diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index dc3ab21c..b1d97efd 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -1833,7 +1833,6 @@
Wp-ImageZoom - zoom.php id Parameter SQL Injection
87870
- http://packetstormsecurity.com/files/118371/
http://www.securityfocus.com/bid/56691
http://xforce.iss.net/xforce/xfdb/80285
@@ -2451,7 +2450,7 @@
WP Easy Gallery <= 2.7 - CSRF
49190
- http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery
+ https://plugins.trac.wordpress.org/changeset?reponame=&old=669527@wp-easy-gallery&new=669527@wp-easy-gallery
CSRF
2.7.3
@@ -7892,7 +7891,7 @@
Social Media Widget - malicious code
- http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk
+ https://plugins.trac.wordpress.org/changeset?reponame=&old=691839@social-media-widget/trunk&new=693941@social-media-widget/trunk
http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
UNKNOWN
@@ -8721,7 +8720,6 @@
SexyBookmarks - Setting Manipulation CSRF
- http://wordpress.org/plugins/sexybookmarks/changelog/
95908
2013-3256
53138
diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 9c6133e9..718d4ebe 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1947,7 +1947,7 @@
Xss In wordpress ambience theme
- http://packetstorm.igor.onlinedirect.bg/1306-exploits/wpambience-xss.txt
+ http://www.websecuritywatch.com/wordpress-ambience-xss/
XSS
diff --git a/lib/wpstools/plugins/checker/checker_plugin.rb b/lib/wpstools/plugins/checker/checker_plugin.rb
index 58615fea..67f6b531 100644
--- a/lib/wpstools/plugins/checker/checker_plugin.rb
+++ b/lib/wpstools/plugins/checker/checker_plugin.rb
@@ -32,10 +32,12 @@ class CheckerPlugin < Plugin
xml = xml(vuln_ref_file)
urls = []
- xml.xpath('//reference').each { |node| urls << node.text }
+ xml.xpath('//references/url').each { |node| urls << node.text }
urls.uniq!
+ puts "[!] No URLs found in #{vuln_ref_file}!" if urls.empty?
+
dead_urls = []
queue_count = 0
request_count = 0