From 47f2545a50331db066b1a92dfec8bf59455e1c38 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 6 Nov 2013 11:25:03 +0100
Subject: [PATCH 1/5] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 63 ++++++++++++++++++-------------------------
 1 file changed, 26 insertions(+), 37 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 9293a3c9..b50bbd2f 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -123,8 +123,7 @@
       <title>Crayon Syntax Highlighter - Remote File Inclusion Vulnerability</title>
       <references>
         <secunia>50804</secunia>
-        <url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
-        </url>
+        <url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/</url>
       </references>
       <type>RFI</type>
       <fixed_in>1.13</fixed_in>
@@ -197,9 +196,7 @@
       <title>FireStorm Professional Real Estate - Multiple SQL Injection</title>
       <references>
         <secunia>50873</secunia>
-        <url>
-          http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
-        </url>
+        <url>http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/</url>
       </references>
       <type>SQLI</type>
       <fixed_in>2.06.03</fixed_in>
@@ -290,8 +287,7 @@
         <secunia>50832</secunia>
         <url>http://www.securityfocus.com/bid/57133</url>
         <url>http://packetstormsecurity.com/files/119329/</url>
-        <url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
-        </url>
+        <url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</url>
         <metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
       </references>
       <type>UNKNOWN</type>
@@ -551,9 +547,7 @@
       <title>Asset Manager - upload.php Arbitrary Code Execution</title>
       <references>
         <osvdb>82653</osvdb>
-        <url>
-          http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
-        </url>
+        <url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</url>
         <url>http://packetstormsecurity.com/files/113285/</url>
         <url>http://xforce.iss.net/xforce/xfdb/80823</url>
       </references>
@@ -676,7 +670,7 @@
     <vulnerability>
       <title>powerzoomer - Arbitrary File Upload Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20253</url>
+        <url>http://1337day.com/exploit/20253</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -754,7 +748,7 @@
     <vulnerability>
       <title>wp-3dflick-slideshow - Arbitrary File Upload Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20255</url>
+        <url>http://1337day.com/exploit/20255</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -840,7 +834,7 @@
     <vulnerability>
       <title>wp-homepage-slideshow - Arbitrary File Upload Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20260</url>
+        <url>http://1337day.com/exploit/20260</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -857,7 +851,7 @@
     <vulnerability>
       <title>wp-image-news-slider - Arbitrary File Upload Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20259</url>
+        <url>http://1337day.com/exploit/20259</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -892,7 +886,7 @@
     <vulnerability>
       <title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20250</url>
+        <url>http://1337day.com/exploit/20250</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -919,7 +913,7 @@
     <vulnerability>
       <title>wp-powerplaygallery - Arbitrary File Upload Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20252</url>
+        <url>http://1337day.com/exploit/20252</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -936,7 +930,7 @@
     <vulnerability>
       <title>wp-royal-gallery - Arbitrary File Upload Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20261</url>
+        <url>http://1337day.com/exploit/20261</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -1022,7 +1016,7 @@
     <vulnerability>
       <title>Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities</title>
       <references>
-        <url>http://www.securityfocus.com/bid/60079/info</url>
+        <url>http://www.securityfocus.com/bid/60079</url>
       </references>
       <type>MULTI</type>
     </vulnerability>
@@ -1088,9 +1082,7 @@
     <vulnerability>
       <title>ABtest - Directory Traversal</title>
       <references>
-        <url>
-          http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
-        </url>
+        <url>http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110</url>
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
@@ -2387,7 +2379,7 @@
     <vulnerability>
       <title>WP Cycle Playlist - Multiple Vulnerabilities</title>
       <references>
-        <url>http://1337day.com/exploits/17396</url>
+        <url>http://1337day.com/exploit/17396</url>
       </references>
       <type>MULTI</type>
     </vulnerability>
@@ -2456,7 +2448,7 @@
     <vulnerability>
       <title>WP-AutoYoutube &lt;= 0.1 - Blind SQL Injection Vulnerability</title>
       <references>
-        <url>http://1337day.com/exploits/17368</url>
+        <url>http://1337day.com/exploit/17368</url>
       </references>
       <type>SQLI</type>
     </vulnerability>
@@ -4591,9 +4583,7 @@
       <references>
         <url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
         <url>http://wordpress.org/support/topic/pwn3d</url>
-        <url>
-          http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
-        </url>
+        <url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
         <metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
       </references>
       <type>RCE</type>
@@ -4664,7 +4654,7 @@
       <title>ipfeuilledechou - SQL Injection Vulnerability</title>
       <references>
         <url>http://www.exploit4arab.com/exploits/377</url>
-        <url>http://1337day.com/exploits/20206</url>
+        <url>http://1337day.com/exploit/20206</url>
       </references>
       <type>SQLI</type>
     </vulnerability>
@@ -4771,7 +4761,7 @@
       <title>Developer Formatter - CSRF and XSS Vulnerability</title>
       <references>
         <url>http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt</url>
-        <url>http://1337day.com/exploits/20210</url>
+        <url>http://1337day.com/exploit/20210</url>
         <secunia>51912</secunia>
       </references>
       <type>MULTI</type>
@@ -5299,7 +5289,7 @@
     <vulnerability>
       <title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20251</url>
+        <url>http://1337day.com/exploit/20251</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -5309,7 +5299,7 @@
     <vulnerability>
       <title>accordion - Arbitrary File Upload Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20254</url>
+        <url>http://1337day.com/exploit/20254</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -5319,7 +5309,7 @@
     <vulnerability>
       <title>wp-catpro - Arbitrary File Upload Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20256</url>
+        <url>http://1337day.com/exploit/20256</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -5372,7 +5362,7 @@
     <vulnerability>
       <title>p1m media manager - SQL Injection Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20270</url>
+        <url>http://1337day.com/exploit/20270</url>
       </references>
       <type>SQLI</type>
     </vulnerability>
@@ -5412,7 +5402,7 @@
     <vulnerability>
       <title>ForumConverter - SQL Injection Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20275</url>
+        <url>http://1337day.com/exploit/20275</url>
       </references>
       <type>SQLI</type>
     </vulnerability>
@@ -5422,7 +5412,7 @@
     <vulnerability>
       <title>Newsletter - SQL Injection Vulnerability</title>
       <references>
-        <url>http://www.1337day.com/exploit/20287</url>
+        <url>http://1337day.com/exploit/20287</url>
       </references>
       <type>SQLI</type>
     </vulnerability>
@@ -5542,7 +5532,7 @@
     <vulnerability>
       <title>Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection</title>
       <references>
-        <url>http://1337day.com/exploits/20433</url>
+        <url>http://1337day.com/exploit/20433</url>
       </references>
       <type>MULTI</type>
     </vulnerability>
@@ -5962,8 +5952,7 @@
       <title>WP-Banners-Lite - XSS vulnerability</title>
       <references>
         <url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
-        <url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
-        </url>
+        <url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513</url>
       </references>
       <type>XSS</type>
     </vulnerability>

