Resolve conflicts

data/plugin_vulns.xml

@@ -21,26 +21,29 @@
       <type>LFI</type>
     </vulnerability>
     <vulnerability>
-      <title>UnGallery Arbitrary &lt; 2.1.6 Command Execution</title>
+      <title>UnGallery Arbitrary Command Execution</title>
       <reference>http://secunia.com/advisories/50875/</reference>
       <reference>http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/</reference>
       <type>RCE</type>
+      <fixed_in>2.1.6</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="thanks-you-counter-button">
     <vulnerability>
-      <title>Thank You Counter Button &lt; 1.8.3 XSS</title>
+      <title>Thank You Counter Button XSS</title>
       <reference>http://secunia.com/advisories/50977/</reference>
       <type>XSS</type>
+      <fixed_in>1.8.3</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="bookings">
     <vulnerability>
-      <title>Bookings &lt; 1.8.3 XSS</title>
+      <title>Bookings XSS</title>
       <reference>http://secunia.com/advisories/50975/</reference>
       <type>XSS</type>
+      <fixed_in>1.8.3</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -55,17 +58,19 @@
 
   <plugin name="fs-real-estate-plugin">
     <vulnerability>
-      <title>WordPress FireStorm Professional Real Estate Plugin &lt; 2.06.04 "id" SQL Injection Vulnerability</title>
+      <title>WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability</title>
       <reference>http://secunia.com/advisories/51107/</reference>
       <type>SQLI</type>
+      <fixed_in>2.06.04</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>FireStorm Professional Real Estate Plugin &lt; 2.06.03 Multiple SQL Injection</title>
+      <title>FireStorm Professional Real Estate Plugin Multiple SQL Injection</title>
       <reference>http://secunia.com/advisories/50873/</reference>
       <reference>
         http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
       </reference>
       <type>SQLI</type>
+      <fixed_in>2.06.03</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -123,13 +128,14 @@
 
   <plugin name="google-document-embedder">
     <vulnerability>
-      <title>Google Document Embedder &lt; 2.5.4 Arbitrary File Disclosure</title>
+      <title>Google Document Embedder Arbitrary File Disclosure</title>
       <reference>http://www.exploit-db.com/exploits/23970/</reference>
       <reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
       </reference>
       <reference>http://secunia.com/advisories/50832/</reference>
       <metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
       <type>UNKNOWN</type>
+      <fixed_in>2.5.4</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -211,10 +217,11 @@
 
   <plugin name="levelfourstorefront">
     <vulnerability>
-      <title>Shopping Cart &lt;, 8.1.15 Shell Upload / SQL Injection</title>
+      <title>Shopping Cart Shell Upload / SQL Injection</title>
       <reference>http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt</reference>
       <reference>http://secunia.com/advisories/51690/</reference>
       <type>MULTI</type>
+      <fixed_in>8.1.15</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -454,9 +461,10 @@
       <type>XSS</type>
     </vulnerability>
     <vulnerability>
-      <title>WordPress Carousel Slideshow Plugin &lt; 3.10 Unspecified Vulnerabilities</title>
+      <title>WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities</title>
       <reference>http://secunia.com/advisories/50377/</reference>
       <type>UNKNOWN</type>
+      <fixed_in>3.10</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -517,9 +525,10 @@
       <type>XSS</type>
     </vulnerability>
     <vulnerability>
-      <title>WordPress Image News slider Plugin &lt; 3.4 Unspecified Vulnerabilities</title>
+      <title>WordPress Image News slider Plugin Unspecified Vulnerabilities</title>
       <reference>http://secunia.com/advisories/50390/</reference>
       <type>UNKNOWN</type>
+      <fixed_in>3.4</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -601,11 +610,12 @@
 
   <plugin name="cardoza-ajax-search">
     <vulnerability>
-      <title>Ajax Post Search &lt; 1.3 Sql Injection</title>
+      <title>Ajax Post Search Sql Injection</title>
       <reference>http://seclists.org/bugtraq/2012/Nov/33</reference>
       <reference>http://secunia.com/advisories/51205/</reference>
       <reference>http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html</reference>
       <type>SQLI</type>
+      <fixed_in>1.3</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -769,10 +779,11 @@
 
   <plugin name="backup">
     <vulnerability>
-      <title>Backup Plugin &lt; 2.1 Information Disclosure</title>
+      <title>Backup Plugin Information Disclosure</title>
       <reference>http://www.exploit-db.com/exploits/19524/</reference>
       <reference>http://secunia.com/advisories/50038/</reference>
       <type>UNKNOWN</type>
+      <fixed_in>2.1</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -980,9 +991,10 @@
       <type>AUTHBYPASS</type>
     </vulnerability>
     <vulnerability>
-      <title>WordPress Mac Photo Gallery Plugin &lt; 3.0 Multiple Script Insertion Vulnerabilities</title>
+      <title>WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities</title>
       <reference>http://secunia.com/advisories/49836/</reference>
       <type>XSS</type>
+      <fixed_in>3.0</fixed_in>
     </vulnerability>
     <vulnerability>
       <title>Mac Photo Gallery 2.7 Arbitrary File Upload</title>
@@ -1139,9 +1151,10 @@
       <type>MULTI</type>
     </vulnerability>
     <vulnerability>
-      <title>store-locator-le &lt; 3.8.7 SQL Injection</title>
+      <title>store-locator-le SQL Injection</title>
       <reference>http://secunia.com/advisories/51757/</reference>
       <type>SQLI</type>
+      <fixed_in>3.8.7</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -1433,9 +1446,10 @@
 
