From 56e96dc97b719bc3ac205db57ab46bbc4c2e1ab2 Mon Sep 17 00:00:00 2001
From: Mark Stanislav <mark.stanislav@gmail.com>
Date: Thu, 13 Dec 2012 14:07:22 -0500
Subject: [PATCH] Addition of an AUTHBYPASS type for plugins that will operate
 without a valid WordPress session and/or adequate privilege, creating a
 vulnerability due to its functionality. Also, added a portable-phpMyAdmin
 vulnerability to the plugin vulnerability listing utilizing the
 aforementioned new type.

---
 data/plugin_vulns.xml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index f6fe969f..4a203491 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -18,7 +18,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 ryandewhurst at gmail
 
   This file contains vulnerabilities associated with WordPress plugins.
-  TYPE = ["SQLI", "MULTI", "REDIRECT", "RCE", "RFI", "LFI", "UPLOAD", "UNKNOWN", "XSS", "CSRF"]
+  TYPE = ["SQLI", "MULTI", "REDIRECT", "RCE", "RFI", "LFI", "UPLOAD", "UNKNOWN", "XSS", "CSRF", "AUTHBYPASS"]
 
   <plugin name="">
     <vulnerability>
@@ -2420,5 +2420,12 @@ File Upload Vulnerability</title>
       <type>RCE</type>
     </vulnerability>
   </plugin>
+  <plugin name="portable-phpmyadmin">
+    <vulnerability>
+      <title>portable-phpMyAdmin &lt; 1.3.1 Authentication Bypass</title>
+      <reference>http://www.exploit-db.com/exploits/23356</reference>
+      <type>AUTHBYPASS</type>
+    </vulnerability>
+  </plugin>
 </vulnerabilities>