diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index e28701ef..b68c9ef5 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -869,6 +869,16 @@
+
+
+ Image Resizer - Cross Site Scripting
+
+ http://packetstormsecurity.com/files/123651/
+
+ XSS
+
+
+
wp-levoslideshow - Arbitrary File Upload Vulnerability
@@ -4774,13 +4784,20 @@
- WooCommerce - index.php calc_shipping_state Parameter XSS
+ WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS
95480
XSS
2.0.13
+
+ WooCommerce 2.0.17 - Cross Site Scripting
+
+ http://packetstormsecurity.com/files/123684/
+
+ XSS
+
@@ -6500,11 +6517,23 @@
- AntiVirus - FPD and Security bypass vulnerabilities
+ AntiVirus 1.0 - PHP Backdoor Detection Bypass
+ 95134
+ http://packetstormsecurity.com/files/121833/
http://seclists.org/fulldisclosure/2013/Jun/0
- MULTI
+ UNKNOWN
+
+
+ AntiVirus 1.0 - uninstall.php Direct Request Path Disclosure
+
+ 95135
+ http://packetstormsecurity.com/files/121833/
+ http://seclists.org/fulldisclosure/2013/Jun/0
+
+ FPD
+ 1.1
@@ -6859,16 +6888,17 @@
- All in One SEO Pack <= 2.3.0 - XSS Vulnerability
+ All in One SEO Pack <= 2.0.3 - XSS Vulnerability
98023
2013-5988
http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html
http://packetstormsecurity.com/files/123490/
http://www.securityfocus.com/bid/62784
+ http://seclists.org/bugtraq/2013/Oct/8
55133
- 2.3.0.1
+ 2.0.3.1
XSS
@@ -6990,8 +7020,9 @@
- NOSpamPTI 2.1 - Blind SQL Injection
+ NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection
+ 97528
28485
2013-5917
http://packetstormsecurity.com/files/123331/
@@ -7101,6 +7132,18 @@
+
+
+ Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS
+
+ 98715
+ 55292
+ http://packetstormsecurity.com/files/123662/
+
+ XSS
+
+
+
Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability
@@ -7252,6 +7295,7 @@
2013-5977
28959
55265
+ http://packetstormsecurity.com/files/123587/
CSRF
1.5.1.15
@@ -7262,6 +7306,7 @@
98353
2013-5978
28959
+ http://packetstormsecurity.com/files/123587/
XSS
1.5.1.15
@@ -7352,4 +7397,75 @@
+
+
+ Finalist - /wp-content/plugins/finalist/vote.php id Parameter Reflected XSS
+
+ 98665
+ http://packetstormsecurity.com/files/123597/
+
+ XSS
+
+
+
+
+
+ Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS
+
+ 98668
+ 55296
+ 28970
+ http://www.securityfocus.com/bid/63021
+
+ XSS
+
+
+
+
+
+ Video Metabox 1.1 - Persistent XSS Vulnerability Disclosure
+
+ 98641
+ 55257
+ http://www.securityfocus.com/bid/63172
+ http://securityundefined.com/wordpress-video-metabox-plugin-persistent-xss-vulnerability-disclosure/
+
+ XSS
+ 1.1.1
+
+
+
+
+
+ Wordpress - wp-realty - MySQL Time Based Injection
+
+ 29021
+ http://www.exploit-db.com/exploits/29021/
+
+ SQLI
+
+
+
+
+
+ Feed - news_dt.php nid Parameter SQL Injection
+
+ 94804
+
+ SQLI
+
+
+
+
+
+ Social Sharing Toolkit 2.2.1 - Setting Manipulation CSRF
+
+ 98717
+ 2013-2701
+ 52951
+
+ CSRF
+
+
+
diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 7270face..85bbfb33 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1729,4 +1729,16 @@
+
+
+ Caulk - path disclosure vulnerability.
+
+ 96723
+ 54662
+ http://packetstormsecurity.com/files/120632/
+
+ FPD
+
+
+
diff --git a/lib/common/collections/wp_plugins/detectable.rb b/lib/common/collections/wp_plugins/detectable.rb
index 1c8a5df2..5a3e0ef9 100644
--- a/lib/common/collections/wp_plugins/detectable.rb
+++ b/lib/common/collections/wp_plugins/detectable.rb
@@ -64,6 +64,10 @@ class WpPlugins < WpItems
wp_plugins.add('wp-super-cache') if body =~ /wp-super-cache/i
wp_plugins.add('w3-total-cache') if body =~ /w3 total cache/i
+ if body =~ /'
+ expected.add('all-in-one-seo-pack', version: '2.0.3.1')
+ end
+ end
+ end
end
describe '::passive_detection' do