   <plugin name="login-with-ajax">
     <vulnerability>
-      <title>Login With Ajax plugin &lt; 3.0.4.1 Cross Site Scripting</title>
+      <title>Login With Ajax plugin Cross Site Scripting</title>
       <reference>http://secunia.com/advisories/49013/</reference>
       <type>XSS</type>
+      <fixed_in>3.0.4.1</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -1462,9 +1476,10 @@
 
   <plugin name="zingiri-web-shop">
     <vulnerability>
-      <title>WordPress Zingiri Web Shop Plugin &lt; 2.4.8 Cookie SQL Injection Vulnerability</title>
+      <title>WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability</title>
       <reference>http://secunia.com/advisories/49398/</reference>
       <type>SQLI</type>
+      <fixed_in>2.4.8</fixed_in>
     </vulnerability>
     <vulnerability>
       <title>Zingiri Web Shop &lt;= 2.4.0 Multiple XSS Vulnerabilities</title>
@@ -1711,9 +1726,10 @@
 
   <plugin name="clickdesk-live-support-chat">
     <vulnerability>
-      <title>Click Desk Live Support Chat &lt; 2.0 Cross Site Scripting Vulnerability</title>
+      <title>Click Desk Live Support Chat Cross Site Scripting Vulnerability</title>
       <reference>http://seclists.org/bugtraq/2011/Nov/148</reference>
       <type>XSS</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -2142,9 +2158,10 @@
       <type>MULTI</type>
     </vulnerability>
     <vulnerability>
-      <title>WP-Cumulus &lt; 1.23 Cross Site Scripting Vulnerabily</title>
+      <title>WP-Cumulus Cross Site Scripting Vulnerabily</title>
       <reference>http://seclists.org/fulldisclosure/2011/Nov/340</reference>
       <type>XSS</type>
+      <fixed_in>1.23</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -2573,9 +2590,10 @@
 
   <plugin name="yolink-search">
     <vulnerability>
-      <title>WordPress yolink Search Plugin &lt; 2.6 "s" Cross-Site Scripting Vulnerability</title>
+      <title>WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability</title>
       <reference>http://secunia.com/advisories/52030/</reference>
       <type>XSS</type>
+      <fixed_in>2.6</fixed_in>
     </vulnerability>
     <vulnerability>
       <title>yolink Search plugin &lt;= 1.1.4 SQL Injection Vulnerability</title>
@@ -2753,9 +2771,10 @@
       <type>SQLI</type>
     </vulnerability>
     <vulnerability>
-      <title>WordPress WP-Filebase Plugin &lt; 0.2.9.25 Unspecified Vulnerabilities</title>
+      <title>WordPress WP-Filebase Plugin Unspecified Vulnerabilities</title>
       <reference>http://secunia.com/advisories/51269/</reference>
       <type>UNKNOWN</type>
+      <fixed_in>0.2.9.25</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -2840,9 +2859,10 @@
       <type>RFI</type>
     </vulnerability>
     <vulnerability>
-      <title>Mailing List &lt; 1.4.1 Arbitrary file download</title>
+      <title>Mailing List Arbitrary file download</title>
       <reference>http://www.exploit-db.com/exploits/18276/</reference>
       <type>UNKNOWN</type>
+      <fixed_in>1.4.1</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3047,9 +3067,10 @@
 
   <plugin name="gd-star-rating">
     <vulnerability>
-      <title>WordPress GD Star Rating Plugin &lt; 1.9.19 Export Security Bypass Security Issue</title>
+      <title>WordPress GD Star Rating Plugin Export Security Bypass Security Issue</title>
       <reference>http://secunia.com/advisories/49850/</reference>
       <type>AUTHBYPASS</type>
+      <fixed_in>1.9.19</fixed_in>
     </vulnerability>
     <vulnerability>
       <title>GD Star Rating plugin &lt;= 1.9.16 Cross Site Scripting</title>
@@ -3083,19 +3104,22 @@
       <type>XSS</type>
     </vulnerability>
     <vulnerability>
-      <title>WP Photo Album Plus &lt; 4.9.1 Full Path Disclosure</title>
+      <title>WP Photo Album Plus Full Path Disclosure</title>
       <reference>http://1337day.com/exploit/20125</reference>
       <type>FPD</type>
+      <fixed_in>4.9.1</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>WP Photo Album Plus &lt; 4.9.3 XSS</title>
+      <title>WP Photo Album Plus XSS</title>
       <reference>http://secunia.com/advisories/51829/</reference>
       <type>XSS</type>
+      <fixed_in>4.9.3</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>WP Photo Album Plus &lt; 4.9.3 XSS</title>
+      <title>WP Photo Album Plus XSS</title>
       <reference>http://secunia.com/advisories/51669/</reference>
       <type>XSS</type>
+      <fixed_in>4.9.3</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3114,46 +3138,51 @@
 
