From d469a94cf256971710c6bfc9ae0181a931299e16 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Thu, 10 Oct 2013 21:34:09 +0200 Subject: [PATCH 1/8] Update plugin_vulns.xml --- data/plugin_vulns.xml | 47 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 6 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 1c5fcdbf..46daea39 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -2201,12 +2201,30 @@ - Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress + All-in-One Event Calendar 1.4 - Multiple XSS vulnerabilities http://seclists.org/bugtraq/2012/Apr/70 XSS + + All-in-One Event Calendar 1.9 - wp-admin/post-new.php Multiple Parameter XSS + + 96271 + 54038 + + XSS + 1.10 + + + All-in-One Event Calendar 1.9 - index.php Multiple Parameter SQL Injection + + 96272 + 54038 + + SQLI + 1.10 + @@ -2308,35 +2326,38 @@ - Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability + Count per Day 3.2.5 - counter.php XSS Vulnerability + 90893 24859 + 52436 + http://packetstormsecurity.com/files/120649/ XSS - Count Per Day 3.2.3 Cross Site Scripting + Count Per Day 3.2.3 - Cross Site Scripting http://packetstormsecurity.com/files/115904/ XSS - Count Per Day 3.1.1 Cross Site Scripting + Count Per Day 3.1.1 - Cross Site Scripting http://packetstormsecurity.com/files/114787/ XSS - Count Per Day plugin <= 3.1.1 Multiple Vulnerabilities + Count Per Day <= 3.1.1 - Multiple Vulnerabilities 18355 MULTI - Count per Day plugin <= 2.17 SQL Injection Vulnerability + Count per Day <= 2.17 - SQL Injection Vulnerability 17857 @@ -6580,6 +6601,7 @@ CSRF in admin/setting.php in Xhanch + 96027 53133 2013-3253 @@ -7105,4 +7127,17 @@ + + + A Forms 1.4.1 - Form Submission CSRF + + 96381 + 54489 + + + CSRF + 1.4.2 + + + From b24075791dceeb51aeb8b036c89ca40e5f4c9c3b Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Thu, 10 Oct 2013 23:11:30 +0200 Subject: [PATCH 2/8] Removed 'for WordPress' and 'plugin' in title strings. --- data/plugin_vulns.xml | 502 +++++++++++++++++++++--------------------- 1 file changed, 251 insertions(+), 251 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 46daea39..94adde69 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -5,7 +5,7 @@ - Content Slide Plugin Cross-Site Requst Forgery Vulnerability + Content Slide - Cross-Site Requst Forgery Vulnerability CSRF 93871 @@ -16,7 +16,7 @@ - Simple Paypal Shopping Cart Plugin Cross-Site Request Forgery Vulnerability + Simple Paypal Shopping Cart - Cross-Site Request Forgery Vulnerability 52963 93953 @@ -28,7 +28,7 @@ - WP-SendSMS Plugin for WordPress Setting Manipulation CSRF + WP-SendSMS - Setting Manipulation CSRF 53796 94209 @@ -37,7 +37,7 @@ CSRF - WP-SendSMS Plugin for WordPress wp-admin/admin.php Multiple Parameter XSS + WP-SendSMS - wp-admin/admin.php Multiple Parameter XSS 94210 @@ -47,7 +47,7 @@ - Mail Subscribe List Plugin Script Insertion Vulnerability + Mail Subscribe List - Script Insertion Vulnerability 53732 94197 @@ -59,7 +59,7 @@ - VideoJS Cross-Site Scripting Vulnerability + VideoJS Cross - Site Scripting Vulnerability 53437 http://seclists.org/fulldisclosure/2013/May/66 @@ -71,7 +71,7 @@ - VideoJS Cross-Site Scripting Vulnerability + VideoJS Cross - Site Scripting Vulnerability 53426 http://seclists.org/fulldisclosure/2013/May/66 @@ -83,7 +83,7 @@ - VideoJS Cross-Site Scripting Vulnerability + VideoJS Cross - Site Scripting Vulnerability 53445 http://seclists.org/fulldisclosure/2013/May/66 @@ -95,7 +95,7 @@ - VideoJS Cross-Site Scripting Vulnerability + VideoJS Cross - Site Scripting Vulnerability 53396 http://seclists.org/fulldisclosure/2013/May/66 @@ -107,7 +107,7 @@ - VideoJS Cross-Site Scripting Vulnerability + VideoJS Cross - Site Scripting Vulnerability http://seclists.org/fulldisclosure/2013/May/66 @@ -117,7 +117,7 @@ - Crayon Syntax Highlighter Remote File Inclusion Vulnerability + Crayon Syntax Highlighter - Remote File Inclusion Vulnerability 50804 http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/ @@ -130,14 +130,14 @@ - UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability + UnGallery <= 1.5.8 - Local File Disclosure Vulnerability 17704 LFI - UnGallery Arbitrary Command Execution + UnGallery - Arbitrary Command Execution 50875 http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/ @@ -149,7 +149,7 @@ - Thank You Counter Button XSS + Thank You Counter Button - XSS 50977 @@ -160,7 +160,7 @@ - Bookings XSS + Bookings - XSS 50975 @@ -171,7 +171,7 @@ - Cimy User Manager Arbitrary File Disclosure + Cimy User Manager - Arbitrary File Disclosure 50834 http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/ @@ -182,7 +182,7 @@ - WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability + FireStorm Professional Real Estate - "id" SQL Injection Vulnerability 51107 @@ -190,7 +190,7 @@ 2.06.04 - FireStorm Professional Real Estate Plugin Multiple SQL Injection + FireStorm Professional Real Estate - Multiple SQL Injection 50873 @@ -204,14 +204,14 @@ - WP125 Multiple XSS + WP125 Multiple - XSS 50976 XSS - WordPress WP125 Plugin CSRF + WP125 - CSRF http://www.securityfocus.com/bid/58934 @@ -222,7 +222,7 @@ - Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities + All Video Gallery - Multiple SQL Injection Vulnerabilities 50874 http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/ @@ -233,7 +233,7 @@ - BuddyStream XSS + BuddyStream - XSS 50972 @@ -243,7 +243,7 @@ - post-views XSS + post-views - XSS 50982 @@ -313,7 +313,7 @@ - multibox plugin Full Path Disclosure vulnerability + multibox - Full Path Disclosure vulnerability http://1337day.com/exploit/20119 @@ -429,7 +429,7 @@ FPD - Wp-UserOnline <= 0.62 Persistent XSS + Wp-UserOnline <= 0.62 - Persistent XSS http://seclists.org/fulldisclosure/2010/Jul/8 @@ -502,7 +502,7 @@ - Wordpress sitepress-multilingual-cms Full Path Disclosure + sitepress-multilingual-cms Full Path Disclosure http://1337day.com/exploit/20067 @@ -519,7 +519,7 @@ UPLOAD - WordPress plugin Asset manager upload.php Arbitrary Code Execution + plugin Asset manager upload.php Arbitrary Code Execution http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/ @@ -754,7 +754,7 @@ XSS - WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities + Carousel Slideshow - Unspecified Vulnerabilities 50377 @@ -836,7 +836,7 @@ XSS - WordPress Image News slider Plugin Unspecified Vulnerabilities + Image News slider - Unspecified Vulnerabilities 50390 @@ -958,7 +958,7 @@ - Answer My Question 1.1 Multiple XSS + Answer My Question 1.1 - Multiple XSS http://www.securityfocus.com/archive/1/524625/30/0/threaded 50655 @@ -984,7 +984,7 @@ MULTI - Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities + Spider Catalog 1.4.6 - Multiple Vulnerabilities 25724 93591 @@ -995,7 +995,7 @@ - Wordfence 3.3.5 XSS and IAA + Wordfence 3.3.5 - XSS and IAA http://seclists.org/fulldisclosure/2012/Oct/139 51055 @@ -1020,7 +1020,7 @@ MULTI - WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities + Slideshow - Multiple Script Insertion Vulnerabilities 51135 @@ -1105,7 +1105,7 @@ - ThreeWP Email Reflector 1.13 Stored XSS + ThreeWP Email Reflector 1.13 - Stored XSS 20365 @@ -1115,7 +1115,7 @@ - SimpleMail 1.0.6 Stored XSS + SimpleMail 1.0.6 - Stored XSS 20361 50208 @@ -1180,7 +1180,7 @@ - Backup Plugin Information Disclosure + Backup - Information Disclosure 19524 50038 @@ -1212,7 +1212,7 @@ - Website FAQ Plugin v1.0 SQL Injection + Website FAQ 1.0 - SQL Injection 19400 @@ -1262,7 +1262,7 @@ - Wordpress Automatic 2.0.3 CSRF + Automatic 2.0.3 CSRF http://packetstormsecurity.com/files/113763/ @@ -1289,7 +1289,7 @@ - Auctions Plugin 2.0.1.3 Arbitrary + <title>Auctions - 2.0.1.3 Arbitrary File Upload Vulnerability @@ -1363,7 +1363,7 @@ - Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability + Contus HD FLV Player <= 1.3 - SQL Injection Vulnerability 17678 @@ -1444,14 +1444,14 @@ XSS - WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues + Mac Photo Gallery - Two Security Bypass Security Issues 49923 AUTHBYPASS - WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities + Mac Photo Gallery - Multiple Script Insertion Vulnerabilities 49836 @@ -1499,7 +1499,7 @@ - Front File Manager Plugin 0.1 Arbitrary File Upload + Front File Manager 0.1 - Arbitrary File Upload 19012 @@ -1596,7 +1596,7 @@ - wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload + wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload 19023 @@ -1841,7 +1841,7 @@ XSS - WordPress pretty-link plugin XSS in SWF + pretty-link - XSS in SWF http://seclists.org/bugtraq/2013/Feb/100 http://packetstormsecurity.com/files/120433/ @@ -2091,7 +2091,7 @@ - Login With Ajax plugin Cross Site Scripting + Login With Ajax - Cross Site Scripting 49013 @@ -2099,7 +2099,7 @@ 3.0.4.1 - WordPress Login With Ajax Plugin Cross-Site Request Forgery Vulnerability + Login With Ajax - Cross-Site Request Forgery Vulnerability 52950 @@ -2110,14 +2110,14 @@ - Media Library Categories plugin <= 1.0.6 SQL Injection Vulnerability + Media Library Categories <= 1.0.6 - SQL Injection Vulnerability 17628 SQLI - Media Library Categories plugin <= 1.1.1 Cross Site Scripting + Media Library Categories <= 1.1.1 - Cross Site Scripting http://packetstormsecurity.com/files/112697/ @@ -2137,7 +2137,7 @@ - WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability + Zingiri Web Shop - Cookie SQL Injection Vulnerability 49398 @@ -2181,7 +2181,7 @@ - Zingiri Tickets plugin File Disclosure + Zingiri Tickets - File Disclosure http://packetstormsecurity.com/files/111904/ @@ -2296,7 +2296,7 @@ - uCan Post plugin <= 1.0.09 Stored XSS + uCan Post <= 1.0.09 - Stored XSS 18390 @@ -2306,7 +2306,7 @@ - WP Cycle Playlist plugin Multiple Vulnerabilities + WP Cycle Playlist - Multiple Vulnerabilities http://1337day.com/exploits/17396 @@ -2367,7 +2367,7 @@ - WP-AutoYoutube plugin <= 0.1 Blind SQL Injection Vulnerability + WP-AutoYoutube <= 0.1 - Blind SQL Injection Vulnerability http://1337day.com/exploits/17368 @@ -2377,7 +2377,7 @@ - Age Verification plugin <= 0.4 Open Redirect + Age Verification <= 0.4 - Open Redirect 18350 @@ -2397,7 +2397,7 @@ - Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities + Pay With Tweet <= 1.1 - Multiple Vulnerabilities 18330 @@ -2417,7 +2417,7 @@ - BLIND SQL injection UPM-POLLS plugin 1.0.4 + UPM-POLLS 1.0.4 - BLIND SQL injection 18231 @@ -2447,7 +2447,7 @@ - Link Library plugin <= 5.2.1 SQL Injection + Link Library <= 5.2.1 - SQL Injection 17887 @@ -2457,7 +2457,7 @@ - CevherShare 2.0 plugin SQL Injection Vulnerability + CevherShare 2.0 - SQL Injection Vulnerability 17891 @@ -2467,7 +2467,7 @@ - meenews 5.1 plugin Cross-Site Scripting Vulnerabilities + meenews 5.1 - Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/151 @@ -2508,7 +2508,7 @@ - MM Duplicate plugin <= 1.2 SQL Injection Vulnerability + MM Duplicate <= 1.2 - SQL Injection Vulnerability 17707 @@ -2518,7 +2518,7 @@ - Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability + Menu Creator <= 1.1.7 - SQL Injection Vulnerability 17689 @@ -2528,7 +2528,7 @@ - Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability + Allow PHP in Posts and Pages <= 2.0.0.RC1 - SQL Injection Vulnerability 17688 @@ -2538,7 +2538,7 @@ - Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability + Global Content Blocks <= 1.2 SQL - Injection Vulnerability 17687 @@ -2548,7 +2548,7 @@ - Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability + Ajax Gallery <= 3.0 SQL - Injection Vulnerability 17686 @@ -2558,7 +2558,7 @@ - WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability + WP DS FAQ <= 1.3.2 SQL - Injection Vulnerability 17683 @@ -2568,7 +2568,7 @@ - OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability + OdiHost Newsletter <= 1.0 SQL - Injection Vulnerability 17681 @@ -2578,7 +2578,7 @@ - Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability + Easy Contact Form Lite <= 1.0.7 - SQL Injection Vulnerability 17680 @@ -2588,14 +2588,14 @@ - WP Symposium plugin <= 0.64 SQL Injection Vulnerability + WP Symposium <= 0.64 - SQL Injection Vulnerability 17679 SQLI - WP Symposium plugin <= 12.12 Multiple SQL Injection Vulnerabilities + WP Symposium <= 12.12 - Multiple SQL Injection Vulnerabilities 50674 http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/ @@ -2603,7 +2603,7 @@ SQLI - WordPress WP Symposium Plugin "u" XSS + WP Symposium "u" XSS 52864 @@ -2611,7 +2611,7 @@ 13.04 - WordPress WP Symposium Plugin "u" Redirection Weakness + WP Symposium "u" Redirection Weakness 52925 @@ -2621,7 +2621,7 @@ - File Groups plugin <= 1.1.2 SQL Injection Vulnerability + File Groups <= 1.1.2 SQL Injection Vulnerability 17677 @@ -2631,7 +2631,7 @@ - IP-Logger plugin <= 3.0 SQL Injection Vulnerability + IP-Logger <= 3.0 SQL Injection Vulnerability 17673 @@ -2661,7 +2661,7 @@ - EditorMonkey plugin (FCKeditor) Arbitrary File Upload + EditorMonkey (FCKeditor) Arbitrary File Upload 17284 @@ -2701,7 +2701,7 @@ - WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities + GRAND FlAGallery - Multiple Vulnerabilities 51100 @@ -2745,7 +2745,7 @@ XSS - WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability + GRAND FlAGallery - "gid" SQL Injection Vulnerability 53356 @@ -2753,7 +2753,7 @@ 2.56 - GRAND FlAGallery Plugin "s" Cross-Site Scripting Vulnerability + GRAND FlAGallery - "s" Cross-Site Scripting Vulnerability 53111 93714 @@ -2812,14 +2812,14 @@ SQLI - WP Forum Server plugin <= 1.7 SQL Injection Vulnerability + WP Forum Server <= 1.7 SQL Injection Vulnerability 17828 SQLI - WP Forum Server plugin <= 1.7.3 SQL Injection / XSS Vulnerabilities + WP Forum Server <= 1.7.3 SQL Injection / XSS Vulnerabilities http://packetstormsecurity.com/files/112703/ @@ -2849,7 +2849,7 @@ - WordPress Comment Rating 2.9.32 SQL Injection / Bypass + Comment Rating 2.9.32 SQL Injection / Bypass http://packetstormsecurity.com/files/120569/ @@ -3012,7 +3012,7 @@ - Vulnerabilities in Cimy Counter for WordPress + Cimy Counter - Vulnerabilities 14057 @@ -3099,7 +3099,7 @@ - Vulnerabilities in WP-Cumulus <= 1.20 for WordPress + WP-Cumulus <= 1.20 - Vulnerabilities 10228 @@ -3178,14 +3178,14 @@ SQLI - Photoracer plugin <= 1.0 SQL Injection Vulnerability + Photoracer <= 1.0 SQL Injection Vulnerability 17720 SQLI - Photoracer plugin <= 1.0 Multiple Vulnerabilities + Photoracer <= 1.0 Multiple Vulnerabilities 17731 @@ -3481,7 +3481,7 @@ - SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability + SendIt <= 1.5.9 Blind SQL Injection Vulnerability 17716 @@ -3491,7 +3491,7 @@ - Js-appointment plugin <= 1.5 SQL Injection Vulnerability + Js-appointment <= 1.5 SQL Injection Vulnerability 17724 @@ -3518,7 +3518,7 @@ - Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability + Super CAPTCHA <= 2.2.4 SQL Injection Vulnerability 17728 @@ -3528,7 +3528,7 @@ - Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability + Collision Testimonials <= 3.0 SQL Injection Vulnerability 17729 @@ -3538,7 +3538,7 @@ - Oqey Headers plugin <= 0.3 SQL Injection Vulnerability + Oqey Headers <= 0.3 SQL Injection Vulnerability 17730 @@ -3548,7 +3548,7 @@ - Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability + Facebook Promotions <= 1.3.3 SQL Injection Vulnerability 17737 @@ -3558,7 +3558,7 @@ - Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability + Evarisk <= 5.1.3.6 SQL Injection Vulnerability 17738 @@ -3575,7 +3575,7 @@ - Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability + Profiles <= 2.0 RC1 SQL Injection Vulnerability 17739 @@ -3585,7 +3585,7 @@ - mySTAT plugin <= 2.6 SQL Injection Vulnerability + mySTAT <= 2.6 SQL Injection Vulnerability 17740 @@ -3595,7 +3595,7 @@ - SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability + SH Slideshow <= 3.1.4 SQL Injection Vulnerability 17748 @@ -3605,7 +3605,7 @@ - iCopyright(R) Article Tools plugin <= 1.1.4 SQL Injection Vulnerability + iCopyright(R) Article Tools <= 1.1.4 SQL Injection Vulnerability 17749 @@ -3615,7 +3615,7 @@ - Advertizer plugin <= 1.0 SQL Injection Vulnerability + Advertizer <= 1.0 SQL Injection Vulnerability 17750 @@ -3625,14 +3625,14 @@ - Event Registration plugin <= 5.44 SQL Injection Vulnerability + Event Registration <= 5.44 SQL Injection Vulnerability 17814 SQLI - Event Registration plugin <= 5.43 SQL Injection Vulnerability + Event Registration <= 5.43 SQL Injection Vulnerability 17751 @@ -3649,7 +3649,7 @@ - Craw Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability + Craw Rate Tracker <= 2.0.2 SQL Injection Vulnerability 17755 @@ -3659,7 +3659,7 @@ - wp audio gallery playlist plugin <= 0.12 SQL Injection Vulnerability + wp audio gallery playlist <= 0.12 SQL Injection Vulnerability 17756 @@ -3669,7 +3669,7 @@ - WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability + yolink Search "s" Cross-Site Scripting Vulnerability 52030 @@ -3677,7 +3677,7 @@ 2.6 - yolink Search plugin <= 1.1.4 SQL Injection Vulnerability + yolink Search <= 1.1.4 SQL Injection Vulnerability 17757 @@ -3687,7 +3687,7 @@ - PureHTML plugin <= 1.0.0 SQL Injection Vulnerability + PureHTML <= 1.0.0 SQL Injection Vulnerability 17758 @@ -3697,7 +3697,7 @@ - Couponer plugin <= 1.2 SQL Injection Vulnerability + Couponer <= 1.2 SQL Injection Vulnerability 17759 @@ -3707,7 +3707,7 @@ - grapefile plugin <= 1.1 Arbitrary File Upload + grapefile <= 1.1 Arbitrary File Upload 17760 @@ -3717,7 +3717,7 @@ - image-gallery-with-slideshow plugin <= 1.5 Arbitrary File Upload / SQL Injection + image-gallery-with-slideshow <= 1.5 Arbitrary File Upload / SQL Injection 17761 @@ -3727,7 +3727,7 @@ - Donation plugin <= 1.0 SQL Injection Vulnerability + Donation <= 1.0 SQL Injection Vulnerability 17763 @@ -3737,14 +3737,14 @@ - WP Bannerize plugin <= 2.8.6 SQL Injection Vulnerability + WP Bannerize <= 2.8.6 SQL Injection Vulnerability 17764 SQLI - WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability + WP Bannerize <= 2.8.7 SQL Injection Vulnerability 17906 @@ -3754,7 +3754,7 @@ - SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability + SearchAutocomplete <= 1.0.8 SQL Injection Vulnerability 17767 @@ -3764,7 +3764,7 @@ - VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability + VideoWhisper Video Presentation <= 1.1 SQL Injection Vulnerability 17771 @@ -3781,7 +3781,7 @@ - Facebook Opengraph Meta plugin <= 1.0 SQL Injection Vulnerability + Facebook Opengraph Meta <= 1.0 SQL Injection Vulnerability 17773 @@ -3791,7 +3791,7 @@ - Zotpress plugin <= 4.4 SQL Injection Vulnerability + Zotpress <= 4.4 SQL Injection Vulnerability 17778 @@ -3801,7 +3801,7 @@ - oQey Gallery plugin <= 0.4.8 SQL Injection Vulnerability + oQey Gallery <= 0.4.8 SQL Injection Vulnerability 17779 @@ -3811,7 +3811,7 @@ - Tweet Old Post plugin <= 3.2.5 SQL Injection Vulnerability + Tweet Old Post <= 3.2.5 SQL Injection Vulnerability 17789 @@ -3821,7 +3821,7 @@ - post highlights plugin <= 2.2 SQL Injection Vulnerability + post highlights <= 2.2 SQL Injection Vulnerability 17790 @@ -3831,7 +3831,7 @@ - KNR Author List Widget plugin <= 2.0.0 SQL Injection Vulnerability + KNR Author List Widget <= 2.0.0 SQL Injection Vulnerability 17791 @@ -3841,7 +3841,7 @@ - SCORM Cloud plugin <= 1.0.6.6 SQL Injection Vulnerability + SCORM Cloud <= 1.0.6.6 SQL Injection Vulnerability 17793 @@ -3851,7 +3851,7 @@ - Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability + Eventify - Simple Events <= 1.7.f SQL Injection Vulnerability 17794 @@ -3861,7 +3861,7 @@ - Paid Downloads plugin <= 2.01 SQL Injection Vulnerability + Paid Downloads <= 2.01 SQL Injection Vulnerability 17797 @@ -3871,7 +3871,7 @@ - Community Events plugin <= 1.2.1 SQL Injection Vulnerability + Community Events <= 1.2.1 SQL Injection Vulnerability 17798 @@ -3898,14 +3898,14 @@ - WP-Filebase Download Manager plugin <= 0.2.9 SQL Injection Vulnerability + WP-Filebase Download Manager <= 0.2.9 SQL Injection Vulnerability 17808 SQLI - WordPress WP-Filebase Plugin Unspecified Vulnerabilities + WP-Filebase Unspecified Vulnerabilities 51269 @@ -3916,7 +3916,7 @@ - A to Z Category Listing plugin <= 1.3 SQL Injection Vulnerability + A to Z Category Listing <= 1.3 SQL Injection Vulnerability 17809 @@ -3926,14 +3926,14 @@ - WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability + WP e-Commerce <= 3.8.6 SQL Injection Vulnerability 17832 SQLI - WP-e-Commerce plugin v3.8.9.5 Cross Site Scripting Vulnerability + WP-e-Commerce v3.8.9.5 Cross Site Scripting Vulnerability http://1337day.com/exploit/20517 @@ -4072,7 +4072,7 @@ - Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability + Category Grid View Gallery 0.1.1 Shell Upload vulnerability 17872 @@ -4089,7 +4089,7 @@ - Auto Attachments plugin 0.2.9 Shell Upload vulnerability + Auto Attachments 0.2.9 Shell Upload vulnerability 17872 @@ -4099,7 +4099,7 @@ - WP Marketplace plugin 1.1.0 Shell Upload vulnerability + WP Marketplace 1.1.0 Shell Upload vulnerability 17872 @@ -4109,7 +4109,7 @@ - DP Thumbnail plugin 1.0 Shell Upload vulnerability + DP Thumbnail 1.0 Shell Upload vulnerability 17872 @@ -4119,7 +4119,7 @@ - Vk Gallery plugin 1.1.0 Shell Upload vulnerability + Vk Gallery 