From 39724afc8140a7ca144a879efd4bbf8d01f62d3a Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 6 Nov 2013 12:37:15 +0100
Subject: [PATCH 2/5] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index b50bbd2f..ea5be5ef 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -5,7 +5,7 @@
 
   <plugin name="content-slide">
     <vulnerability>
-      <title>Content Slide &lt;=1.4.2 - Cross Site Requst Forgery Vulnerability</title>
+      <title>Content Slide &lt;= 1.4.2 - Cross Site Requst Forgery Vulnerability</title>
       <references>
         <osvdb>93871</osvdb>
         <cve>2013-2708</cve>
@@ -151,7 +151,7 @@
 
   <plugin name="thanks-you-counter-button">
     <vulnerability>
-      <title>Thank You Counter Button &lt;=1.8.2 - XSS</title>
+      <title>Thank You Counter Button &lt;= 1.8.2 - XSS</title>
       <references>
         <secunia>50977</secunia>
       </references>
@@ -162,7 +162,7 @@
 
   <plugin name="bookings">
     <vulnerability>
-      <title>Bookings &lt;=1.8.2 - XSS</title>
+      <title>Bookings &lt;= 1.8.2 - XSS</title>
       <references>
         <secunia>50975</secunia>
       </references>
@@ -173,7 +173,7 @@
 
   <plugin name="cimy-user-manager">
     <vulnerability>
-      <title>Cimy User Manager &lt;=1.4.2 - Arbitrary File Disclosure</title>
+      <title>Cimy User Manager &lt;= 1.4.2 - Arbitrary File Disclosure</title>
       <references>
         <secunia>50834</secunia>
         <url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
@@ -205,7 +205,7 @@
 
   <plugin name="wp125">
     <vulnerability>
-      <title>WP125 &lt;=1.4.4 - Multiple XSS</title>
+      <title>WP125 &lt;= 1.4.4 - Multiple XSS</title>
       <references>
         <secunia>50976</secunia>
       </references>
@@ -213,7 +213,7 @@
       <fixed_in>1.4.5</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>WP125 &lt;=1.4.9 - CSRF</title>
+      <title>WP125 &lt;= 1.4.9 - CSRF</title>
       <references>
         <osvdb>92113</osvdb>
         <cve>2013-2700</cve>
@@ -1687,7 +1687,7 @@
 