   <plugin name="portable-phpmyadmin">
     <vulnerability>
-      <title>portable-phpMyAdmin &lt; 1.3.1 Authentication Bypass</title>
+      <title>portable-phpMyAdmin Authentication Bypass</title>
       <reference>http://www.exploit-db.com/exploits/23356</reference>
       <reference>http://secunia.com/advisories/51520/</reference>
       <type>AUTHBYPASS</type>
+      <fixed_in>1.3.1</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="super-refer-a-friend">
     <vulnerability>
-      <title>super-refer-a-friend &lt; 1.0 Full Path Disclosure</title>
+      <title>super-refer-a-friend Full Path Disclosure</title>
       <reference>http://1337day.com/exploit/20126</reference>
       <type>FPD</type>
+      <fixed_in>1.0</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="w3-total-cache">
     <vulnerability>
-      <title>W3-Total-Cache 0.9.2.4 (or before) Username and Hash Extract</title>
+      <title>W3-Total-Cache Username and Hash Extract</title>
       <reference>http://seclists.org/fulldisclosure/2012/Dec/242</reference>
       <reference>https://github.com/FireFart/W3TotalCacheExploit</reference>
       <metasploit>auxiliary/gather/wp_w3_total_cache_hash_extract</metasploit>
       <type>UNKNOWN</type>
+      <fixed_in>0.9.2.5</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>W3-Total-Cache &lt; 0.9.2.9 Remote Code Execution</title>
+      <title>W3-Total-Cache Remote Code Execution</title>
       <reference>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</reference>
       <reference>http://wordpress.org/support/topic/pwn3d</reference>
       <reference>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</reference>
       <metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
       <type>RCE</type>
+      <fixed_in>0.9.2.9</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="wp-super-cache">
     <vulnerability>
-      <title>WP-Super-Cache &lt; 1.3.1 Remote Code Execution</title>
+      <title>WP-Super-Cache Remote Code Execution</title>
       <reference>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</reference>
       <reference>http://wordpress.org/support/topic/pwn3d</reference>
       <reference>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</reference>
       <type>RCE</type>
+      <fixed_in>1.3.1</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3196,30 +3225,34 @@
 
   <plugin name="simple-login-log">
     <vulnerability>
-      <title>Simple Login Log Plugin &lt; 0.9.4 XSS</title>
+      <title>Simple Login Log Plugin XSS</title>
       <reference>http://secunia.com/advisories/51780/</reference>
       <type>XSS</type>
+      <fixed_in>0.9.4</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>Simple Login Log Plugin &lt; 0.9.4 SQL Injection</title>
+      <title>Simple Login Log Plugin SQL Injection</title>
       <reference>http://secunia.com/advisories/51780/</reference>
       <type>SQLI</type>
+      <fixed_in>0.9.4</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="wp-slimstat">
     <vulnerability>
-      <title>wp-slimstat &lt; 2.8.5 XSS</title>
+      <title>wp-slimstat XSS</title>
       <reference>http://secunia.com/advisories/51721/</reference>
       <type>XSS</type>
+      <fixed_in>2.8.5</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="browser-rejector">
     <vulnerability>
-      <title>browser-rejector &lt; 2.11 Remote and Local File Inclusion</title>
+      <title>browser-rejector Remote and Local File Inclusion</title>
       <reference>http://secunia.com/advisories/51739/</reference>
       <type>LFI</type>
+      <fixed_in>2.11</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3233,9 +3266,10 @@
 
   <plugin name="cardoza-wordpress-poll">
     <vulnerability>
-      <title>WordPress Poll Plugin &lt; 34.06 Cross-Site Request Forgery Vulnerability</title>
+      <title>WordPress Poll Plugin Cross-Site Request Forgery Vulnerability</title>
       <reference>http://secunia.com/advisories/51925/</reference>
       <type>CSRF</type>
+      <fixed_in>34.06</fixed_in>
     </vulnerability>
     <vulnerability>
       <title>Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin</title>
@@ -3245,9 +3279,10 @@
       <type>SQLI</type>
     </vulnerability>
     <vulnerability>
-      <title>WordPress Poll Plugin &lt; 33.6 Multiple SQL Injection Vulnerabilities</title>
+      <title>WordPress Poll Plugin Multiple SQL Injection Vulnerabilities</title>
       <reference>http://secunia.com/advisories/50910/</reference>
       <type>SQLI</type>
+      <fixed_in>33.6</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3263,26 +3298,29 @@
 
   <plugin name="dvs-custom-notification">
     <vulnerability>
-      <title>WordPress DVS Custom Notification Plugin &lt; 1.0.1 Cross-Site Request Forgery Vulnerability</title>
+      <title>WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability</title>
       <reference>http://secunia.com/advisories/51531/</reference>
       <type>CSRF</type>
+      <fixed_in>1.0.1</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="events-manager">
     <vulnerability>
-      <title>WordPress Events Manager Plugin &lt; 5.3.4 Multiple Cross-Site Scripting Vulnerabilities</title>
+      <title>WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities</title>
       <reference>http://secunia.com/advisories/51869/</reference>
       <type>XSS</type>
+      <fixed_in>5.3.4</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="solvemedia">
     <vulnerability>
-      <title>WordPress SolveMedia &lt; 1.1.1 CSRF Vulnerability</title>
+      <title>WordPress SolveMedia CSRF Vulnerability</title>
       <reference>http://1337day.com/exploit/20222</reference>
       <reference>http://secunia.com/advisories/51927/</reference>
       <type>CSRF</type>
+      <fixed_in>1.1.1</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3328,9 +3366,10 @@
 