1.1.0 Shell Upload vulnerability 17872 @@ -4129,7 +4129,7 @@ - Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability + Rekt Slideshow 1.0.5 Shell Upload vulnerability 17872 @@ -4139,7 +4139,7 @@ - CAC Featured Content plugin 0.8 Shell Upload vulnerability + CAC Featured Content 0.8 Shell Upload vulnerability 17872 @@ -4149,7 +4149,7 @@ - Rent A Car plugin 1.0 Shell Upload vulnerability + Rent A Car 1.0 Shell Upload vulnerability 17872 @@ -4159,7 +4159,7 @@ - LISL Last Image Slider plugin 1.0 Shell Upload vulnerability + LISL Last Image Slider 1.0 Shell Upload vulnerability 17872 @@ -4169,7 +4169,7 @@ - Islidex plugin 2.7 Shell Upload vulnerability + Islidex 2.7 Shell Upload vulnerability 17872 @@ -4179,7 +4179,7 @@ - Kino Gallery plugin 1.0 Shell Upload vulnerability + Kino Gallery 1.0 Shell Upload vulnerability 17872 @@ -4189,7 +4189,7 @@ - Cms Pack plugin 1.3 Shell Upload vulnerability + Cms Pack 1.3 Shell Upload vulnerability 17872 @@ -4199,7 +4199,7 @@ - A Gallery plugin 0.9 Shell Upload vulnerability + A Gallery 0.9 Shell Upload vulnerability 17872 @@ -4209,7 +4209,7 @@ - Category List Portfolio Page plugin 0.9 Shell Upload vulnerability + Category List Portfolio Page 0.9 Shell Upload vulnerability 17872 @@ -4219,7 +4219,7 @@ - Really Easy Slider plugin 0.1 Shell Upload vulnerability + Really Easy Slider 0.1 Shell Upload vulnerability 17872 @@ -4229,7 +4229,7 @@ - Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability + Verve Meta Boxes 1.2.8 Shell Upload vulnerability 17872 @@ -4239,7 +4239,7 @@ - User Avatar plugin 1.3.7 shell upload vulnerability + User Avatar 1.3.7 shell upload vulnerability 17872 @@ -4249,7 +4249,7 @@ - Extend plugin 1.3.7 Shell Upload vulnerability + Extend 1.3.7 Shell Upload vulnerability 17872 @@ -4259,14 +4259,14 @@ - AdRotate plugin <= 3.6.5 SQL Injection Vulnerability + AdRotate <= 3.6.5 SQL Injection Vulnerability http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html SQLI - AdRotate plugin <= 3.6.6 SQL Injection Vulnerability + AdRotate <= 3.6.6 SQL Injection Vulnerability 18114 @@ -4286,7 +4286,7 @@ - WordPress GD Star Rating Plugin Export Security Bypass Security Issue + GD Star Rating Export Security Bypass Security Issue 49850 @@ -4294,14 +4294,14 @@ 1.9.19 - GD Star Rating plugin <= 1.9.16 Cross Site Scripting + GD Star Rating <= 1.9.16 Cross Site Scripting http://packetstormsecurity.com/files/112702/ XSS - GD Star Rating plugin <= 1.9.10 SQL Injection + GD Star Rating <= 1.9.10 SQL Injection 17973 @@ -4311,7 +4311,7 @@ - Contact Form plugin <= 2.7.5 SQL Injection + Contact Form <= 2.7.5 SQL Injection 17980 @@ -4354,7 +4354,7 @@ 4.9.3 - WordPress WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability + WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability 93033 2013-3254 @@ -4527,7 +4527,7 @@ - Simple Login Log Plugin XSS + Simple Login Log XSS 51780 @@ -4535,7 +4535,7 @@ 0.9.4 - Simple Login Log Plugin SQL Injection + Simple Login Log SQL Injection 51780 @@ -4579,7 +4579,7 @@ - WordPress File Uploader Plugin PHP File Upload Vulnerability + File Uploader PHP File Upload Vulnerability http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/ @@ -4589,7 +4589,7 @@ - WordPress Poll Plugin Cross-Site Request Forgery Vulnerability + Poll Cross-Site Request Forgery Vulnerability 51925 @@ -4606,7 +4606,7 @@ SQLI - WordPress Poll Plugin Multiple SQL Injection Vulnerabilities + Poll Multiple SQL Injection Vulnerabilities 50910 @@ -4617,7 +4617,7 @@ - Wordpress Developer Formatter CSRF and XSS Vulnerability + Developer Formatter CSRF and XSS Vulnerability http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt http://1337day.com/exploits/20210 @@ -4629,7 +4629,7 @@ - WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability + DVS Custom Notification Cross-Site Request Forgery Vulnerability 51531 @@ -4684,7 +4684,7 @@ - WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities + Welcart e-Commerce Cross-Site Scripting and Request Forgery Vulnerabilities 51581 @@ -4694,7 +4694,7 @@ - WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability + Knews Multilingual Newsletters Cross-Site Request Forgery Vulnerability 51543 @@ -4704,7 +4704,7 @@ - WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability + Video Lead Form "errMsg" Cross-Site Scripting Vulnerability 51419 @@ -4714,7 +4714,7 @@ - WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability + WooCommerce Predictive Search "rs" Cross-Site Scripting Vulnerability 51385 @@ -4735,7 +4735,7 @@ - WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability + WP e-Commerce Predictive Search "rs" Cross-Site Scripting Vulnerability 51384 @@ -4745,7 +4745,7 @@ - WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability + vTiger CRM Lead Capture Unspecified Vulnerability 51305 @@ -4756,14 +4756,14 @@ - WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability + WP-PostViews "search_input" Cross-Site Scripting Vulnerability 50982 XSS - WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability + WP-PostViews Cross-Site Request Forgery Vulnerability 53127 @@ -4774,7 +4774,7 @@ - WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability + DX-Contribute Cross-Site Request Forgery Vulnerability 51082 @@ -4795,7 +4795,7 @@ 2.2.1 - WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability + Wysija Newsletters swfupload Cross-Site Scripting Vulnerability 51249 http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html @@ -4807,7 +4807,7 @@ - WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability + Hitasoft FLV Player - "id" SQL Injection Vulnerability 51179 @@ -4817,7 +4817,7 @@ - Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability + Spider Calendar - "many_sp_calendar" Cross-Site Scripting Vulnerability 50981 @@ -4836,7 +4836,7 @@ - Wordpress Dynamic Font Replacement 1.3 plugin SQL Injection Vulnerability + Dynamic Font Replacement 1.3 - SQL Injection Vulnerability http://1337day.com/exploit/20239 @@ -4846,7 +4846,7 @@ - WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability + Zingiri Form Builder - "error" Cross-Site Scripting Vulnerability 50983 @@ -4857,7 +4857,7 @@ - WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability + White Label CMS - Cross-Site Request Forgery Vulnerability 50487 @@ -4868,7 +4868,7 @@ - Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability + Download Shortcode - "file" Arbitrary File Disclosure Vulnerability 50924 @@ -4879,7 +4879,7 @@ - WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability + eShop Magic - "file" Arbitrary File Disclosure Vulnerability 50933 @@ -4890,7 +4890,7 @@ - WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities + Pinterest "Pin It" Button Lite - Multiple Unspecified Vulnerabilities 50868 @@ -4901,7 +4901,7 @@ - WordPress CSS Plus Plugin Unspecified Vulnerabilities + CSS Plus - Unspecified Vulnerabilities 50793 @@ -4912,7 +4912,7 @@ - WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities + Multisite plugin Manager - Two Cross-Site Scripting Vulnerabilities 50762 @@ -4923,7 +4923,7 @@ - WordPress ABC Test Plugin "id" Cross-Site Scripting Vulnerability + ABC Test - "id" Cross-Site Scripting Vulnerability 50608 @@ -4933,7 +4933,7 @@ - Wordpress Token Manager Plugin "tid" Cross-Site Scripting Vulnerabilities + Token Manager - "tid" Cross-Site Scripting Vulnerabilities 50722 @@ -4943,7 +4943,7 @@ - WordPress Sexy Add Template Plugin Cross-Site Request Forgery Vulnerability + Sexy Add Template - Cross-Site Request Forgery Vulnerability 50709 @@ -4953,7 +4953,7 @@ - WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability + Notices Ticker - Cross-Site Request Forgery Vulnerability 50717 @@ -4963,7 +4963,7 @@ - WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability + MF Gig Calendar - URL Cross-Site Scripting Vulnerability 50571 @@ -4973,14 +4973,14 @@ - wp-topbar <= 3.04 XSS in ZeroClipboard.swf + wp-topbar <= 3.04 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS - WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability + WP-TopBar - Cross-Site Request Forgery Vulnerability 50693 @@ -4991,7 +4991,7 @@ - WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities + HD Webplayer - Two SQL Injection Vulnerabilities 50466 @@ -5001,7 +5001,7 @@ - WordPress Cloudsafe365 Plugin Multiple Vulnerabilities + Cloudsafe365 - Multiple Vulnerabilities 50392 @@ -5012,7 +5012,7 @@ - WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities + Vitamin - Two Arbitrary File Disclosure Vulnerabilities 50176 @@ -5023,7 +5023,7 @@ - WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability + Featured Post with thumbnail - Unspecified timthumb Vulnerability 50161 @@ -5034,7 +5034,7 @@ - WordPress WP Lead Management Plugin Script Insertion Vulnerabilities + WP Lead Management - Script Insertion Vulnerabilities 50166 @@ -5044,7 +5044,7 @@ - WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities + <title>XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities 50173 @@ -5056,7 +5056,7 @@ - WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities + G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities 50100 @@ -5066,7 +5066,7 @@ - WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities + Backend Localization - Cross-Site Scripting Vulnerabilities 50099 @@ -5077,7 +5077,7 @@ - WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities + Flexi Quote Rotator - Cross-Site Request Forgery and SQL Injection Vulnerabilities 49910 @@ -5088,7 +5088,7 @@ - WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability + Get Off Malicious Scripts Cross-Site Scripting Vulnerability 50030 @@ -5099,7 +5099,7 @@ - WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability + Cimy User Extra Fields - Arbitrary File Upload Vulnerability 49975 @@ -5110,7 +5110,7 @@ - WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability + Nmedia Users File Uploader - Arbitrary File Upload Vulnerability 49996 @@ -5151,7 +5151,7 @@ - Wordpress RLSWordPressSearch plugin SQL Injection + RLSWordPressSearch - SQL Injection 24440 @@ -5161,7 +5161,7 @@ - wordpress-simple-shout-box Plugin SQL Injection + wordpress-simple-shout-box - SQL Injection http://cxsecurity.com/issue/WLB-2013010235 @@ -5171,7 +5171,7 @@ - Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection + portfolio-slideshow-pro v3 - SQL Injection http://cxsecurity.com/issue/WLB-2013010236 @@ -5181,7 +5181,7 @@ - WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness + Simple History - RSS Feed "rss_secret" Disclosure Weakness 51998 @@ -5192,7 +5192,7 @@ - WordPress p1m media manager plugin SQL Injection Vulnerability + p1m media manager - SQL Injection Vulnerability http://www.1337day.com/exploit/20270 @@ -5209,7 +5209,7 @@ XSS - Wordpress wp-table-reloaded plugin cross-site scripting in SWF + wp-table-reloaded - cross-site scripting in SWF http://packetstormsecurity.com/files/119968/ 52027 @@ -5222,7 +5222,7 @@ - WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability + Gallery - "load" Remote File Inclusion Vulnerability 51347 @@ -5232,7 +5232,7 @@ - Wordpress plugins ForumConverter SQL Injection Vulnerability + ForumConverter SQL Injection Vulnerability http://www.1337day.com/exploit/20275 @@ -5242,14 +5242,14 @@ - WordPress plugins Newsletter SQL Injection Vulnerability + Newsletter SQL Injection Vulnerability http://www.1337day.com/exploit/20287 SQLI - WordPress Newsletter Plugin "alert" Cross-Site Scripting Vulnerability + Newsletter - "alert" Cross-Site Scripting Vulnerability 53398 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php @@ -5276,7 +5276,7 @@ - Wordpress wp-forum plugin SQL Injection + wp-forum - SQL Injection http://cxsecurity.com/issue/WLB-2013020035 @@ -5286,7 +5286,7 @@ - WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability + WP ecommerce Shop Styling - "dompdf" Remote File Inclusion Vulnerability 51707 @@ -5297,7 +5297,7 @@ - Wordpress Audio Player Plugin XSS in SWF + Audio Player - XSS in SWF http://seclists.org/bugtraq/2013/Feb/35 52083 @@ -5309,7 +5309,7 @@ - Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit + CKEditor 4.0 Arbitrary File Upload Exploit http://1337day.com/exploit/20318 @@ -5319,7 +5319,7 @@ - wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection + myftp-ftp-like-plugin-for-wordpress v2 - SQL Injection http://cxsecurity.com/issue/WLB-2013020061 @@ -5329,7 +5329,7 @@ - WordPress WP Online Store Plugin 1.3.1 downloaded before 2013-01-17 File Disclosure and File Inclusion + <title>WP Online Store 1.3.1 - downloaded before 2013-01-17 File Disclosure and File Inclusion Vulnerabilities @@ -5353,7 +5353,7 @@ - Contact Form Plugin XSS + Contact Form - XSS 90503 @@ -5728,7 +5728,7 @@ - o2s-gallery plugin Cross Site Scripting Vulnerability + o2s-gallery - Cross Site Scripting Vulnerability http://1337day.com/exploit/20516 @@ -5738,7 +5738,7 @@ - bp-gallery plugin v1.2.5 Cross Site Scripting Vulnerability + bp-gallery 1.2.5 - Cross Site Scripting Vulnerability http://1337day.com/exploit/20518 @@ -5748,7 +5748,7 @@ - Simply Poll Plugin 1.4.1 - Multiple Vulnerabilities + Simply Poll 1.4.1 - Multiple Vulnerabilities 24850 91446 @@ -5759,7 +5759,7 @@ - Occasions Plugin 1.0.4 - CSRF Vulnerability + Occasions 1.0.4 - CSRF Vulnerability 24858 91490 @@ -5770,7 +5770,7 @@ - Mathjax Latex 1.1 CSRF Vulnerability + Mathjax Latex 1.1 - CSRF Vulnerability 24889 91737 @@ -6067,7 +6067,7 @@ - uk-cookie plugin XSS + uk-cookie - XSS 87561 http://seclists.org/bugtraq/2012/Nov/50 @@ -6105,7 +6105,7 @@ - mail-on-update plugin CSRF + mail-on-update - CSRF 53449 http://www.openwall.com/lists/oss-security/2013/05/16/8 @@ -6116,8 +6116,7 @@ - Advanced XML Reader Plugin for WordPress XML External Entity (XXE) Data Parsing Arbitrary File Disclosure - + Advanced XML Reader - XML External Entity (XXE) Data Parsing Arbitrary File Disclosure http://seclists.org/bugtraq/2013/May/5 92904 @@ -6128,7 +6127,7 @@ - WordPress Related Posts by Zemanta Plugin Cross-Site Request Forgery Vulnerability + Related Posts by Zemanta - Cross-Site Request Forgery Vulnerability 53321 @@ -6139,7 +6138,7 @@ - WordPress WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability + WordPress Related Posts - Cross-Site Request Forgery Vulnerability 53279 @@ -6150,7 +6149,7 @@ - WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability + Related Posts - Cross-Site Request Forgery Vulnerability 53122 @@ -6161,7 +6160,7 @@ - WordPress WP Print Friendly Plugin Security Bypass Vulnerability + WP Print Friendly - Security Bypass Vulnerability 53371 @@ -6172,7 +6171,7 @@ - WordPress Contextual Related Posts Plugin Cross-Site Request Forgery Vulnerability + Contextual Related Posts - Cross-Site Request Forgery Vulnerability 52960 @@ -6183,7 +6182,7 @@ - WordPress Calendar Plugin Cross-Site Request Forgery Vulnerability + Calendar - Cross-Site Request Forgery Vulnerability 52841 @@ -6194,7 +6193,7 @@ - WordPress Feedweb Plugin 'wp_post_id' Parameter XSS + Feedweb - 'wp_post_id' Parameter XSS http://www.securityfocus.com/bid/58771 @@ -6205,7 +6204,7 @@ - WordPress WP-Print Plugin CSRF + WP-Print - CSRF http://www.securityfocus.com/bid/58900 @@ -6216,7 +6215,7 @@ - WordPress WP-Print Plugin CSRF + WP-Print - CSRF http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt @@ -6226,7 +6225,7 @@ - WordPress WP-DownloadManager Plugin CSRF + WP-DownloadManager - CSRF http://www.securityfocus.com/bid/58937 @@ -6250,7 +6249,7 @@ - SS Quiz Plugin Multiple Unspecified Vulnerabilities + SS Quiz - Multiple Unspecified Vulnerabilities http://wordpress.org/plugins/ssquiz/changelog/ 53378 @@ -6322,7 +6321,7 @@ - FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress + Exploit Scanner - FPD and Security bypass vulnerabilities http://seclists.org/fulldisclosure/2013/May/216 93799 @@ -6333,11 +6332,12 @@ - FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress + GA Universal - Cross-Site Request Forgery Vulnerability + 52976 http://wordpress.org/plugins/ga-universal/changelog/ - XSS + CSRF 1.0.1 @@ -6356,7 +6356,7 @@ - WordPress qTranslate Plugin Cross-Site Request Forgery Vulnerability + qTranslate - Cross-Site Request Forgery Vulnerability 53126 93873 @@ -6367,7 +6367,7 @@ - Image slider with description Plugin Unspecified Vulnerability + Image slider with description - Unspecified Vulnerability 53588 93691 @@ -6379,7 +6379,7 @@ - User Role Editor Plugin Cross-Site Request Forgery Vulnerability + User Role Editor - Cross-Site Request Forgery Vulnerability 53593 93699 @@ -6392,7 +6392,7 @@ - EELV Newsletter Plugin Cross-Site Scripting Vulnerability + EELV Newsletter - Cross-Site Scripting Vulnerability 53546 93685 @@ -6404,7 +6404,7 @@ - Frontier Post Plugin Publishing Posts Security Bypass + Frontier Post - Publishing Posts Security Bypass 53474 93639 @@ -6415,7 +6415,7 @@ - Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities + Spider Catalog - Cross-Site Scripting and SQL Injection Vulnerabilities 53491 93591 @@ -6432,7 +6432,7 @@ - Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities + Spider Event Calendar - Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities 53481 93584 @@ -6448,7 +6448,7 @@ - FPD and Security bypass vulnerabilities in AntiVirus for WordPress + AntiVirus - FPD and Security bypass vulnerabilities http://seclists.org/fulldisclosure/2013/Jun/0 @@ -6544,7 +6544,7 @@ - Stream Video Player Plugin for WordPress Setting Manipulation CSRF + Stream Video Player - - Setting Manipulation CSRF 94466 @@ -7022,7 +7022,7 @@ - Quick Contact Form Plugin 6.0 - Persistent XSS + Quick Contact Form 6.0 - Persistent XSS 28808 http://packetstormsecurity.com/files/123549/ @@ -7043,7 +7043,7 @@ - IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities + IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities 24867 91625 @@ -7051,7 +7051,7 @@ MULTI - IndiaNIC FAQs Manager Plugin 1.0 - Blind SQL Injection + IndiaNIC FAQs Manager 1.0 - Blind SQL Injection 24868 91623 @@ -7083,7 +7083,7 @@ - FlagEm Plugin - flagit.php cID Parameter XSS + FlagEm - flagit.php cID Parameter XSS 98226 http://www.securityfocus.com/bid/61401 From bdc60cbb9745cc2137cb5eb36bd6c690044a8b9c Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Thu, 10 Oct 2013 23:38:35 +0200 Subject: [PATCH 3/8] Update plugin_vulns.xml --- data/plugin_vulns.xml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 94adde69..1de1caf6 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -6968,6 +6968,8 @@ Simple Login Registration 1.0.1 - XSS + 96660 + 54583 http://packetstormsecurity.com/files/122963/ XSS @@ -7140,4 +7142,16 @@ + + + ShareThis 7.0.3 - Setting Manipulation CSRF + + 96884 + 2013-3479 + 53135 + + CSRF + + + From 8df95035da6ec7ae1dda0a7ffe5624d651b18e29 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 11 Oct 2013 08:18:53 +0200 Subject: [PATCH 4/8] Update plugin_vulns.xml --- data/plugin_vulns.xml | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 1de1caf6..c2c9d91c 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -512,18 +512,26 @@ - Asset Manager 0.2 Arbitrary File Upload + Asset Manager 0.2 - Arbitrary File Upload + 82653 18993 + 23652 + 49378 + http://www.securityfocus.com/bid/53809 + http://packetstormsecurity.com/files/119133/ UPLOAD - plugin Asset manager upload.php Arbitrary Code Execution + Asset Manager - upload.php Arbitrary Code Execution + 82653 http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/ + http://packetstormsecurity.com/files/113285/ + http://xforce.iss.net/xforce/xfdb/80823 UPLOAD @@ -1606,7 +1614,7 @@ - Gallery 3.06 Arbitrary File Upload + Gallery 3.06 - Arbitrary File Upload 18998 @@ -1682,17 +1690,17 @@ - Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload + Foxypress 0.4.1.1-0.4.2.1 - Arbitrary File Upload http://packetstormsecurity.com/files/113576/ + http://www.securityfocus.com/bid/53805 18991 19100 - UPLOAD - FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection + FoxyPress 0.4.2.5 - XSS / CSRF / SQL Injection http://packetstormsecurity.com/files/117768/ 51109 @@ -1703,7 +1711,7 @@ - Track That Stat <= 1.0.8 Cross Site Scripting + Track That Stat <= 1.0.8 - Cross Site Scripting http://packetstormsecurity.com/files/112722/ http://www.securityfocus.com/bid/53551 From 6ffc66362e642d7b9a32c67927b5564625fea949 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 11 Oct 2013 10:00:55 +0200 Subject: [PATCH 5/8] Make a seperator between plugin name and vulnerability name Can be useful for 'grep'ing. plugin name [version[-range]] - vulnerability name --- data/plugin_vulns.xml | 574 +++++++++++++++++++++--------------------- 1 file changed, 289 insertions(+), 285 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index c2c9d91c..2a97bef3 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -487,7 +487,7 @@ - Advanced Custom Fields <= 3.5.1 Remote File Inclusion + Advanced Custom Fields <= 3.5.1 - Remote File Inclusion http://packetstormsecurity.com/files/119221/ 51037 @@ -1103,7 +1103,7 @@ - Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities + Quick Post Widget 1.9.1 - Multiple Cross-site scripting vulnerabilities http://seclists.org/bugtraq/2012/Aug/66 @@ -1134,7 +1134,7 @@ - Postie 1.4.3 Stored XSS + Postie 1.4.3 - Stored XSS 20360 50207 @@ -1145,7 +1145,7 @@ - RSVPMaker v2.5.4 Persistent XSS + RSVPMaker v2.5.4 - Persistent XSS 20474 50289 @@ -1156,7 +1156,7 @@ - Mz-jajak <= 2.1 SQL Injection Vulnerability + Mz-jajak <= 2.1 - SQL Injection Vulnerability 20416 50217 @@ -1167,7 +1167,7 @@ - Resume Submissions Job Posting v2.5.1 Unrestricted File Upload + Resume Submissions Job Posting v2.5.1 - Unrestricted File Upload http://packetstormsecurity.com/files/114716/ @@ -1177,7 +1177,7 @@ - WP-Predict v1.0 Blind SQL Injection + WP-Predict v1.0 - Blind SQL Injection 19715 @@ -1200,7 +1200,7 @@ - MoodThingy Widget v0.8.7 Blind SQL Injection + MoodThingy Widget v0.8.7 - Blind SQL Injection 19572 @@ -1210,7 +1210,7 @@ - Paid Business Listings v1.0.2 Blind SQL Injection + Paid Business Listings v1.0.2 - Blind SQL Injection 19481 @@ -1230,7 +1230,7 @@ - Fancy Gallery 1.2.4 Shell Upload + Fancy Gallery 1.2.4 - Shell Upload http://packetstormsecurity.com/files/114114/ @@ -1240,7 +1240,7 @@ - Flip Book 1.0 Shell Upload + Flip Book 1.0 - Shell Upload http://packetstormsecurity.com/files/114112/ @@ -1250,7 +1250,7 @@ - Ajax Multi Upload 1.1 Shell Upload + Ajax Multi Upload 1.1 - Shell Upload http://packetstormsecurity.com/files/114109/ @@ -1260,7 +1260,7 @@ - Schreikasten 0.14.13 XSS + Schreikasten 0.14.13 - XSS 19294 @@ -1270,7 +1270,7 @@ - Automatic 2.0.3 CSRF + Automatic 2.0.3 - CSRF http://packetstormsecurity.com/files/113763/ @@ -1297,7 +1297,7 @@ - Auctions - 2.0.1.3 Arbitrary + <title>Auctions - 2.0.1.3 - Arbitrary File Upload Vulnerability @@ -1309,7 +1309,7 @@ - LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability + LB Mixed Slideshow 1.0 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113844/ @@ -1319,7 +1319,7 @@ - Lim4wp 1.1.1 Arbitrary File Upload Vulnerability + Lim4wp 1.1.1 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113846/ @@ -1329,7 +1329,7 @@ - Wp-ImageZoom 1.0.3 Remote File Disclosure + Wp-ImageZoom 1.0.3 - Remote File Disclosure http://packetstormsecurity.com/files/113845/ @@ -1339,7 +1339,7 @@ - Invit0r 0.22 Shell Upload + Invit0r 0.22 - Shell Upload http://packetstormsecurity.com/files/113639/ @@ -1349,7 +1349,7 @@ - Annonces 1.2.0.1 Shell Upload + Annonces 1.2.0.1 - Shell Upload http://packetstormsecurity.com/files/113637/ @@ -1359,7 +1359,7 @@ - Contus Video Gallery 1.3 Arbitrary + <title>Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability @@ -1378,9 +1378,7 @@ SQLI - Contus HD FLV Player 1.7 Arbitrary - File Upload Vulnerability - + Contus HD FLV Player 1.7 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113570/ @@ -1391,7 +1389,7 @@ - User Meta Version 1.1.1 Arbitrary File Upload Vulnerability + User Meta Version 1.1.1 - Arbitrary File Upload Vulnerability 19052 @@ -1401,7 +1399,7 @@ - Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability + Top Quark Architecture Version 2.10 - Arbitrary File Upload Vulnerability 19053 @@ -1411,7 +1409,7 @@ - SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability + SfBrowser Version 1.4.5 - Arbitrary File Upload Vulnerability 19054 @@ -1428,14 +1426,14 @@ XSS - Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability + Pica Photo Gallery 1.0 - Arbitrary File Upload Vulnerability 19055 UPLOAD - PICA Photo Gallery 1.0 Remote File Disclosure + PICA Photo Gallery 1.0 - Remote File Disclosure 19016 @@ -1467,7 +1465,7 @@ 3.0 - Mac Photo Gallery 2.7 Arbitrary File Upload + Mac Photo Gallery 2.7 - Arbitrary File Upload 19056 @@ -1477,7 +1475,7 @@ - drag and drop file upload 0.1 Arbitrary File Upload Vulnerability + drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability 19057 @@ -1497,7 +1495,7 @@ - wp-gpx-max version 1.1.21 Arbitrary File Upload + wp-gpx-max version 1.1.21 - Arbitrary File Upload 19050 @@ -1517,14 +1515,14 @@ - Front End Upload 0.5.3 Arbitrary File Upload + Front End Upload 0.5.3 - Arbitrary File Upload 19008 UPLOAD - Front End Upload v0.5.4 Arbitrary PHP File Upload + Front End Upload v0.5.4 - Arbitrary PHP File Upload 20083 @@ -1534,7 +1532,7 @@ - Omni Secure Files 0.1.13 Arbitrary File Upload + Omni Secure Files 0.1.13 - Arbitrary File Upload 19009 @@ -1544,7 +1542,7 @@ - Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability + Easy Contact Forms Export 1.1.0 - Information Disclosure Vulnerability 19013 @@ -1554,7 +1552,7 @@ - Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability + Plugin: Newsletter 1.5 - Remote File Disclosure Vulnerability 19018 @@ -1564,7 +1562,7 @@ - RBX Gallery 2.1 Arbitrary File Upload + RBX Gallery 2.1 - Arbitrary File Upload 19019 @@ -1574,7 +1572,7 @@ - Simple Download Button Shortcode 1.0 Remote File Disclosure + Simple Download Button Shortcode 1.0 - Remote File Disclosure 19020 @@ -1584,7 +1582,7 @@ - Thinkun Remind 1.1.3 Remote File Disclosure + Thinkun Remind 1.1.3 - Remote File Disclosure 19021 @@ -1594,7 +1592,7 @@ - Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure + Tinymce Thumbnail Gallery 1.0.7 - Remote File Disclosure 19022 @@ -1624,7 +1622,7 @@ - Font Uploader 1.2.4 Arbitrary File Upload + Font Uploader 1.2.4 - Arbitrary File Upload 18994 82657 @@ -1651,7 +1649,7 @@ - WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload + WP Marketplace 1.5.0-1.6.1 - Arbitrary File Upload 18988 @@ -1722,7 +1720,7 @@ - WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting + WP-Facethumb Gallery <= 0.1 - Reflected Cross Site Scripting http://packetstormsecurity.com/files/112658/ @@ -1732,7 +1730,7 @@ - Survey And Quiz Tool <= 2.9.2 Cross Site Scripting + Survey And Quiz Tool <= 2.9.2 - Cross Site Scripting http://packetstormsecurity.com/files/112685/ @@ -1742,7 +1740,7 @@ - WP Statistics <= 2.2.4 Cross Site Scripting + WP Statistics <= 2.2.4 - Cross Site Scripting http://packetstormsecurity.com/files/112686/ @@ -1752,14 +1750,14 @@ - WP Easy Gallery <= 1.7 Cross Site Scripting + WP Easy Gallery <= 1.7 - Cross Site Scripting http://packetstormsecurity.com/files/112687/ XSS - WP Easy Gallery <= 2.7 CSRF + WP Easy Gallery <= 2.7 - CSRF http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery @@ -1769,7 +1767,7 @@ - Subscribe2 <= 8.0 Cross Site Scripting + Subscribe2 <= 8.0 - Cross Site Scripting http://packetstormsecurity.com/files/112688/ @@ -1779,7 +1777,7 @@ - Soundcloud Is Gold <= 2.1 Cross Site Scripting + Soundcloud Is Gold <= 2.1 - Cross Site Scripting http://packetstormsecurity.com/files/112689/ @@ -1815,7 +1813,7 @@ - Share And Follow <= 1.80.3 Cross Site Scripting + Share And Follow <= 1.80.3 - Cross Site Scripting http://packetstormsecurity.com/files/112691/ @@ -1825,7 +1823,7 @@ - SABRE <= 1.2.0 Cross Site Scripting + SABRE <= 1.2.0 - Cross Site Scripting http://packetstormsecurity.com/files/112692/ @@ -1835,14 +1833,14 @@ - Pretty Link Lite <= 1.5.2 Cross Site Scripting + Pretty Link Lite <= 1.5.2 - Cross Site Scripting http://packetstormsecurity.com/files/112693/ XSS - Pretty Link Lite <= 1.6.1 Cross Site Scripting + Pretty Link Lite <= 1.6.1 - Cross Site Scripting 50980 @@ -1861,7 +1859,7 @@ - Newsletter Manager <= 1.0 Cross Site Scripting + Newsletter Manager <= 1.0 - Cross Site Scripting http://packetstormsecurity.com/files/112694/ @@ -1871,7 +1869,7 @@ - Network Publisher <= 5.0.1 Cross Site Scripting + Network Publisher <= 5.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112695/ @@ -1881,7 +1879,7 @@ - LeagueManager <= 3.7 Cross Site Scripting + LeagueManager <= 3.7 - Cross Site Scripting http://packetstormsecurity.com/files/112698/ 49949 @@ -1889,7 +1887,7 @@ XSS - LeagueManager v3.8 SQL Injection + LeagueManager v3.8 - SQL Injection 24789 2013-1852 @@ -1901,7 +1899,7 @@ - Leaflet <= 0.0.1 Cross Site Scripting + Leaflet <= 0.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112699/ @@ -1911,7 +1909,7 @@ - PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting + PDF And Print Button Joliprint <= 1.3.0 - Cross Site Scripting http://packetstormsecurity.com/files/112700/ @@ -1921,7 +1919,7 @@ - IFrame Admin Pages <= 0.1 Cross Site Scripting + IFrame Admin Pages <= 0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112701/ @@ -1931,7 +1929,7 @@ - EZPZ One Click Backup <= 12.03.10 Cross Site Scripting + EZPZ One Click Backup <= 12.03.10 - Cross Site Scripting http://packetstormsecurity.com/files/112705/ @@ -1941,7 +1939,7 @@ - Dynamic Widgets <= 1.5.1 Cross Site Scripting + Dynamic Widgets <= 1.5.1 - Cross Site Scripting http://packetstormsecurity.com/files/112706/ @@ -1951,7 +1949,7 @@ - Download Monitor < 3.3.6.2 Cross Site Scripting + Download Monitor < 3.3.6.2 - Cross Site Scripting http://www.securityfocus.com/bid/61407 53116 @@ -1962,7 +1960,7 @@ 3.3.6.2 - Download Monitor <= 3.3.5.7 Cross Site Scripting + Download Monitor <= 3.3.5.7 - Cross Site Scripting http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html 50511 @@ -1970,7 +1968,7 @@ XSS - Download Monitor <= 3.3.5.4 Cross Site Scripting + Download Monitor <= 3.3.5.4 - Cross Site Scripting http://packetstormsecurity.com/files/112707/ @@ -1980,7 +1978,7 @@ - Download Manager <= 2.2 Cross Site Scripting + Download Manager <= 2.2 - Cross Site Scripting http://packetstormsecurity.com/files/112708/ @@ -1990,7 +1988,7 @@ - Code Styling Localization <= 1.99.16 Cross Site Scripting + Code Styling Localization <= 1.99.16 - Cross Site Scripting http://packetstormsecurity.com/files/112709/ @@ -2000,7 +1998,7 @@ - Catablog <= 1.6 Cross Site Scripting + Catablog <= 1.6 - Cross Site Scripting http://packetstormsecurity.com/files/112619/ @@ -2010,7 +2008,7 @@ - Bad Behavior <= 2.24 Cross Site Scripting + Bad Behavior <= 2.24 - Cross Site Scripting http://packetstormsecurity.com/files/112619/ @@ -2041,7 +2039,7 @@ - Better WP Security <= 3.5.3 Stored XSS + Better WP Security <= 3.5.3 - Stored XSS https://github.com/wpscanteam/wpscan/issues/251 http://www.securityfocus.com/archive/1/527634/30/0/threaded @@ -2053,7 +2051,7 @@ 3.5.4 - Better WP Security v3.4.3 Multiple XSS + Better WP Security v3.4.3 - Multiple XSS http://seclists.org/bugtraq/2012/Oct/9 @@ -2061,7 +2059,7 @@ 3.4.4 - Better WP Security <= 3.2.4 Cross Site Scripting + Better WP Security <= 3.2.4 - Cross Site Scripting http://packetstormsecurity.com/files/112617/ @@ -2072,7 +2070,7 @@ - Custom Contact Forms <= 5.0.0.1 Cross Site Scripting + Custom Contact Forms <= 5.0.