Merge pull request #318 from pvdl/master

Update WordPress Vulnerabilities
2013-10-14 11:20:56 -07:00
parent 83f9312b35 587f6adaa1
commit 6ad0f0f08d
2 changed files with 16 additions and 3 deletions
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -2111,6 +2111,8 @@
    <vulnerability>
      <title>Login With Ajax - Cross-Site Request Forgery Vulnerability</title>
      <references>
+        <osvdb>93031</osvdb>
+        <cve>2013-2707</cve>
        <secunia>52950</secunia>
      </references>
      <type>CSRF</type>
@@ -2607,6 +2609,7 @@
    <vulnerability>
      <title>WP Symposium &lt;= 12.12 - Multiple SQL Injection Vulnerabilities</title>
      <references>
+        <osvdb>89455</osvdb>
        <secunia>50674</secunia>
        <url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
      </references>
@@ -4609,6 +4612,8 @@
    <vulnerability>
      <title>Cardoza Wordpress poll - Cross-Site Request Forgery Vulnerability</title>
      <references>
+        <osvdb>89443</osvdb>
+        <cve>2013-1401</cve>
        <secunia>51925</secunia>
      </references>
      <type>CSRF</type>
@@ -4649,6 +4654,8 @@
    <vulnerability>
      <title>DVS Custom Notification - Cross-Site Request Forgery Vulnerability</title>
      <references>
+        <osvdb>89441</osvdb>
+        <cve>2012-4921</cve>
        <secunia>51531</secunia>
      </references>
      <type>CSRF</type>
@@ -6073,10 +6080,11 @@

  <plugin name="easy-adsense-lite">
    <vulnerability>
-      <title>easy-adsense-lite - CSRF</title>
+      <title>easy-adsense-lite 6.06 - CSRF</title>
      <references>
-        <secunia>52953</secunia>
+        <osvdb>92910</osvdb>
        <cve>2013-2702</cve>
+        <secunia>52953</secunia>
      </references>
      <type>CSRF</type>
      <fixed_in>6.10</fixed_in>
@@ -7206,6 +7214,8 @@
      <references>
        <osvdb>98352</osvdb>
        <cve>2013-5977</cve>
+        <exploitdb>28959</exploitdb>
+        <secunia>55265</secunia>
      </references>
      <type>CSRF</type>
      <fixed_in>1.5.1.15</fixed_in>
@@ -7215,6 +7225,7 @@
      <references>
        <osvdb>98353</osvdb>
        <cve>2013-5978</cve>
+        <exploitdb>28959</exploitdb>
      </references>
      <type>XSS</type>
      <fixed_in>1.5.1.15</fixed_in>
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1573,8 +1573,10 @@

  <theme name="pinboard">
    <vulnerability>
-      <title>Wordpress theme pinboard 1.0.6 XSS</title>
+      <title>pinboard 1.0.6 - includes/theme-options.php tab Parameter XSS</title>
      <references>
+        <osvdb>90070</osvdb>
+        <cve>2013-0286</cve>
        <secunia>52079</secunia>
        <url>http://seclists.org/oss-sec/2013/q1/274</url>
        <url>http://cxsecurity.com/issue/WLB-2013020062</url>