   <plugin name="wp-tiger">
     <vulnerability>
-      <title>WordPress vTiger CRM Lead Capture Plugin &lt; 1.1.0 Unspecified Vulnerability</title>
+      <title>WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability</title>
       <reference>http://secunia.com/advisories/51305/</reference>
       <type>UNKNOWN</type>
+      <fixed_in>1.1.0</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3352,18 +3391,20 @@
 
   <plugin name="wysija-newsletters">
     <vulnerability>
-      <title>SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin &lt; 2.2.1</title>
+      <title>SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin</title>
       <reference>https://www.htbridge.com/advisory/HTB23140</reference>
       <reference>http://packetstormsecurity.com/files/120089/wpwysijanl-sql.txt</reference>
       <reference>http://seclists.org/bugtraq/2013/Feb/29</reference>
       <reference>http://cxsecurity.com/issue/WLB-2013020039</reference>
       <type>SQLI</type>
+      <fixed_in>2.2.1</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>WordPress Wysija Newsletters Plugin &lt; 2.1.7 swfupload Cross-Site Scripting Vulnerability</title>
+      <title>WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability</title>
       <reference>http://secunia.com/advisories/51249/</reference>
       <reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
       <type>XSS</type>
+      <fixed_in>2.1.7</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3393,65 +3434,73 @@
 
   <plugin name="form">
     <vulnerability>
-      <title>WordPress Zingiri Form Builder Plugin &lt; 1.2.1 "error" Cross-Site Scripting Vulnerability</title>
+      <title>WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability</title>
       <reference>http://secunia.com/advisories/50983/</reference>
       <type>XSS</type>
+      <fixed_in>1.2.1</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="white-label-cms">
     <vulnerability>
-      <title>WordPress White Label CMS Plugin &lt; 1.5.1 Cross-Site Request Forgery Vulnerability</title>
+      <title>WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability</title>
       <reference>http://secunia.com/advisories/50487/</reference>
       <type>CSRF</type>
+      <fixed_in>1.5.1</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="download-shortcode">
     <vulnerability>
-      <title>Wordpress Download Shortcode Plugin &lt; 0.2.1 "file" Arbitrary File Disclosure Vulnerability</title>
+      <title>Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability</title>
       <reference>http://secunia.com/advisories/50924/</reference>
       <type>LFI</type>
+      <fixed_in>0.2.1</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="crayon-syntax-hightlighter">
     <vulnerability>
-      <title>WordPress Crayon Syntax Highlighter Plugin &lt; 1.13"wp_load" Remote File Inclusion Vulnerability</title>
+      <title>WordPress Crayon Syntax Highlighter Plugin "wp_load" Remote File Inclusion Vulnerability</title>
       <reference>http://secunia.com/advisories/50804/</reference>
       <type>RFI</type>
+      <fixed_in>1.13</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="eshop-magic">
     <vulnerability>
-      <title>WordPress eShop Magic Plugin &lt; 0.2 "file" Arbitrary File Disclosure Vulnerability</title>
+      <title>WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability</title>
       <reference>http://secunia.com/advisories/50933/</reference>
       <type>LFI</type>
+      <fixed_in>0.2</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="pinterest-pin-it-button">
     <vulnerability>
-      <title>WordPress Pinterest "Pin It" Button Lite Plugin &lt; 1.4.0 Multiple Unspecified Vulnerabilities</title>
+      <title>WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities</title>
       <reference>http://secunia.com/advisories/50868/</reference>
       <type>MULTI</type>
+      <fixed_in>1.4.0</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="css-plus">
     <vulnerability>
-      <title>WordPress CSS Plus Plugin &lt; 1.3.2 Unspecified Vulnerabilities</title>
+      <title>WordPress CSS Plus Plugin Unspecified Vulnerabilities</title>
       <reference>http://secunia.com/advisories/50793/</reference>
       <type>UNKNOWN</type>
+      <fixed_in>1.3.2</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="multisite-plugin-manager">
     <vulnerability>
-      <title>WordPress Multisite Plugin Manager Plugin &lt; 3.1.2 Two Cross-Site Scripting Vulnerabilities</title>
+      <title>WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities</title>
       <reference>http://secunia.com/advisories/50762/</reference>
       <type>XSS</type>
+      <fixed_in>3.1.2</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3502,9 +3551,10 @@
       <type>XSS</type>
     </vulnerability>
     <vulnerability>
-      <title>WordPress WP-TopBar Plugin &lt; 4.0.3 Cross-Site Request Forgery Vulnerability</title>
+      <title>WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability</title>
       <reference>http://secunia.com/advisories/50693/</reference>
       <type>CSRF</type>
+      <fixed_in>4.0.3</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3518,25 +3568,28 @@
 
   <plugin name="cloudsafe365-for-wp">
     <vulnerability>
-      <title>WordPress Cloudsafe365 Plugin &lt; 1.47 Multiple Vulnerabilities</title>
+      <title>WordPress Cloudsafe365 Plugin Multiple Vulnerabilities</title>
       <reference>http://secunia.com/advisories/50392/</reference>
       <type>MULTI</type>
+      <fixed_in>1.47</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="vitamin">
     <vulnerability>
-      <title>WordPress Vitamin Plugin &lt; 1.1 Two Arbitrary File Disclosure Vulnerabilities</title>
+      <title>WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities</title>
       <reference>http://secunia.com/advisories/50176/</reference>
       <type>LFI</type>
+      <fixed_in>1.1</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="featured-post-with-thumbnail">
     <vulnerability>
-      <title>WordPress Featured Post with thumbnail Plugin &lt; 1.5 Unspecified timthumb Vulnerability</title>
+      <title>WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability</title>
       <reference>http://secunia.com/advisories/50161/</reference>
       <type>UNKNOWN</type>
+      <fixed_in>1.5</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3550,10 +3603,11 @@
 