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112616/ @@ -2082,14 +2080,14 @@ - 2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting + 2-Click-Socialmedia-Buttons <= 0.34 - Cross Site Scripting http://packetstormsecurity.com/files/112615/ XSS - 2-Click-Socialmedia-Buttons <= 0.32.2 Cross Site Scripting + 2-Click-Socialmedia-Buttons <= 0.32.2 - Cross Site Scripting http://packetstormsecurity.com/files/112711/ @@ -2135,7 +2133,7 @@ - FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload + FCKeditor Deans With Pwwangs Code <= 1.0.0 - Remote Shell Upload http://packetstormsecurity.com/files/111319/ @@ -2153,7 +2151,7 @@ 2.4.8 - Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities + Zingiri Web Shop <= 2.4.0 - Multiple XSS Vulnerabilities 18787 48991 @@ -2161,14 +2159,14 @@ XSS - Zingiri Web Shop <= 2.3.5 Cross Site Scripting + Zingiri Web Shop <= 2.3.5 - Cross Site Scripting http://packetstormsecurity.com/files/112684/ XSS - Zingiri Web Shop 2.4.3 Shell Upload + Zingiri Web Shop 2.4.3 - Shell Upload http://packetstormsecurity.com/files/113668/ @@ -2178,7 +2176,7 @@ - Organizer 1.2.1 Cross Site Scripting / Path Disclosure + Organizer 1.2.1 - Cross Site Scripting / Path Disclosure http://packetstormsecurity.com/files/112086/ http://packetstormsecurity.com/files/113800/ @@ -2237,7 +2235,7 @@ - Buddypress <= 1.5.5 SQL Injection + Buddypress <= 1.5.5 - SQL Injection 18690 @@ -2247,7 +2245,7 @@ - Register Plus Redux <= 3.8.3 Cross Site Scripting + Register Plus Redux <= 3.8.3 - Cross Site Scripting http://packetstormsecurity.com/files/111367/ @@ -2257,7 +2255,7 @@ - Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability + Magn WP Drag and Drop <= 1.1.4 - Upload Shell Upload Vulnerability http://packetstormsecurity.com/files/110103/ @@ -2267,7 +2265,7 @@ - Kish Guest Posting 1.0 Arbitrary File Upload + Kish Guest Posting 1.0 - Arbitrary File Upload 18412 @@ -2277,14 +2275,14 @@ - AllWebMenus Shell Upload <= 1.1.9 Shell Upload + AllWebMenus Shell Upload <= 1.1.9 - Shell Upload http://packetstormsecurity.com/files/108946/ RFI - AllWebMenus 1.1.3 Remote File Inclusion + AllWebMenus 1.1.3 - Remote File Inclusion 17861 @@ -2294,7 +2292,7 @@ - Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting + Shortcode Redirect <= 1.0.01 - Stored Cross Site Scripting http://packetstormsecurity.com/files/108914/ @@ -2324,7 +2322,7 @@ - myEASYbackup 1.0.8.1 Directory Traversal + myEASYbackup 1.0.8.1 - Directory Traversal http://packetstormsecurity.com/files/108711/ @@ -2395,7 +2393,7 @@ - Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting + Yousaytoo Auto Publishing <= 1.0 - Cross Site Scripting http://packetstormsecurity.com/files/108470/ @@ -2415,7 +2413,7 @@ - Whois Search <= 1.4.2 Cross Site Scripting + Whois Search <= 1.4.2 - Cross Site Scripting http://packetstormsecurity.com/files/108271/ @@ -2435,7 +2433,7 @@ - Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS) + Disqus Comment System <= 2.68 - Reflected Cross-Site Scripting (XSS) http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/ @@ -2445,7 +2443,7 @@ - Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability + Google reCAPTCHA <= 3.1.3 - Reflected XSS Vulnerability http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html @@ -2496,7 +2494,7 @@ - adminimize 1.7.21 Cross-Site Scripting Vulnerabilities + adminimize 1.7.21 - Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/135 @@ -2506,7 +2504,7 @@ - Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability + Advanced Text Widget <= 2.0.0 - Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/133 @@ -2546,7 +2544,7 @@ - Global Content Blocks <= 1.2 SQL - Injection Vulnerability + Global Content Blocks <= 1.2 - SQL Injection Vulnerability 17687 @@ -2556,7 +2554,7 @@ - Ajax Gallery <= 3.0 SQL - Injection Vulnerability + Ajax Gallery <= 3.0 - SQL Injection Vulnerability 17686 @@ -2566,7 +2564,7 @@ - WP DS FAQ <= 1.3.2 SQL - Injection Vulnerability + WP DS FAQ <= 1.3.2 - SQL Injection Vulnerability 17683 @@ -2576,7 +2574,7 @@ - OdiHost Newsletter <= 1.0 SQL - Injection Vulnerability + OdiHost Newsletter <= 1.0 - SQL Injection Vulnerability 17681 @@ -2629,7 +2627,7 @@ - File Groups <= 1.1.2 SQL Injection Vulnerability + File Groups <= 1.1.2 - SQL Injection Vulnerability 17677 @@ -2639,7 +2637,7 @@ - IP-Logger <= 3.0 SQL Injection Vulnerability + IP-Logger <= 3.0 - SQL Injection Vulnerability 17673 @@ -2649,7 +2647,7 @@ - Beer Recipes v.1.0 XSS + Beer Recipes v.1.0 - XSS 17453 @@ -2659,7 +2657,7 @@ - Is-human <=1.4.2 Remote Command Execution Vulnerability + Is-human <=1.4.2 - Remote Command Execution Vulnerability 17299 @@ -2679,7 +2677,7 @@ - SermonBrowser 0.43 SQL Injection + SermonBrowser 0.43 - SQL Injection 17214 @@ -2689,7 +2687,7 @@ - Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities + Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities 17207 @@ -2699,7 +2697,7 @@ - WP Custom Pages 0.5.0.1 LFI Vulnerability + WP Custom Pages 0.5.0.1 - LFI Vulnerability 17119 @@ -2723,7 +2721,7 @@ XSS - GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities + GRAND Flash Album Gallery 1.9.0 and 2.0.0 - Multiple Vulnerabilities http://packetstormsecurity.com/files/117665/ http://www.waraxe.us/advisory-94.html @@ -2732,21 +2730,21 @@ MULTI - GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities + GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities 16947 MULTI - GRAND Flash Album Gallery <= 1.56 XSS Vulnerability + GRAND Flash Album Gallery <= 1.56 - XSS Vulnerability http://seclists.org/bugtraq/2011/Nov/186 XSS - GRAND Flash Album Gallery <= 1.71 XSS Vulnerability + GRAND Flash Album Gallery <= 1.71 - XSS Vulnerability http://packetstormsecurity.com/files/112704/ @@ -2773,7 +2771,7 @@ - PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit + PHP Speedy <= 0.5.2 - (admin_container.php) Remote Code Exec Exploit 16273 @@ -2783,7 +2781,7 @@ - OPS Old Post Spinner 2.2.1 LFI Vulnerability + OPS Old Post Spinner 2.2.1 - LFI Vulnerability 16251 @@ -2793,7 +2791,7 @@ - jQuery Mega Menu 1.0 Local File Inclusion + jQuery Mega Menu 1.0 - Local File Inclusion 16250 @@ -2803,7 +2801,7 @@ - IWantOneButton 3.0.1 Multiple Vulnerabilities + IWantOneButton 3.0.1 - Multiple Vulnerabilities 16236 @@ -2813,21 +2811,21 @@ - WP Forum Server 1.6.5 SQL Injection Vulnerability + WP Forum Server 1.6.5 - SQL Injection Vulnerability 16235 SQLI - WP Forum Server <= 1.7 SQL Injection Vulnerability + WP Forum Server <= 1.7 - SQL Injection Vulnerability 17828 SQLI - WP Forum Server <= 1.7.3 SQL Injection / XSS Vulnerabilities + WP Forum Server <= 1.7.3 - SQL Injection / XSS Vulnerabilities http://packetstormsecurity.com/files/112703/ @@ -2837,7 +2835,7 @@ - Relevanssi 2.7.2 Stored XSS Vulnerability + Relevanssi 2.7.2 - Stored XSS Vulnerability 16233 @@ -2847,7 +2845,7 @@ - GigPress 2.1.10 Stored XSS Vulnerability + GigPress 2.1.10 - Stored XSS Vulnerability 16232 @@ -2857,24 +2855,30 @@ - Comment Rating 2.9.32 SQL Injection / Bypass + Comment Rating 2.9.32 - Security Bypass Weakness and SQL Injection + 90676 + 24552 + 52348 http://packetstormsecurity.com/files/120569/ MULTI - Comment Rating 2.9.23 Multiple Vulnerabilities + Comment Rating 2.9.23 - Multiple Vulnerabilities + 71044 + 43406 16221 MULTI + 2.9.24 - Z-Vote 1.1 SQL Injection Vulnerability + Z-Vote 1.1 - SQL Injection Vulnerability 16218 @@ -2906,42 +2910,42 @@ - Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection + Mingle Forum <= 1.0.32.1 - Cross Site Scripting / SQL Injection http://packetstormsecurity.com/files/108915/ MULTI - Mingle Forum <= 1.0.31 SQL Injection Vulnerability + Mingle Forum <= 1.0.31 - SQL Injection Vulnerability 17894 SQLI - Mingle Forum <= 1.0.26 Multiple Vulnerabilities + Mingle Forum <= 1.0.26 - Multiple Vulnerabilities 15943 MULTI - Mingle Forum <= 1.0.33 Cross Site Scripting + Mingle Forum <= 1.0.33 - Cross Site Scripting http://packetstormsecurity.com/files/112696/ MULTI - Mingle Forum 1.0.33.3 Multiple Parameter SQL Injection + Mingle Forum 1.0.33.3 - Multiple Parameter SQL Injection 90434 SQLI - Mingle Forum 1.0.35 Privilege Escalation CSRF + Mingle Forum 1.0.35 - Privilege Escalation CSRF 96905 2013-0736 @@ -2953,7 +2957,7 @@ - Accept Signups 0.1 XSS + Accept Signups 0.1 - XSS 15808 @@ -3054,7 +3058,7 @@ MULTI - NextGEN Gallery 1.9.12 Arbitrary File Upload + NextGEN Gallery 1.9.12 - Arbitrary File Upload http://wordpress.org/plugins/nextgen-gallery/changelog/ 94232 @@ -3125,7 +3129,7 @@ - WP-Syntax <= 0.9.1 Remote Command Execution + WP-Syntax <= 0.9.1 - Remote Command Execution 9431 @@ -3135,7 +3139,7 @@ - My Category Order <= 2.8 SQL Injection Vulnerability + My Category Order <= 2.8 - SQL Injection Vulnerability 9150 @@ -3145,7 +3149,7 @@ - Related Sites 2.1 Blind SQL Injection Vulnerability + Related Sites 2.1 - Blind SQL Injection Vulnerability 9054 @@ -3162,14 +3166,14 @@ XSS - DM Albums 1.9.2 Remote File Disclosure Vulnerability + DM Albums 1.9.2 - Remote File Disclosure Vulnerability 9048 LFI - DM Albums 1.9.2 Remote File Inclusion Vuln + DM Albums 1.9.2 - Remote File Inclusion Vuln 9043 @@ -3179,21 +3183,21 @@ - Photoracer 1.0 (id) SQL Injection Vulnerability + Photoracer 1.0 - (id) SQL Injection Vulnerability 8961 SQLI - Photoracer <= 1.0 SQL Injection Vulnerability + Photoracer <= 1.0 - SQL Injection Vulnerability 17720 SQLI - Photoracer <= 1.0 Multiple Vulnerabilities + Photoracer <= 1.0 - Multiple Vulnerabilities 17731 @@ -3213,7 +3217,7 @@ - fMoblog 2.1 (id) SQL Injection Vulnerability + fMoblog 2.1 - (id) SQL Injection Vulnerability 8229 @@ -3223,7 +3227,7 @@ - Page Flip Image Gallery <= 0.2.2 Remote FD Vuln + Page Flip Image Gallery <= 0.2.2 - Remote FD Vuln 50902 2008-5752 @@ -3238,7 +3242,7 @@ - e-Commerce <= 3.4 Arbitrary File Upload Exploit + e-Commerce <= 3.4 - Arbitrary File Upload Exploit 6867 @@ -3248,7 +3252,7 @@ - Download Manager 0.2 Arbitrary File Upload Exploit + Download Manager 0.2 - Arbitrary File Upload Exploit 6127 @@ -3258,7 +3262,7 @@ - Spreadsheet <= 0.6 SQL Injection Vulnerability + Spreadsheet <= 0.6 - SQL Injection Vulnerability 5486 @@ -3278,7 +3282,7 @@ - Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities + Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities 5194 @@ -3298,14 +3302,14 @@ - Simple Forum 2.0-2.1 SQL Injection Vulnerability + Simple Forum 2.0-2.1 - SQL Injection Vulnerability 5126 SQLI - Simple Forum 1.10-1.11 SQL Injection Vulnerability + Simple Forum 1.10-1.11 - SQL Injection Vulnerability 5127 @@ -3342,7 +3346,7 @@ - dmsguestbook 1.7.0 Multiple Remote Vulnerabilities + dmsguestbook 1.7.0 - Multiple Remote Vulnerabilities 5035 @@ -3352,7 +3356,7 @@ - WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit + WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit 5017 @@ -3362,7 +3366,7 @@ - Adserve 0.2 adclick.php SQL Injection Exploit + Adserve 0.2 - adclick.php SQL Injection Exploit 5013 @@ -3382,7 +3386,7 @@ - WP-Cal 0.3 editevent.php SQL Injection Vulnerability + WP-Cal 0.3 - editevent.php SQL Injection Vulnerability 4992 @@ -3392,14 +3396,14 @@ - plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability + plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability 4939 SQLI - plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability + plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability 7738 @@ -3429,7 +3433,7 @@ - PictPress <= 0.91 Remote File Disclosure Vulnerability + PictPress <= 0.91 - Remote File Disclosure Vulnerability 4695 @@ -3449,7 +3453,7 @@ - plugin myflash <= 1.00 (wppath) RFI Vulnerability + plugin myflash <= 1.00 - (wppath) RFI Vulnerability 3828 @@ -3459,7 +3463,7 @@ - plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability + plugin wordTube <= 1.43 - (wpPATH) RFI Vulnerability 3825 @@ -3469,7 +3473,7 @@ - plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability + plugin wp-Table <= 1.43 - (inc_dir) RFI Vulnerability 3824 @@ -3479,7 +3483,7 @@ - myGallery <= 1.4b4 Remote File Inclusion Vulnerability + myGallery <= 1.4b4 - Remote File Inclusion Vulnerability 3814 @@ -3489,7 +3493,7 @@ - SendIt <= 1.5.9 Blind SQL Injection Vulnerability + SendIt <= 1.5.9 - Blind SQL Injection Vulnerability 17716 @@ -3499,7 +3503,7 @@ - Js-appointment <= 1.5 SQL Injection Vulnerability + Js-appointment <= 1.5 - SQL Injection Vulnerability 17724 @@ -3509,14 +3513,14 @@ - MM Forms Community <= 1.2.3 SQL Injection Vulnerability + MM Forms Community <= 1.2.3 - SQL Injection Vulnerability 17725 SQLI - MM Forms Community 2.2.6 Arbitrary File Upload + MM Forms Community 2.2.6 - Arbitrary File Upload 18997 @@ -3526,7 +3530,7 @@ - Super CAPTCHA <= 2.2.4 SQL Injection Vulnerability + Super CAPTCHA <= 2.2.4 - SQL Injection Vulnerability 17728 @@ -3536,7 +3540,7 @@ - Collision Testimonials <= 3.0 SQL Injection Vulnerability + Collision Testimonials <= 3.0 - SQL Injection Vulnerability 17729 @@ -3546,7 +3550,7 @@ - Oqey Headers <= 0.3 SQL Injection Vulnerability + Oqey Headers <= 0.3 - SQL Injection Vulnerability 17730 @@ -3556,7 +3560,7 @@ - Facebook Promotions <= 1.3.3 SQL Injection Vulnerability + Facebook Promotions <= 1.3.3 - SQL Injection Vulnerability 17737 @@ -3566,14 +3570,14 @@ - Evarisk <= 5.1.3.6 SQL Injection Vulnerability + Evarisk <= 5.1.3.6 - SQL Injection Vulnerability 17738 SQLI - Evarisk 5.1.5.4 Shell Upload + Evarisk 5.1.5.4 - Shell Upload http://packetstormsecurity.com/files/113638/ @@ -3583,7 +3587,7 @@ - Profiles <= 2.0 RC1 SQL Injection Vulnerability + Profiles <= 2.0RC1 - SQL Injection Vulnerability 17739 @@ -3593,7 +3597,7 @@ - mySTAT <= 2.6 SQL Injection Vulnerability + mySTAT <= 2.6 - SQL Injection Vulnerability 17740 @@ -3603,7 +3607,7 @@ - SH Slideshow <= 3.1.4 SQL Injection Vulnerability + SH Slideshow <= 3.1.4 - SQL Injection Vulnerability 17748 @@ -3613,7 +3617,7 @@ - iCopyright(R) Article Tools <= 1.1.4 SQL Injection Vulnerability + iCopyright(R) Article Tools <= 1.1.4 - SQL Injection Vulnerability 17749 @@ -3623,7 +3627,7 @@ - Advertizer <= 1.0 SQL Injection Vulnerability + Advertizer <= 1.0 - SQL Injection Vulnerability 17750 @@ -3633,21 +3637,21 @@ - Event Registration <= 5.44 SQL Injection Vulnerability + Event Registration <= 5.44 - SQL Injection Vulnerability 17814 SQLI - Event Registration <= 5.43 SQL Injection Vulnerability + Event Registration <= 5.43 - SQL Injection Vulnerability 17751 SQLI - Event Registration 5.32 SQL Injection Vulnerability + Event Registration 5.32 - SQL Injection Vulnerability 15513 @@ -3657,7 +3661,7 @@ - Craw Rate Tracker <= 2.0.2 SQL Injection Vulnerability + Craw Rate Tracker <= 2.0.2 - SQL Injection Vulnerability 17755 @@ -3667,7 +3671,7 @@ - wp audio gallery playlist <= 0.12 SQL Injection Vulnerability + wp audio gallery playlist <= 0.12 - SQL Injection Vulnerability 17756 @@ -3685,7 +3689,7 @@ 2.6 - yolink Search <= 1.1.4 SQL Injection Vulnerability + yolink Search <= 1.1.4 - SQL Injection Vulnerability 17757 @@ -3695,7 +3699,7 @@ - PureHTML <= 1.0.0 SQL Injection Vulnerability + PureHTML <= 1.0.0 - SQL Injection Vulnerability 17758 @@ -3705,7 +3709,7 @@ - Couponer <= 1.2 SQL Injection Vulnerability + Couponer <= 1.2 - SQL Injection Vulnerability 17759 @@ -3715,7 +3719,7 @@ - grapefile <= 1.1 Arbitrary File Upload + grapefile <= 1.1 - Arbitrary File Upload 17760 @@ -3725,7 +3729,7 @@ - image-gallery-with-slideshow <= 1.5 Arbitrary File Upload / SQL Injection + image-gallery-with-slideshow <= 1.5 - Arbitrary File Upload / SQL Injection 17761 @@ -3735,7 +3739,7 @@ - Donation <= 1.0 SQL Injection Vulnerability + Donation <= 1.0 - SQL Injection Vulnerability 17763 @@ -3745,14 +3749,14 @@ - WP Bannerize <= 2.8.6 SQL Injection Vulnerability + WP Bannerize <= 2.8.6 - SQL Injection Vulnerability 17764 SQLI - WP Bannerize <= 2.8.7 SQL Injection Vulnerability + WP Bannerize <= 2.8.7 - SQL Injection Vulnerability 17906 @@ -3762,7 +3766,7 @@ - SearchAutocomplete <= 1.0.8 SQL Injection Vulnerability + SearchAutocomplete <= 1.0.8 - SQL Injection Vulnerability 17767 @@ -3772,7 +3776,7 @@ - VideoWhisper Video Presentation <= 1.1 SQL Injection Vulnerability + VideoWhisper Video Presentation <= 1.1 - SQL Injection Vulnerability 17771 @@ -3789,7 +3793,7 @@ - Facebook Opengraph Meta <= 1.0 SQL Injection Vulnerability + Facebook Opengraph Meta <= 1.0 - SQL Injection Vulnerability 17773 @@ -3799,7 +3803,7 @@ - Zotpress <= 4.4 SQL Injection Vulnerability + Zotpress <= 4.4 - SQL Injection Vulnerability 17778 @@ -3809,7 +3813,7 @@ - oQey Gallery <= 0.4.8 SQL Injection Vulnerability + oQey Gallery <= 0.4.8 - SQL Injection Vulnerability 17779 @@ -3819,7 +3823,7 @@ - Tweet Old Post <= 3.2.5 SQL Injection Vulnerability + Tweet Old Post <= 3.2.5 - SQL Injection Vulnerability 17789 @@ -3829,7 +3833,7 @@ - post highlights <= 2.2 SQL Injection Vulnerability + post highlights <= 2.2 - SQL Injection Vulnerability 17790 @@ -3839,7 +3843,7 @@ - KNR Author List Widget <= 2.0.0 SQL Injection Vulnerability + KNR Author List Widget <= 2.0.0 - SQL Injection Vulnerability 17791 @@ -3849,7 +3853,7 @@ - SCORM Cloud <= 1.0.6.6 SQL Injection Vulnerability + SCORM Cloud <= 1.0.6.6 - SQL Injection Vulnerability 17793 @@ -3869,7 +3873,7 @@ - Paid Downloads <= 2.01 SQL Injection Vulnerability + Paid Downloads <= 2.01 - SQL Injection Vulnerability 17797 @@ -3879,7 +3883,7 @@ - Community Events <= 1.2.1 SQL Injection Vulnerability + Community Events <= 1.2.1 - SQL Injection Vulnerability 17798 @@ -3889,7 +3893,7 @@ - 1-flash-gallery <= 1.9.0 XSS in ZeroClipboard.swf + 1-flash-gallery <= 1.9.0 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 @@ -3906,7 +3910,7 @@ - WP-Filebase Download Manager <= 0.2.9 SQL Injection Vulnerability + WP-Filebase Download Manager <= 0.2.9 - SQL Injection Vulnerability 17808 @@ -3924,7 +3928,7 @@ - A to Z Category Listing <= 1.3 SQL Injection Vulnerability + A to Z Category Listing <= 1.3 - SQL Injection Vulnerability 17809 @@ -3934,14 +3938,14 @@ - WP e-Commerce <= 3.8.6 SQL Injection Vulnerability + WP e-Commerce <= 3.8.6 - SQL Injection Vulnerability 17832 SQLI - WP-e-Commerce v3.8.9.5 Cross Site Scripting Vulnerability + WP-e-Commerce v3.8.9.5 - Cross Site Scripting Vulnerability http://1337day.com/exploit/20517 @@ -3951,7 +3955,7 @@ - Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability + Filedownload 0.1 - (download.php) Remote File Disclosure Vulnerability 17858 @@ -3961,14 +3965,14 @@ - TheCartPress <= 1.6 Cross Site Sripting + TheCartPress <= 1.6 - Cross Site Sripting http://packetstormsecurity.com/files/108272/ XSS - TheCartPress 1.1.1 Remote File Inclusion + TheCartPress 1.1.1 - Remote File Inclusion 17860 @@ -3978,7 +3982,7 @@ - WPEasyStats 1.8 Remote File Inclusion + WPEasyStats 1.8 - Remote File Inclusion 17862 @@ -3988,7 +3992,7 @@ - Annonces 1.2.0.0 Remote File Inclusion + Annonces 1.2.0.0 - Remote File Inclusion 17863 @@ -3998,7 +4002,7 @@ - Livesig 0.4 Remote File Inclusion + Livesig 0.4 - Remote File Inclusion 17864 @@ -4008,7 +4012,7 @@ - Disclosure Policy 1.0 Remote File Inclusion + Disclosure Policy 1.0 - Remote File Inclusion 17865 @@ -4018,7 +4022,7 @@ - Mailing List 1.3.2 Remote File Inclusion + Mailing List 1.3.2 - Remote File Inclusion 17866 @@ -4036,14 +4040,14 @@ - Zingiri Web Shop 2.2.0 Remote File Inclusion + Zingiri Web Shop 2.2.0 - Remote File Inclusion 17867 RFI - Zingiri Web Shop <= 2.2.3 Remote Code Execution + Zingiri Web Shop <= 2.2.3 - Remote Code Execution 18111 @@ -4053,14 +4057,14 @@ - Mini Mail Dashboard Widget 1.36 Remote File Inclusion + Mini Mail Dashboard Widget 1.36 - Remote File Inclusion 17868 RFI - Mini Mail Dashboard Widget 1.42 Stored XSS + Mini Mail Dashboard Widget 1.42 - Stored XSS 20358 @@ -4070,7 +4074,7 @@ - Relocate Upload 0.14 Remote File Inclusion + Relocate Upload 0.14 - Remote File Inclusion 17869 @@ -4080,7 +4084,7 @@ - Category Grid View Gallery 0.1.1 Shell Upload vulnerability + Category Grid View Gallery 0.1.1 - Shell Upload vulnerability 17872 @@ -4097,7 +4101,7 @@ - Auto Attachments 0.2.9 Shell Upload vulnerability + Auto Attachments 0.2.9 - Shell Upload vulnerability 17872 @@ -4107,7 +4111,7 @@ - WP Marketplace 1.1.0 Shell Upload vulnerability + WP Marketplace 1.1.0 - Shell Upload vulnerability 17872 @@ -4117,7 +4121,7 @@ - DP Thumbnail 1.0 Shell Upload vulnerability + DP Thumbnail 1.0 - Shell Upload vulnerability 17872 @@ -4127,7 +4131,7 @@ - Vk Gallery 1.1.0 Shell Upload vulnerability + Vk Gallery 1.1.0 - Shell Upload vulnerability 17872 @@ -4137,7 +4141,7 @@ - Rekt Slideshow 1.0.5 Shell Upload vulnerability + Rekt Slideshow 1.0.5 - Shell Upload vulnerability 17872 @@ -4147,7 +4151,7 @@ - CAC Featured Content 0.8 Shell Upload vulnerability + CAC Featured Content 0.8 - Shell Upload vulnerability 17872 @@ -4157,7 +4161,7 @@ - Rent A Car 1.0 Shell Upload vulnerability + Rent A Car 1.0 - Shell Upload vulnerability 17872 @@ -4167,7 +4171,7 @@ - LISL Last Image Slider 1.0 Shell Upload vulnerability + LISL Last Image Slider 1.0 - Shell Upload vulnerability 17872 @@ -4177,7 +4181,7 @@ - Islidex 2.7 Shell Upload vulnerability + Islidex 2.7 - Shell