - WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities + Welcart e-Commerce Cross-Site Scripting and Request Forgery Vulnerabilities 51581 @@ -4673,7 +4706,7 @@ - WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability + Knews Multilingual Newsletters Cross-Site Request Forgery Vulnerability 51543 @@ -4683,7 +4716,7 @@ - WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability + Video Lead Form "errMsg" Cross-Site Scripting Vulnerability 51419 @@ -4693,7 +4726,7 @@ - WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability + WooCommerce Predictive Search "rs" Cross-Site Scripting Vulnerability 51385 @@ -4714,7 +4747,7 @@ - WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability + WP e-Commerce Predictive Search "rs" Cross-Site Scripting Vulnerability 51384 @@ -4724,7 +4757,7 @@ - WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability + vTiger CRM Lead Capture Unspecified Vulnerability 51305 @@ -4735,14 +4768,14 @@ - WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability + WP-PostViews "search_input" Cross-Site Scripting Vulnerability 50982 XSS - WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability + WP-PostViews Cross-Site Request Forgery Vulnerability 53127 @@ -4753,7 +4786,7 @@ - WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability + DX-Contribute Cross-Site Request Forgery Vulnerability 51082 @@ -4774,7 +4807,7 @@ 2.2.1 - WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability + Wysija Newsletters swfupload Cross-Site Scripting Vulnerability 51249 http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html @@ -4786,7 +4819,7 @@ - WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability + Hitasoft FLV Player - "id" SQL Injection Vulnerability 51179 @@ -4796,7 +4829,7 @@ - Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability + Spider Calendar - "many_sp_calendar" Cross-Site Scripting Vulnerability 50981 @@ -4815,7 +4848,7 @@ - Wordpress Dynamic Font Replacement 1.3 plugin SQL Injection Vulnerability + Dynamic Font Replacement 1.3 - SQL Injection Vulnerability http://1337day.com/exploit/20239 @@ -4825,7 +4858,7 @@ - WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability + Zingiri Form Builder - "error" Cross-Site Scripting Vulnerability 50983 @@ -4836,7 +4869,7 @@ - WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability + White Label CMS - Cross-Site Request Forgery Vulnerability 50487 @@ -4847,7 +4880,7 @@ - Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability + Download Shortcode - "file" Arbitrary File Disclosure Vulnerability 50924 @@ -4858,7 +4891,7 @@ - WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability + eShop Magic - "file" Arbitrary File Disclosure Vulnerability 50933 @@ -4869,7 +4902,7 @@ - WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities + Pinterest "Pin It" Button Lite - Multiple Unspecified Vulnerabilities 50868 @@ -4880,7 +4913,7 @@ - WordPress CSS Plus Plugin Unspecified Vulnerabilities + CSS Plus - Unspecified Vulnerabilities 50793 @@ -4891,7 +4924,7 @@ - WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities + Multisite plugin Manager - Two Cross-Site Scripting Vulnerabilities 50762 @@ -4902,7 +4935,7 @@ - WordPress ABC Test Plugin "id" Cross-Site Scripting Vulnerability + ABC Test - "id" Cross-Site Scripting Vulnerability 50608 @@ -4912,7 +4945,7 @@ - Wordpress Token Manager Plugin "tid" Cross-Site Scripting Vulnerabilities + Token Manager - "tid" Cross-Site Scripting Vulnerabilities 50722 @@ -4922,7 +4955,7 @@ - WordPress Sexy Add Template Plugin Cross-Site Request Forgery Vulnerability + Sexy Add Template - Cross-Site Request Forgery Vulnerability 50709 @@ -4932,7 +4965,7 @@ - WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability + Notices Ticker - Cross-Site Request Forgery Vulnerability 50717 @@ -4942,7 +4975,7 @@ - WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability + MF Gig Calendar - URL Cross-Site Scripting Vulnerability 50571 @@ -4952,14 +4985,14 @@ - wp-topbar <= 3.04 XSS in ZeroClipboard.swf + wp-topbar <= 3.04 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS - WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability + WP-TopBar - Cross-Site Request Forgery Vulnerability 50693 @@ -4970,7 +5003,7 @@ - WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities + HD Webplayer - Two SQL Injection Vulnerabilities 50466 @@ -4980,7 +5013,7 @@ - WordPress Cloudsafe365 Plugin Multiple Vulnerabilities + Cloudsafe365 - Multiple Vulnerabilities 50392 @@ -4991,7 +5024,7 @@ - WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities + Vitamin - Two Arbitrary File Disclosure Vulnerabilities 50176 @@ -5002,7 +5035,7 @@ - WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability + Featured Post with thumbnail - Unspecified timthumb Vulnerability 50161 @@ -5013,7 +5046,7 @@ - WordPress WP Lead Management Plugin Script Insertion Vulnerabilities + WP Lead Management - Script Insertion Vulnerabilities 50166 @@ -5023,7 +5056,7 @@ - WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities + <title>XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities 50173 @@ -5035,7 +5068,7 @@ - WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities + G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities 50100 @@ -5045,7 +5078,7 @@ - WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities + Backend Localization - Cross-Site Scripting Vulnerabilities 50099 @@ -5056,7 +5089,7 @@ - WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities + Flexi Quote Rotator - Cross-Site Request Forgery and SQL Injection Vulnerabilities 49910 @@ -5067,7 +5100,7 @@ - WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability + Get Off Malicious Scripts Cross-Site Scripting Vulnerability 50030 @@ -5078,7 +5111,7 @@ - WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability + Cimy User Extra Fields - Arbitrary File Upload Vulnerability 49975 @@ -5089,7 +5122,7 @@ - WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability + Nmedia Users File Uploader - Arbitrary File Upload Vulnerability 49996 @@ -5130,7 +5163,7 @@ - Wordpress RLSWordPressSearch plugin SQL Injection + RLSWordPressSearch - SQL Injection 24440 @@ -5140,7 +5173,7 @@ - wordpress-simple-shout-box Plugin SQL Injection + wordpress-simple-shout-box - SQL Injection http://cxsecurity.com/issue/WLB-2013010235 @@ -5150,7 +5183,7 @@ - Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection + portfolio-slideshow-pro v3 - SQL Injection http://cxsecurity.com/issue/WLB-2013010236 @@ -5160,7 +5193,7 @@ - WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness + Simple History - RSS Feed "rss_secret" Disclosure Weakness 51998 @@ -5171,7 +5204,7 @@ - WordPress p1m media manager plugin SQL Injection Vulnerability + p1m media manager - SQL Injection Vulnerability http://www.1337day.com/exploit/20270 @@ -5181,14 +5214,14 @@ - wp-table-reloaded <= 1.9.3 XSS in ZeroClipboard.swf + wp-table-reloaded <= 1.9.3 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS - Wordpress wp-table-reloaded plugin cross-site scripting in SWF + wp-table-reloaded - cross-site scripting in SWF http://packetstormsecurity.com/files/119968/ 52027 @@ -5201,7 +5234,7 @@ - WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability + Gallery - "load" Remote File Inclusion Vulnerability 51347 @@ -5211,7 +5244,7 @@ - Wordpress plugins ForumConverter SQL Injection Vulnerability + ForumConverter SQL Injection Vulnerability http://www.1337day.com/exploit/20275 @@ -5221,14 +5254,14 @@ - WordPress plugins Newsletter SQL Injection Vulnerability + Newsletter SQL Injection Vulnerability http://www.1337day.com/exploit/20287 SQLI - WordPress Newsletter Plugin "alert" Cross-Site Scripting Vulnerability + Newsletter - "alert" Cross-Site Scripting Vulnerability 53398 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php @@ -5255,7 +5288,7 @@ - Wordpress wp-forum plugin SQL Injection + wp-forum - SQL Injection http://cxsecurity.com/issue/WLB-2013020035 @@ -5265,7 +5298,7 @@ - WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability + WP ecommerce Shop Styling - "dompdf" Remote File Inclusion Vulnerability 51707 @@ -5276,7 +5309,7 @@ - Wordpress Audio Player Plugin XSS in SWF + Audio Player - XSS in SWF http://seclists.org/bugtraq/2013/Feb/35 52083 @@ -5288,7 +5321,7 @@ - Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit + CKEditor 4.0 - Arbitrary File Upload Exploit http://1337day.com/exploit/20318 @@ -5298,7 +5331,7 @@ - wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection + myftp-ftp-like-plugin-for-wordpress v2 - SQL Injection http://cxsecurity.com/issue/WLB-2013020061 @@ -5308,7 +5341,7 @@ - WordPress WP Online Store Plugin 1.3.1 downloaded before 2013-01-17 File Disclosure and File Inclusion + <title>WP Online Store 1.3.1 - downloaded before 2013-01-17 File Disclosure and File Inclusion Vulnerabilities @@ -5322,7 +5355,7 @@ - Password Protected 1.4 Login Process redirect_to Parameter Arbitrary Site Redirect + Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect 90559 @@ -5332,7 +5365,7 @@ - Contact Form Plugin XSS + Contact Form - XSS 90503 @@ -5354,7 +5387,7 @@ - Google Alert And Twitter v.3.1.5 XSS Exploit, SQL Injection + Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection http://1337day.com/exploits/20433 @@ -5396,7 +5429,7 @@ - zopim-live-chat <= 1.2.5 XSS in ZeroClipboard + zopim-live-chat <= 1.2.5 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5408,7 +5441,7 @@ - ed2k-link-selector <= 1.1.7 XSS in ZeroClipboard + ed2k-link-selector <= 1.1.7 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5419,7 +5452,7 @@ - wppygments <= 0.3.2 XSS in ZeroClipboard + wppygments <= 0.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5431,7 +5464,7 @@ - copy-in-clipboard <= 0.8 XSS in ZeroClipboard + copy-in-clipboard <= 0.8 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5442,7 +5475,7 @@ - search-and-share <= 0.9.3 XSS in ZeroClipboard + search-and-share <= 0.9.3 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5453,7 +5486,7 @@ - placester <= 0.3.12 XSS in ZeroClipboard + placester <= 0.3.12 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5464,7 +5497,7 @@ - drp-coupon <= 2.1 XSS in ZeroClipboard + drp-coupon <= 2.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5475,7 +5508,7 @@ - coupon-code-plugin <= 2.1 XSS in ZeroClipboard + coupon-code-plugin <= 2.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5486,7 +5519,7 @@ - q2w3-inc-manager <= 2.3.1 XSS in ZeroClipboard + q2w3-inc-manager <= 2.3.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5497,7 +5530,7 @@ - scorerender <= 0.3.4 XSS in ZeroClipboard + scorerender <= 0.3.4 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5508,7 +5541,7 @@ - wp-link-to-us <= 2.0 XSS in ZeroClipboard + wp-link-to-us <= 2.0 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5520,7 +5553,7 @@ - buckets <= 0.1.9.2 XSS in ZeroClipboard + buckets <= 0.1.9.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5532,7 +5565,7 @@ - java-trackback <= 0.2 XSS in ZeroClipboard + java-trackback <= 0.2 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5543,7 +5576,7 @@ - slidedeck2 <= 2.1.20130228 XSS in ZeroClipboard + slidedeck2 <= 2.1.20130228 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5555,7 +5588,7 @@ - wp-clone-by-wp-academy <= 2.1.1 XSS in ZeroClipboard + wp-clone-by-wp-academy <= 2.1.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5567,7 +5600,7 @@ - tiny-url <= 1.3.2 XSS in ZeroClipboard + tiny-url <= 1.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5579,7 +5612,7 @@ - thethe-layout-grid <= 1.0.0 XSS in ZeroClipboard. + thethe-layout-grid <= 1.0.0 - XSS in ZeroClipboard. http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5591,7 +5624,7 @@ - paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 XSS in ZeroClipboard + paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5603,7 +5636,7 @@ - mobileview <= 1.0.7 XSS in ZeroClipboard + mobileview <= 1.0.7 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5615,7 +5648,7 @@ - jaspreetchahals-coupons-lite <= 2.1 XSS in ZeroClipboard + jaspreetchahals-coupons-lite <= 2.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5627,7 +5660,7 @@ - geshi-source-colorer <= 0.13 XSS in ZeroClipboard + geshi-source-colorer <= 0.13 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5639,7 +5672,7 @@ - click-to-copy-grab-box <= 0.1.1 XSS in ZeroClipboard + click-to-copy-grab-box <= 0.1.