   <plugin name="xve-various-embed">
     <vulnerability>
-      <title>WordPress XVE Various Embed Plugin JW Player &lt; 1.0.4 Multiple Cross-Site Scripting Vulnerabilities
+      <title>WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities
       </title>
       <reference>http://secunia.com/advisories/50173/</reference>
       <type>XSS</type>
+      <fixed_in>1.0.4</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3567,41 +3621,46 @@
 
   <plugin name="kau-boys-backend-localization">
     <vulnerability>
-      <title>WordPress Backend Localization Plugin &lt; 2.0 Cross-Site Scripting Vulnerabilities</title>
+      <title>WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities</title>
       <reference>http://secunia.com/advisories/50099/</reference>
       <type>XSS</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="flexi-quote-rotator">
     <vulnerability>
-      <title>WordPress Flexi Quote Rotator Plugin &lt; 0.9.2 Cross-Site Request Forgery and SQL Injection Vulnerabilities</title>
+      <title>WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities</title>
       <reference>http://secunia.com/advisories/49910/</reference>
       <type>MULTI</type>
+      <fixed_in>0.9.2</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="gotmls">
     <vulnerability>
-      <title>WordPress Get Off Malicious Scripts &lt; 1.2.07.20 Cross-Site Scripting Vulnerability</title>
+      <title>WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability</title>
       <reference>http://secunia.com/advisories/50030/</reference>
       <type>XSS</type>
+      <fixed_in>1.2.07.20</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="cimy-user-extra-fields">
     <vulnerability>
-      <title>WordPress Cimy User Extra Fields Plugin &lt; 2.3.9 Arbitrary File Upload Vulnerability</title>
+      <title>WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability</title>
       <reference>http://secunia.com/advisories/49975/</reference>
       <type>UPLOAD</type>
+      <fixed_in>2.3.9</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="nmedia-user-file-uploader">
     <vulnerability>
-      <title>WordPress Nmedia Users File Uploader Plugin &lt; 2.0 Arbitrary File Upload Vulnerability</title>
+      <title>WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability</title>
       <reference>http://secunia.com/advisories/49996/</reference>
       <type>UPLOAD</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3655,9 +3714,10 @@
 
   <plugin name="simple-history">
     <vulnerability>
-      <title>WordPress Simple History Plugin &lt; 1.0.8 RSS Feed "rss_secret" Disclosure Weakness</title>
+      <title>WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness</title>
       <reference>http://secunia.com/advisories/51998/</reference>
       <type>UNKNOWN</type>
+      <fixed_in>1.0.8</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3676,11 +3736,12 @@
       <type>XSS</type>
     </vulnerability>
     <vulnerability>
-      <title>Wordpress wp-table-reloaded plugin &lt; 1.9.4 cross-site scripting in SWF</title>
+      <title>Wordpress wp-table-reloaded plugin cross-site scripting in SWF</title>
       <reference>http://packetstormsecurity.com/files/119968/wptablereloaded-xss.txt</reference>
       <reference>http://secunia.com/advisories/52027/</reference>
       <reference>http://seclists.org/bugtraq/2013/Feb/28</reference>
       <type>XSS</type>
+      <fixed_in>1.9.4</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3710,13 +3771,14 @@
 
   <plugin name="commentluv">
     <vulnerability>
-      <title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin &lt; 2.92.4</title>
+      <title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin</title>
       <reference>https://www.htbridge.com/advisory/HTB23138</reference>
       <reference>http://packetstormsecurity.com/files/120090/wpcommentluv-xss.txt</reference>
       <reference>http://seclists.org/bugtraq/2013/Feb/30</reference>
       <reference>http://cxsecurity.com/issue/WLB-2013020040</reference>
       <reference>http://secunia.com/advisories/52092/</reference>
       <type>XSS</type>
+      <fixed_in>2.92.4</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -3730,18 +3792,20 @@
 
   <plugin name="wp-ecommerce-shop-styling">
     <vulnerability>
-      <title>WordPress WP ecommerce Shop Styling Plugin &lt; 1.8 "dompdf" Remote File Inclusion Vulnerability</title>
+      <title>WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability</title>
       <reference>http://secunia.com/advisories/51707/</reference>
       <type>RFI</type>
+      <fixed_in>1.8</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="audio-player">
     <vulnerability>
-      <title>Wordpress Audio Player Plugin &lt; 2.0.4.6 XSS in SWF</title>
+      <title>Wordpress Audio Player Plugin XSS in SWF</title>
       <reference>http://seclists.org/bugtraq/2013/Feb/35</reference>
       <reference>http://secunia.com/advisories/52083/</reference>
       <type>XSS</type>
+      <fixed_in>2.0.4.6</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -4137,12 +4201,12 @@
 
   <plugin name="open-flash-chart-core-wordpress-plugin">
     <vulnerability>
-      <title>ofc_upload_image.php &lt; 0.5 Arbitrary File Upload Vulnerability</title>
+      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <reference>http://www.exploit-db.com/exploits/24492/</reference>
       <reference>http://secunia.com/advisories/37903</reference>
       <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4140</reference>
       <type>UPLOAD</type>
-      <!--<fixed_in>0.5</fixed_in>-->
+      <fixed_in>0.5</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -4212,65 +4276,68 @@
 