   <plugin name="wp-property">
     <vulnerability>
-      <title>WP Property &lt;=1.35.0 - Arbitrary File Upload</title>
+      <title>WP Property &lt;= 1.35.0 - Arbitrary File Upload</title>
       <references>
         <exploitdb>18987</exploitdb>
         <exploitdb>23651</exploitdb>
@@ -2731,7 +2731,7 @@
 
   <plugin name="is-human">
     <vulnerability>
-      <title>Is-human &lt;=1.4.2 - Remote Command Execution Vulnerability</title>
+      <title>Is-human &lt;= 1.4.2 - Remote Command Execution Vulnerability</title>
       <references>
         <exploitdb>17299</exploitdb>
       </references>
@@ -6333,7 +6333,7 @@
 
   <plugin name="wp-print-friendly">
     <vulnerability>
-      <title>WP Print Friendly &lt;=0.5.2 - Security Bypass Vulnerability</title>
+      <title>WP Print Friendly &lt;= 0.5.2 - Security Bypass Vulnerability</title>
       <references>
         <osvdb>93243</osvdb>
         <secunia>53371</secunia>

From b6cc3400e84da2227868da56471643b9c759b232 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 6 Nov 2013 13:15:16 +0100
Subject: [PATCH 3/5] Update theme_vulns.xml

---
 data/theme_vulns.xml | 82 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)

diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 27591241..94c6e3d9 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1827,6 +1827,7 @@
         <osvdb>98927</osvdb>
         <exploitdb>29068</exploitdb>
         <url>http://www.securityfocus.com/bid/63306</url>
+        <url>http://1337day.com/exploit/21442</url>
         <url>http://themeforest.net/item/area53-a-responsive-html5-wordpress-theme/2538737</url>
       </references>
       <type>RCE</type>
@@ -1903,6 +1904,7 @@
       <title>Saico - Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>29150</exploitdb>
+        <url>http://1337day.com/exploit/21440</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>
@@ -1928,4 +1930,84 @@
     </vulnerability>
   </theme>
 
+  <theme name="anthology">
+    <vulnerability>
+      <title>Anthology - Remote File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/21460</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="amoveo">
+    <vulnerability>
+      <title>Amoveo - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/21451</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="switchblade">
+    <vulnerability>
+      <title>Switchblade - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/21457</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="magnitudo">
+    <vulnerability>
+      <title>Magnitudo - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/21457</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="ghost">
+    <vulnerability>
+      <title>Ghost - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/21416</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="RightNow">
+    <vulnerability>
+      <title>Right Now - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/21420</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="ColdFusion">
+    <vulnerability>
+      <title>Cold Fusion - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/21431</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="chameleon">
+    <vulnerability>
+      <title>Chameleon - Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/21449</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
 </vulnerabilities>

From 5e6efb4cb7b4364a2b5d7acf05f14fde192defc5 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 6 Nov 2013 15:05:37 +0100
Subject: [PATCH 4/5] Update output.rb

---
 lib/common/models/wp_version/output.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/common/models/wp_version/output.rb b/lib/common/models/wp_version/output.rb
index e9965a32..27a8a0a0 100644
--- a/lib/common/models/wp_version/output.rb
+++ b/lib/common/models/wp_version/output.rb
@@ -10,7 +10,7 @@ class WpVersion < WpItem
 
       unless vulnerabilities.empty?
         puts
-        puts red('[!]') + " We have identified #{vulnerabilities.size} vulnerabilities from the version number:"
+        puts red('[!]') + " Identified #{vulnerabilities.size} vulnerabilities from the version number:"
 
         vulnerabilities.output
       end

From 843f783a7a543a6f93201b9649c0e5a7651ddf58 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 6 Nov 2013 20:12:25 +0100
Subject: [PATCH 5/5] Update output.rb

---
 lib/common/models/wp_version/output.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/common/models/wp_version/output.rb b/lib/common/models/wp_version/output.rb
index 27a8a0a0..1154a295 100644
--- a/lib/common/models/wp_version/output.rb
+++ b/lib/common/models/wp_version/output.rb
@@ -10,7 +10,7 @@ class WpVersion < WpItem
 
       unless vulnerabilities.empty?
         puts
-        puts red('[!]') + " Identified #{vulnerabilities.size} vulnerabilities from the version number:"
+        puts red('[!]') + " #{vulnerabilities.size} vulnerabilities identified from the version number:"
 
         vulnerabilities.output
       end