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5651,7 +5684,7 @@ - cleeng <= 2.3.2 XSS in ZeroClipboard + cleeng <= 2.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5663,7 +5696,7 @@ - bp-code-snippets <= 2.0 XSS in ZeroClipboard + bp-code-snippets <= 2.0 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5675,7 +5708,7 @@ - snazzy-archives <= 1.7.1 XSS vulnerability + snazzy-archives <= 1.7.1 - XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/10/3 2009-4168 @@ -5707,7 +5740,7 @@ - o2s-gallery plugin Cross Site Scripting Vulnerability + o2s-gallery - Cross Site Scripting Vulnerability http://1337day.com/exploit/20516 @@ -5717,7 +5750,7 @@ - bp-gallery plugin v1.2.5 Cross Site Scripting Vulnerability + bp-gallery 1.2.5 - Cross Site Scripting Vulnerability http://1337day.com/exploit/20518 @@ -5727,7 +5760,7 @@ - Simply Poll Plugin 1.4.1 - Multiple Vulnerabilities + Simply Poll 1.4.1 - Multiple Vulnerabilities 24850 91446 @@ -5738,7 +5771,7 @@ - Occasions Plugin 1.0.4 - CSRF Vulnerability + Occasions 1.0.4 - CSRF Vulnerability 24858 91490 @@ -5749,7 +5782,7 @@ - Mathjax Latex 1.1 CSRF Vulnerability + Mathjax Latex 1.1 - CSRF Vulnerability 24889 91737 @@ -5860,7 +5893,7 @@ - podPress 8.8.10.13 Cross Site Scripting + podPress 8.8.10.13 - Cross Site Scripting http://packetstormsecurity.com/files/121011/ @@ -5982,7 +6015,7 @@ - background-music 1.0 jPlayer.swf XSS + background-music 1.0 - jPlayer.swf XSS 53057 @@ -5992,7 +6025,7 @@ - haiku-minimalist-audio-player <= 1.0.0 jPlayer.swf XSS + haiku-minimalist-audio-player <= 1.0.0 - jPlayer.swf XSS 51336 @@ -6002,7 +6035,7 @@ - jammer <= 0.2 jPlayer.swf XSS + jammer <= 0.2 - jPlayer.swf XSS 53106 @@ -6023,7 +6056,7 @@ - top-10 CSRF + top-10 - CSRF 53205 @@ -6046,7 +6079,7 @@ - uk-cookie plugin XSS + uk-cookie - XSS 87561 http://seclists.org/bugtraq/2012/Nov/50 @@ -6084,7 +6117,7 @@ - mail-on-update plugin CSRF + mail-on-update - CSRF 53449 http://www.openwall.com/lists/oss-security/2013/05/16/8 @@ -6095,8 +6128,7 @@ - Advanced XML Reader Plugin for WordPress XML External Entity (XXE) Data Parsing Arbitrary File Disclosure - + Advanced XML Reader - XML External Entity (XXE) Data Parsing Arbitrary File Disclosure http://seclists.org/bugtraq/2013/May/5 92904 @@ -6107,7 +6139,7 @@ - WordPress Related Posts by Zemanta Plugin Cross-Site Request Forgery Vulnerability + Related Posts by Zemanta - Cross-Site Request Forgery Vulnerability 53321 @@ -6118,7 +6150,7 @@ - WordPress WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability + WordPress Related Posts - Cross-Site Request Forgery Vulnerability 53279 @@ -6129,7 +6161,7 @@ - WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability + Related Posts - Cross-Site Request Forgery Vulnerability 53122 @@ -6140,7 +6172,7 @@ - WordPress WP Print Friendly Plugin Security Bypass Vulnerability + WP Print Friendly - Security Bypass Vulnerability 53371 @@ -6151,7 +6183,7 @@ - WordPress Contextual Related Posts Plugin Cross-Site Request Forgery Vulnerability + Contextual Related Posts - Cross-Site Request Forgery Vulnerability 52960 @@ -6162,7 +6194,7 @@ - WordPress Calendar Plugin Cross-Site Request Forgery Vulnerability + Calendar - Cross-Site Request Forgery Vulnerability 52841 @@ -6173,7 +6205,7 @@ - WordPress Feedweb Plugin 'wp_post_id' Parameter XSS + Feedweb - 'wp_post_id' Parameter XSS http://www.securityfocus.com/bid/58771 @@ -6184,7 +6216,7 @@ - WordPress WP-Print Plugin CSRF + WP-Print - CSRF http://www.securityfocus.com/bid/58900 @@ -6195,7 +6227,7 @@ - WordPress WP-Print Plugin CSRF + WP-Print - CSRF http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt @@ -6205,7 +6237,7 @@ - WordPress WP-DownloadManager Plugin CSRF + WP-DownloadManager - CSRF http://www.securityfocus.com/bid/58937 @@ -6229,7 +6261,7 @@ - SS Quiz Plugin Multiple Unspecified Vulnerabilities + SS Quiz - Multiple Unspecified Vulnerabilities http://wordpress.org/plugins/ssquiz/changelog/ 53378 @@ -6301,7 +6333,7 @@ - FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress + Exploit Scanner - FPD and Security bypass vulnerabilities http://seclists.org/fulldisclosure/2013/May/216 