   <plugin name="bigcontact">
     <vulnerability>
-      <title>bigcontact &lt; 1.4.7 SQLI</title>
+      <title>bigcontact SQLI</title>
       <reference>http://plugins.trac.wordpress.org/changeset/689798</reference>
       <type>SQLI</type>
+      <fixed_in>1.4.7</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="drawblog">
     <vulnerability>
-      <title>drawblog &lt; 0.81 CSRF</title>
+      <title>drawblog CSRF</title>
       <reference>http://plugins.trac.wordpress.org/changeset/691178</reference>
       <type>CSRF</type>
+      <fixed_in>0.81</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="social-media-widget">
     <vulnerability>
-      <title>social-media-widget &lt; 4.0.2 malicious code</title>
+      <title>social-media-widget malicious code</title>
       <reference>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</reference>
       <reference>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</reference>
       <type>UNKNOWN</type>
+      <fixed_in>4.0.2</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="facebook-members">
     <vulnerability>
-      <title>facebook-members &lt; 5.0.5 CSRF</title>
+      <title>facebook-members CSRF</title>
       <reference>https://secunia.com/advisories/52962/</reference>
       <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2703</reference>
       <type>CSRF</type>
-      <!--<fixed_in>5.0.5</fixed_in>-->
+      <fixed_in>5.0.5</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="foursquare-checkins">
     <vulnerability>
-      <title>foursquare-checkins &lt; 1.3 CSRF</title>
+      <title>foursquare-checkins CSRF</title>
       <reference>https://secunia.com/advisories/53151/</reference>
       <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2709</reference>
       <type>CSRF</type>
-      <!--<fixed_in>1.3</fixed_in>-->
+      <fixed_in>1.3</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="formidable">
     <vulnerability>
-      <title>formidable Pro &lt; 1.06.09 Unspecified Vulnerabilities</title>
+      <title>formidable Pro Unspecified Vulnerabilities</title>
       <reference>https://secunia.com/advisories/53121/</reference>
       <type>UNKNOWN</type>
-      <!--<fixed_in>1.06.09</fixed_in>-->
+      <fixed_in>1.06.09</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="all-in-one-webmaster">
     <vulnerability>
-      <title>all-in-one-webmaster &lt; 8.2.4 CSRF</title>
+      <title>all-in-one-webmaster CSRF</title>
       <reference>https://secunia.com/advisories/52877/</reference>
       <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2696</reference>
       <type>CSRF</type>
-      <!--<fixed_in>8.2.4</fixed_in>-->
+      <fixed_in>8.2.4</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -4300,29 +4367,29 @@
 
   <plugin name="syntaxhighlighter">
     <vulnerability>
-      <title>syntaxhighlighter &lt; 3.1.6 clipboard.swf XSS</title>
+      <title>syntaxhighlighter clipboard.swf XSS</title>
       <reference>https://secunia.com/advisories/53235/</reference>
       <type>XSS</type>
-      <!--<fixed_in>3.1.6</fixed_in>-->
+      <fixed_in>3.1.6</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="top-10">
     <vulnerability>
-      <title>top-10 &lt; 1.9.3 CSRF</title>
+      <title>top-10 CSRF</title>
       <reference>https://secunia.com/advisories/53205/</reference>
       <type>CSRF</type>
-      <!--<fixed_in>1.9.3</fixed_in>-->
+      <fixed_in>1.9.3</fixed_in>
     </vulnerability>
   </plugin>
 
   <plugin name="easy-adsense-lite">
     <vulnerability>
-      <title>easy-adsense-lite &lt; 6.20 CSRF</title>
+      <title>easy-adsense-lite CSRF</title>
       <reference>https://secunia.com/advisories/52953/</reference>
       <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2702</reference>
       <type>CSRF</type>
-      <!--<fixed_in>6.20</fixed_in>-->
+      <fixed_in>6.20</fixed_in>
     </vulnerability>
   </plugin>
 

data/vuln.xsd

@@ -51,6 +51,7 @@
       <xs:element name="reference" type="uritype" maxOccurs="unbounded" minOccurs="1"/>
       <xs:element name="metasploit" type="stringtype" maxOccurs="unbounded" minOccurs="0"/>
       <xs:element name="type" type="typetype"/>
+      <xs:element name="fixed_in" type="stringtype" minOccurs="0" maxOccurs="1"/>
     </xs:sequence>
   </xs:complexType>
 

lib/common/models/vulnerability.rb

@@ -5,20 +5,22 @@ require 'vulnerability/output'
 class Vulnerability
   include Vulnerability::Output
 
-  attr_accessor :title, :references, :type, :metasploit_modules
+  attr_accessor :title, :references, :type, :fixed_in, :metasploit_modules
 
   #
   # @param [ String ] title The title of the vulnerability
   # @param [ String ] type  The type of the vulnerability
   # @param [ Array ] references References urls
   # @param [ Array ] metasploit_modules Metasploit modules for the vulnerability
+	# @param [ String ] fixed_in  Vuln fixed in Version X
   #
   # @return [ Vulnerability ]
-  def initialize(title, type, references, metasploit_modules = [])
+  def initialize(title, type, references, metasploit_modules = [], fixed_in = '')
     @title              = title
     @type               = type
     @references         = references
     @metasploit_modules = metasploit_modules
+    @fixed_in						= fixed_in
   end
 