Upload vulnerability 17872 @@ -4187,7 +4191,7 @@ - Kino Gallery 1.0 Shell Upload vulnerability + Kino Gallery 1.0 - Shell Upload vulnerability 17872 @@ -4197,7 +4201,7 @@ - Cms Pack 1.3 Shell Upload vulnerability + Cms Pack 1.3 - Shell Upload vulnerability 17872 @@ -4207,7 +4211,7 @@ - A Gallery 0.9 Shell Upload vulnerability + A Gallery 0.9 - Shell Upload vulnerability 17872 @@ -4217,7 +4221,7 @@ - Category List Portfolio Page 0.9 Shell Upload vulnerability + Category List Portfolio Page 0.9 - Shell Upload vulnerability 17872 @@ -4227,7 +4231,7 @@ - Really Easy Slider 0.1 Shell Upload vulnerability + Really Easy Slider 0.1 - Shell Upload vulnerability 17872 @@ -4237,7 +4241,7 @@ - Verve Meta Boxes 1.2.8 Shell Upload vulnerability + Verve Meta Boxes 1.2.8 - Shell Upload vulnerability 17872 @@ -4247,7 +4251,7 @@ - User Avatar 1.3.7 shell upload vulnerability + User Avatar 1.3.7 - shell upload vulnerability 17872 @@ -4257,7 +4261,7 @@ - Extend 1.3.7 Shell Upload vulnerability + Extend 1.3.7 - Shell Upload vulnerability 17872 @@ -4267,14 +4271,14 @@ - AdRotate <= 3.6.5 SQL Injection Vulnerability + AdRotate <= 3.6.5 - SQL Injection Vulnerability http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html SQLI - AdRotate <= 3.6.6 SQL Injection Vulnerability + AdRotate <= 3.6.6 - SQL Injection Vulnerability 18114 @@ -4284,7 +4288,7 @@ - WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability + WP-SpamFree 3.2.1 - Spam SQL Injection Vulnerability 17970 @@ -4294,7 +4298,7 @@ - GD Star Rating Export Security Bypass Security Issue + GD Star Rating - Export Security Bypass Security Issue 49850 @@ -4302,14 +4306,14 @@ 1.9.19 - GD Star Rating <= 1.9.16 Cross Site Scripting + GD Star Rating <= 1.9.16 - Cross Site Scripting http://packetstormsecurity.com/files/112702/ XSS - GD Star Rating <= 1.9.10 SQL Injection + GD Star Rating <= 1.9.10 - SQL Injection 17973 @@ -4319,7 +4323,7 @@ - Contact Form <= 2.7.5 SQL Injection + Contact Form <= 2.7.5 - SQL Injection 17980 @@ -4329,14 +4333,14 @@ - WP Photo Album Plus <= 4.1.1 SQL Injection + WP Photo Album Plus <= 4.1.1 - SQL Injection 17983 SQLI - WP Photo Album Plus <= 4.8.12 wp-photo-album-plus.php wppa-searchstring XSS + WP Photo Album Plus <= 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS 88851 51669 @@ -4413,7 +4417,7 @@ - portable-phpMyAdmin Authentication Bypass + portable-phpMyAdmin - Authentication Bypass 88391 2012-5469 @@ -4427,7 +4431,7 @@ - super-refer-a-friend Full Path Disclosure + super-refer-a-friend - Full Path Disclosure http://1337day.com/exploit/20126 @@ -4473,7 +4477,7 @@ - WP-Super-Cache Remote Code Execution + WP-Super-Cache - Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d @@ -4488,14 +4492,14 @@ - ripe-hd-player 1.0 SQL Injection + ripe-hd-player 1.0 - SQL Injection 24229 SQLI - ripe-hd-player 1.0 Full Path Disclosure + ripe-hd-player 1.0 - Full Path Disclosure 24229 @@ -4505,7 +4509,7 @@ - floating-tweets persistent XSS + floating-tweets persistent - XSS http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ @@ -4524,7 +4528,7 @@ - ipfeuilledechou SQL Injection Vulnerability + ipfeuilledechou - SQL Injection Vulnerability http://www.exploit4arab.com/exploits/377 http://1337day.com/exploits/20206 @@ -4535,7 +4539,7 @@ - Simple Login Log XSS + Simple Login Log - XSS 51780 @@ -5210,7 +5214,7 @@ - wp-table-reloaded <= 1.9.3 XSS in ZeroClipboard.swf + wp-table-reloaded <= 1.9.3 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 @@ -5317,7 +5321,7 @@ - CKEditor 4.0 Arbitrary File Upload Exploit + CKEditor 4.0 - Arbitrary File Upload Exploit http://1337day.com/exploit/20318 @@ -5351,7 +5355,7 @@ - Password Protected 1.4 Login Process redirect_to Parameter Arbitrary Site Redirect + Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect 90559 @@ -5383,7 +5387,7 @@ - Google Alert And Twitter v.3.1.5 XSS Exploit, SQL Injection + Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection http://1337day.com/exploits/20433 @@ -5425,7 +5429,7 @@ - zopim-live-chat <= 1.2.5 XSS in ZeroClipboard + zopim-live-chat <= 1.2.5 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5437,7 +5441,7 @@ - ed2k-link-selector <= 1.1.7 XSS in ZeroClipboard + ed2k-link-selector <= 1.1.7 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5448,7 +5452,7 @@ - wppygments <= 0.3.2 XSS in ZeroClipboard + wppygments <= 0.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5460,7 +5464,7 @@ - copy-in-clipboard <= 0.8 XSS in ZeroClipboard + copy-in-clipboard <= 0.8 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5471,7 +5475,7 @@ - search-and-share <= 0.9.3 XSS in ZeroClipboard + search-and-share <= 0.9.3 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5482,7 +5486,7 @@ - placester <= 0.3.12 XSS in ZeroClipboard + placester <= 0.3.12 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5493,7 +5497,7 @@ - drp-coupon <= 2.1 XSS in ZeroClipboard + drp-coupon <= 2.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5504,7 +5508,7 @@ - coupon-code-plugin <= 2.1 XSS in ZeroClipboard + coupon-code-plugin <= 2.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5515,7 +5519,7 @@ - q2w3-inc-manager <= 2.3.1 XSS in ZeroClipboard + q2w3-inc-manager <= 2.3.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5526,7 +5530,7 @@ - scorerender <= 0.3.4 XSS in ZeroClipboard + scorerender <= 0.3.4 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5537,7 +5541,7 @@ - wp-link-to-us <= 2.0 XSS in ZeroClipboard + wp-link-to-us <= 2.0 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5549,7 +5553,7 @@ - buckets <= 0.1.9.2 XSS in ZeroClipboard + buckets <= 0.1.9.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5561,7 +5565,7 @@ - java-trackback <= 0.2 XSS in ZeroClipboard + java-trackback <= 0.2 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 @@ -5572,7 +5576,7 @@ - slidedeck2 <= 2.1.20130228 XSS in ZeroClipboard + slidedeck2 <= 2.1.20130228 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5584,7 +5588,7 @@ - wp-clone-by-wp-academy <= 2.1.1 XSS in ZeroClipboard + wp-clone-by-wp-academy <= 2.1.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5596,7 +5600,7 @@ - tiny-url <= 1.3.2 XSS in ZeroClipboard + tiny-url <= 1.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5608,7 +5612,7 @@ - thethe-layout-grid <= 1.0.0 XSS in ZeroClipboard. + thethe-layout-grid <= 1.0.0 - XSS in ZeroClipboard. http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5620,7 +5624,7 @@ - paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 XSS in ZeroClipboard + paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5632,7 +5636,7 @@ - mobileview <= 1.0.7 XSS in ZeroClipboard + mobileview <= 1.0.7 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5644,7 +5648,7 @@ - jaspreetchahals-coupons-lite <= 2.1 XSS in ZeroClipboard + jaspreetchahals-coupons-lite <= 2.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5656,7 +5660,7 @@ - geshi-source-colorer <= 0.13 XSS in ZeroClipboard + geshi-source-colorer <= 0.13 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5668,7 +5672,7 @@ - click-to-copy-grab-box <= 0.1.1 XSS in ZeroClipboard + click-to-copy-grab-box <= 0.1.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5680,7 +5684,7 @@ - cleeng <= 2.3.2 XSS in ZeroClipboard + cleeng <= 2.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5692,7 +5696,7 @@ - bp-code-snippets <= 2.0 XSS in ZeroClipboard + bp-code-snippets <= 2.0 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 @@ -5704,7 +5708,7 @@ - snazzy-archives <= 1.7.1 XSS vulnerability + snazzy-archives <= 1.7.1 - XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/10/3 2009-4168 @@ -5889,7 +5893,7 @@ - podPress 8.8.10.13 Cross Site Scripting + podPress 8.8.10.13 - Cross Site Scripting http://packetstormsecurity.com/files/121011/ @@ -6011,7 +6015,7 @@ - background-music 1.0 jPlayer.swf XSS + background-music 1.0 - jPlayer.swf XSS 53057 @@ -6021,7 +6025,7 @@ - haiku-minimalist-audio-player <= 1.0.0 jPlayer.swf XSS + haiku-minimalist-audio-player <= 1.0.0 - jPlayer.swf XSS 51336 @@ -6031,7 +6035,7 @@ - jammer <= 0.2 jPlayer.swf XSS + jammer <= 0.2 - jPlayer.swf XSS 53106 @@ -6052,7 +6056,7 @@ - top-10 CSRF + top-10 - CSRF 53205 @@ -6498,7 +6502,7 @@ - Xorbin Analog Flash Clock 1.0 Flash-based XSS + Xorbin Analog Flash Clock 1.0 - Flash-based XSS http://advisory.prakharprasad.com/xorbin_afc_wp.txt 2013-4692 @@ -6509,7 +6513,7 @@ - Xorbin Digital Flash Clock 1.0 Flash-based XSS + Xorbin Digital Flash Clock 1.0 - Flash-based XSS http://advisory.prakharprasad.com/xorbin_dfc_wp.txt 2013-4693 From 6d4e69050ea219221f71cbc5eab13eb41a22ce04 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 11 Oct 2013 10:22:48 +0200 Subject: [PATCH 6/8] Update theme_vulns.xml --- data/theme_vulns.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml index 0b40a53c..65bdfc3b 100644 --- a/data/theme_vulns.xml +++ b/data/theme_vulns.xml @@ -1686,7 +1686,7 @@ - FPD, XSS and CS vulnerabilities in Slash WP theme + Slash WP - FPD, XSS and CS vulnerabilities http://seclists.org/fulldisclosure/2013/Jun/166 @@ -1696,7 +1696,7 @@ - Persuasion Theme: WP-Pretty Photo DOM XSS + Persuasion - PrettyPhoto DOM XSS http://www.rafayhackingarticles.net/2013/05/kali-linux-dom-based-xss-writeup.html @@ -1706,7 +1706,7 @@ - MORE+ Theme: prettyPhoto XSS Vulnerability + MORE+ - PrettyPhoto XSS Vulnerability 54924 http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0177.html @@ -1719,6 +1719,8 @@ silverOrchid - XSS Vulnerability + 96723 + 54662 http://packetstormsecurity.com/files/122986/ XSS From 8daa1c8c319970f8bfa9a1c32571a72f9593fafc Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 11 Oct 2013 10:38:21 +0200 Subject: [PATCH 7/8] Update plugin_vulns.xml --- data/plugin_vulns.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 2a97bef3..dd4e3279 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7147,7 +7147,6 @@ 96381 54489 - CSRF 1.4.2 From 1cf9983ce7517c1f825b1c41dd7fe1c526ab35ed Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 11 Oct 2013 12:36:12 +0200 Subject: [PATCH 8/8] Update plugin_vulns.xml --- data/plugin_vulns.xml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index dd4e3279..0d15a856 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -7165,4 +7165,27 @@ + + + Simple Flash Video 1.7 - Cross Site Scripting + + http://packetstormsecurity.com/files/123562/ + + XSS + + + + + + Landing Pages - Unspecified SQL Injection + + 98334 + 55192 + http://www.securityfocus.com/bid/62942 + + SQLI + 1.2.3 + + +