93799 @@ -6312,11 +6344,12 @@ - FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress + GA Universal - Cross-Site Request Forgery Vulnerability + 52976 http://wordpress.org/plugins/ga-universal/changelog/ - XSS + CSRF 1.0.1 @@ -6335,7 +6368,7 @@ - WordPress qTranslate Plugin Cross-Site Request Forgery Vulnerability + qTranslate - Cross-Site Request Forgery Vulnerability 53126 93873 @@ -6346,7 +6379,7 @@ - Image slider with description Plugin Unspecified Vulnerability + Image slider with description - Unspecified Vulnerability 53588 93691 @@ -6358,7 +6391,7 @@ - User Role Editor Plugin Cross-Site Request Forgery Vulnerability + User Role Editor - Cross-Site Request Forgery Vulnerability 53593 93699 @@ -6371,7 +6404,7 @@ - EELV Newsletter Plugin Cross-Site Scripting Vulnerability + EELV Newsletter - Cross-Site Scripting Vulnerability 53546 93685 @@ -6383,7 +6416,7 @@ - Frontier Post Plugin Publishing Posts Security Bypass + Frontier Post - Publishing Posts Security Bypass 53474 93639 @@ -6394,7 +6427,7 @@ - Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities + Spider Catalog - Cross-Site Scripting and SQL Injection Vulnerabilities 53491 93591 @@ -6411,7 +6444,7 @@ - Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities + Spider Event Calendar - Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities 53481 93584 @@ -6427,7 +6460,7 @@ - FPD and Security bypass vulnerabilities in AntiVirus for WordPress + AntiVirus - FPD and Security bypass vulnerabilities http://seclists.org/fulldisclosure/2013/Jun/0 @@ -6469,7 +6502,7 @@ - Xorbin Analog Flash Clock 1.0 Flash-based XSS + Xorbin Analog Flash Clock 1.0 - Flash-based XSS http://advisory.prakharprasad.com/xorbin_afc_wp.txt 2013-4692 @@ -6480,7 +6513,7 @@ - Xorbin Digital Flash Clock 1.0 Flash-based XSS + Xorbin Digital Flash Clock 1.0 - Flash-based XSS http://advisory.prakharprasad.com/xorbin_dfc_wp.txt 2013-4693 @@ -6523,7 +6556,7 @@ - Stream Video Player Plugin for WordPress Setting Manipulation CSRF + Stream Video Player - - Setting Manipulation CSRF 94466 @@ -6580,6 +6613,7 @@ CSRF in admin/setting.php in Xhanch + 96027 53133 2013-3253 @@ -6946,6 +6980,8 @@ Simple Login Registration 1.0.1 - XSS + 96660 + 54583 http://packetstormsecurity.com/files/122963/ XSS @@ -7000,7 +7036,7 @@ - Quick Contact Form Plugin 6.0 - Persistent XSS + Quick Contact Form 6.0 - Persistent XSS 28808 http://packetstormsecurity.com/files/123549/ @@ -7021,7 +7057,7 @@ - IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities + IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities 24867 91625 @@ -7029,7 +7065,7 @@ MULTI - IndiaNIC FAQs Manager Plugin 1.0 - Blind SQL Injection + IndiaNIC FAQs Manager 1.0 - Blind SQL Injection 24868 91623 @@ -7061,7 +7097,7 @@ - FlagEm Plugin - flagit.php cID Parameter XSS + FlagEm - flagit.php cID Parameter XSS 98226 http://www.securityfocus.com/bid/61401 @@ -7105,4 +7141,51 @@ + + + A Forms 1.4.1 - Form Submission CSRF + + 96381 + 54489 + + CSRF + 1.4.2 + + + + + + ShareThis 7.0.3 - Setting Manipulation CSRF + + 96884 + 2013-3479 + 53135 + + CSRF + + + + + + Simple Flash Video 1.7 - Cross Site Scripting + + http://packetstormsecurity.com/files/123562/ + + XSS + + + + + + Landing Pages - Unspecified SQL Injection + + 98334 + 55192 + http://www.securityfocus.com/bid/62942 + + SQLI + 1.2.3 + + + diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml index 0b40a53c..65bdfc3b 100644 --- a/data/theme_vulns.xml +++ b/data/theme_vulns.xml @@ -1686,7 +1686,7 @@ - FPD, XSS and CS vulnerabilities in Slash WP theme + Slash WP - FPD, XSS and CS vulnerabilities http://seclists.org/fulldisclosure/2013/Jun/166 @@ -1696,7 +1696,7 @@ - Persuasion Theme: WP-Pretty Photo DOM XSS + Persuasion - PrettyPhoto DOM XSS http://www.rafayhackingarticles.net/2013/05/kali-linux-dom-based-xss-writeup.html @@ -1706,7 +1706,7 @@ - MORE+ Theme: prettyPhoto XSS Vulnerability + MORE+ - PrettyPhoto XSS Vulnerability 54924 http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0177.html @@ -1719,6 +1719,8 @@ silverOrchid - XSS Vulnerability + 96723 + 54662 http://packetstormsecurity.com/files/122986/ XSS