   # @param [ Vulnerability ] other
@@ -26,7 +28,11 @@ class Vulnerability
   # @return [ Boolean ]
   # :nocov:
   def ==(other)
-    title == other.title && type == other.type && references == other.references
+    title == other.title &&
+        type == other.type &&
+        references == other.references &&
+        fixed_in == other.fixed_in &&
+        metasploit_modules == other.metasploit_modules
   end
   # :nocov:
 
@@ -40,7 +46,8 @@ class Vulnerability
       xml_node.search('title').text,
       xml_node.search('type').text,
       xml_node.search('reference').map(&:text),
-      xml_node.search('metasploit').map(&:text)
+      xml_node.search('metasploit').map(&:text),
+      xml_node.search('fixed_in').text
     )
   end
 

lib/common/models/wp_item/versionable.rb

@@ -10,8 +10,11 @@ class WpItem
     # @return [ String ] The version number
     def version
       unless @version
-        response = Browser.get(readme_url)
+        # This check is needed because readme_url can return nil
-        @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
+        if has_readme?
+          response = Browser.get(readme_url)
+          @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
+        end
       end
       @version
     end

lib/common/models/wp_item/vulnerable.rb

@@ -5,6 +5,7 @@ class WpItem
     attr_accessor :vulns_file, :vulns_xpath
 
     # Get the vulnerabilities associated to the WpItem
+    # Filters out already fixed vulnerabilities
     #
     # @return [ Vulnerabilities ]
     def vulnerabilities
@@ -12,10 +13,29 @@ class WpItem
       vulnerabilities = Vulnerabilities.new
 
       xml.xpath(vulns_xpath).each do |node|
-        vulnerabilities << Vulnerability.load_from_xml_node(node)
+        vuln = Vulnerability.load_from_xml_node(node)
+        if vulnerable_to?(vuln)
+          vulnerabilities << vuln
+        end
       end
       vulnerabilities
     end
+
+    # Checks if a item is vulnerable to a specific vulnerability
+    #
+    # @param [ Vulnerability ] vuln Vulnerability to check the item against
+    #
+    # @return [ Boolean ]
+    def vulnerable_to?(vuln)
+      if version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
+        unless VersionCompare::is_newer_or_same?(vuln.fixed_in, version)
+          return true
+        end
+      else
+        return true
+      end
+      return false
+    end
   end
 
 end

lib/common/version_compare.rb

@@ -0,0 +1,26 @@
+# encoding: UTF-8
+
+class VersionCompare
+
+  # Compares two version strings. Returns true if version1 is equal to version2
+  # or when version1 is older than version2
+  #
+  # @param [ String ] version1
+  # @param [ String ] version2
+  #
+  # @return [ Boolean ]
+  def self.is_newer_or_same?(version1, version2)
+    return true if (version1 == version2)
+    # Both versions must be set
+    return false unless (version1 and version2)
+    return false if (version1.empty? or version2.empty?)
+    begin
+      return true if (Gem::Version.new(version1) < Gem::Version.new(version2))
+    rescue ArgumentError => e
+      # Example: ArgumentError: Malformed version number string a
+      return false if e.message =~ /Malformed version number string/
+      raise
+    end
+    return false
+	end
+end

spec/lib/common/models/vulnerability_spec.rb

@@ -5,24 +5,35 @@ require 'spec_helper'
 describe Vulnerability do
 
   describe '#new' do
-    subject(:vulnerability) { Vulnerability.new(title, type, references, modules) }
+    subject(:vulnerability) { Vulnerability.new(title, type, references, modules, fixed_version) }
     let(:title)             { 'A vulnerability title' }
     let(:type)              { 'XSS' }
     let(:references)        { %w{http://ref1.com http://ref2.com} }
 
-    context 'w/o metasploit modules argument' do
+    context 'w/o metasploit and fixed version modules argument' do
       subject(:vulnerability) { Vulnerability.new(title, type, references) }
 
       its(:title)              { should be title }
       its(:references)         { should be references }
       its(:type)               { should be type }
       its(:metasploit_modules) { should be_empty }
+      its(:fixed_in)           { should be_empty }
     end
 
     context 'with metasploit modules argument' do
+      subject(:vulnerability) { Vulnerability.new(title, type, references, modules) }
       let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
 
       its(:metasploit_modules) { should be modules }
+      its(:fixed_in)           { should be_empty }
+    end
+
+    context 'with metasploit modules and fixed version argument' do
+      let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
+      let(:fixed_version)  { '1.0' }
+
+      its(:metasploit_modules) { should be modules }
+      its(:fixed_in) { should == '1.0' }
     end
   end
 
@@ -36,6 +47,7 @@ describe Vulnerability do
     its(:type)               { should == 'CSRF' }
     its(:references)         { should == ['Ref 1', 'Ref 2'] }
     its(:metasploit_modules) { should == %w{exploit/ex1} }
+    its(:fixed_in)           { should == '1.0'}
   end
 
 end

spec/lib/common/version_compare_spec.rb

@@ -0,0 +1,109 @@
+# encoding: UTF-8
+
+require 'spec_helper'
+
+describe 'VersionCompare' do
+  describe '::is_newer_or_same?' do
+    context 'version checked is newer' do
+      after { VersionCompare::is_newer_or_same?(@version1, @version2).should be_true }
+
+      it 'returns true' do
+        @version1 = '1.0'
+        @version2 = '2.0'
+      end
+
+      it 'returns true' do
+        @version1 = '1.0'
+        @version2 = '1.1'
+      end
+
+      it 'returns true' do
+        @version1 = '1.0a'
+        @version2 = '1.0b'
+      end
+
+      it 'returns true' do
+        @version1 = '1.0'
+        @version2 = '5000000'
+      end
+
+      it 'returns true' do
+        @version1 = '0'
+        @version2 = '1'
+      end
+    end
+
+    context 'version checked is older' do
+      after { VersionCompare::is_newer_or_same?(@version1, @version2).should be_false }
+
+      it 'returns false' do
+        @version1 = '1'
+        @version2 = '0'
+      end
+
+      it 'returns false' do
+        @version1 = '1.0'
+        @version2 = '0.5'
+      end
+
+      it 'returns false' do
+        @version1 = '500000'
+        @version2 = '1'
+      end
+
+      it 'returns false' do
+        @version1 = '1.6.3.7.3.4'
+        @version2 = '1.2.4.567.679.8.e'
+      end
+    end
+
+    context 'version checked is the same' do
+      after { VersionCompare::is_newer_or_same?(@version1, @version2).should be_true }
+
+      it 'returns true' do
+        @version1 = '1'
+        @version2 = '1'
+      end
+
+      it 'returns true' do
+        @version1 = 'a'
+        @version2 = 'a'
+      end
+
+    end
+
+    context 'version number causes Gem::Version new Exception' do
+      after { VersionCompare::is_newer_or_same?(@version1, @version2).should be_false }
+
+      it 'returns false' do
+        @version1 = 'a'
+        @version2 = 'b'
+      end
+    end
+
+    context 'one version number is not set' do
+      after { VersionCompare::is_newer_or_same?(@version1, @version2).should be_false }
+
+      it 'returns false (version2 nil)' do
+        @version1 = '1'
+        @version2 = nil
+      end
+
+      it 'returns false (version1 nil)' do
+        @version1 = nil
+        @version2 = '1'
+      end
+
+      it 'returns false (version2 empty)' do
+        @version1 = '1'
+        @version2 = ''
+      end
+
+      it 'returns false (version1 empty)' do
+        @version1 = ''
+        @version2 = '1'
+      end
+    end
+
+  end
+end

spec/samples/common/models/vulnerability/xml_node.xml

@@ -4,4 +4,5 @@
   <reference>Ref 2</reference>
   <type>CSRF</type>
   <metasploit>exploit/ex1</metasploit>
+  <fixed_in>1.0</fixed_in>
 </vulnerability>

spec/shared_examples/wp_item_vulnerable.rb

@@ -12,6 +12,11 @@ shared_examples 'WpItem::Vulnerable' do
   describe '#vulnerabilities' do
     let(:empty_file) { MODELS_FIXTURES + '/wp_item/vulnerable/empty.xml' }
 
+    before do
+      stub_request(:get, /.*\/readme\.txt/i)
+      stub_request(:get, /.*\/style\.css/i)
+    end
+
     after do
       subject.vulns_file  = @vulns_file
       subject.vulns_xpath = vulns_xpath if defined?(vulns_xpath)
@@ -34,4 +39,54 @@ shared_examples 'WpItem::Vulnerable' do
     end
   end
 
+  describe '#vulnerable_to?' do
+    let(:version_orig) { '1.5.6' }
+    let(:version_newer) { '1.6' }
+    let(:version_older) { '1.0' }
+    let(:newer) { Vulnerability.new('Newer', 'XSS', ['ref'], nil, version_newer) }
+    let(:older) { Vulnerability.new('Older', 'XSS', ['ref'], nil, version_older) }
+    let(:same) { Vulnerability.new('Same', 'XSS', ['ref'], nil, version_orig) }
+    let(:no_fixed_info) { Vulnerability.new('Same', 'XSS', ['ref'], nil, nil) }
+
+    before do
+      stub_request(:get, /.*\/readme\.txt/i).to_return(status: 200, body: "Stable Tag: #{version_orig}")
+      stub_request(:get, /.*\/style\.css/i).to_return(status: 200, body: "Version: #{version_orig}")
+    end
+
+    context 'check basic version comparing' do
+      it 'returns true because checked version is newer' do
+        subject.version.should == version_orig
+        subject.vulnerable_to?(newer).should be_true
+      end
+
+      it 'returns false because checked version is older' do
+        subject.version.should == version_orig
+        subject.vulnerable_to?(older).should be_false
+      end
+
+      it 'returns false because checked version is the fixed version' do
+        subject.version.should == version_orig
+        subject.vulnerable_to?(same).should be_false
+      end
+
+      it 'returns true because no fixed_in version is provided' do
+        subject.version.should == version_orig
+        subject.vulnerable_to?(no_fixed_info).should be_true
+      end
+    end
+
+    context 'no version found in wp_item' do
+      before do
+        stub_request(:get, /.*\/readme\.txt/i).to_return(status: 404)
+        stub_request(:get, /.*\/style\.css/i).to_return(status: 404)
+      end
+
+      it 'returns true because no version can be detected' do
+        subject.vulnerable_to?(newer).should be_true
+        subject.vulnerable_to?(older).should be_true
+        subject.vulnerable_to?(same).should be_true
+      end
+    end
+  end
+
 end