Merge pull request #364 from pvdl/vulns
Update WordPress Vulnerabilities
This commit is contained in:
Ryan Dewhurst
@@ -995,12 +995,15 @@
|
||||
|
||||
<plugin name="answer-my-question">
|
||||
<vulnerability>
|
||||
<title>Answer My Question 1.1 - Multiple XSS</title>
|
||||
<title>Answer My Question 1.1 - record_question.php Multiple Parameter XSS</title>
|
||||
<references>
|
||||
<url>http://www.securityfocus.com/archive/1/524625/30/0/threaded</url>
|
||||
<osvdb>85567</osvdb>
|
||||
<secunia>50655</secunia>
|
||||
<url>http://www.securityfocus.com/archive/1/524625/30/0/threaded</url>
|
||||
<url>http://seclists.org/bugtraq/2012/Nov/24</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
<fixed_in>1.2</fixed_in>
|
||||
</vulnerability>
|
||||
</plugin>
|
||||
|
||||
@@ -5120,9 +5123,11 @@
|
||||
|
||||
<plugin name="notices">
|
||||
<vulnerability>
|
||||
<title>Notices Ticker - Cross-Site Request Forgery Vulnerability</title>
|
||||
<title>Notices Ticker 5.0 - Cross-Site Request Forgery Vulnerability</title>
|
||||
<references>
|
||||
<osvdb>85729</osvdb>
|
||||
<secunia>50717</secunia>
|
||||
<url>http://packetstormsecurity.org/files/116774/</url>
|
||||
</references>
|
||||
<type>CSRF</type>
|
||||
</vulnerability>
|
||||
@@ -5130,9 +5135,12 @@
|
||||
|
||||
<plugin name="mf-gig-calendar">
|
||||
<vulnerability>
|
||||
<title>MF Gig Calendar - URL Cross-Site Scripting Vulnerability</title>
|
||||
<title>MF Gig Calendar 0.9.4.1 - URL Cross-Site Scripting Vulnerability</title>
|
||||
<references>
|
||||
<osvdb>85682</osvdb>
|
||||
<cve>2012-4242</cve>
|
||||
<secunia>50571</secunia>
|
||||
<url>http://packetstormsecurity.org/files/116713/</url>
|
||||
</references>
|
||||
<type>XSS</type>
|
||||
</vulnerability>
|
||||
|
||||
@@ -80,54 +80,92 @@
|
||||
|
||||
<theme name="vithy">
|
||||
<vulnerability>
|
||||
<title>vithy Full Path Disclosure vulnerability</title>
|
||||
<title>vithy - Full Path Disclosure vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20040</url>
|
||||
</references>
|
||||
<type>FPD</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>vithy - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/19830</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
</theme>
|
||||
|
||||
<theme name="appius">
|
||||
<vulnerability>
|
||||
<title>appius Full Path Disclosure vulnerability</title>
|
||||
<title>appius - Full Path Disclosure vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20039</url>
|
||||
</references>
|
||||
<type>FPD</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>appius - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/19831</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
</theme>
|
||||
|
||||
<theme name="yvora">
|
||||
<vulnerability>
|
||||
<title>yvora Full Path Disclosure vulnerability</title>
|
||||
<title>yvora - Full Path Disclosure vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20038</url>
|
||||
</references>
|
||||
<type>FPD</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>yvora - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/19834</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
</theme>
|
||||
|
||||
<theme name="shotzz">
|
||||
<vulnerability>
|
||||
<title>shotzz Full Path Disclosure vulnerability</title>
|
||||
<title>Shotzz - Full Path Disclosure vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20041</url>
|
||||
</references>
|
||||
<type>FPD</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>Shotzz - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/19829</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
</theme>
|
||||
|
||||
<theme name="dagda">
|
||||
<vulnerability>
|
||||
<title>dagda - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/19832</url>
|
||||
</references>
|
||||
<type>UPLOAD</type>
|
||||
</vulnerability>
|
||||
</theme>
|
||||
|
||||
<theme name="moneymasters">
|
||||
<vulnerability>
|
||||
<title>moneymasters Full Path Disclosure vulnerability</title>
|
||||
<title>moneymasters - Full Path Disclosure vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20077</url>
|
||||
</references>
|
||||
<type>FPD</type>
|
||||
</vulnerability>
|
||||
<vulnerability>
|
||||
<title>moneymasters File Upload Vulnerability (metasploit)</title>
|
||||
<title>moneymasters - File Upload Vulnerability (metasploit)</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20076</url>
|
||||
</references>
|
||||
@@ -457,7 +495,7 @@
|
||||
|
||||
<theme name="famous">
|
||||
<vulnerability>
|
||||
<title>WordPress Famous Theme 2.0.5 Shell Upload</title>
|
||||
<title>Famous 2.0.5 - Shell Upload</title>
|
||||
<references>
|
||||
<url>http://packetstormsecurity.org/files/113842/</url>
|
||||
</references>
|
||||
@@ -467,7 +505,7 @@
|
||||
|
||||
<theme name="deep-blue">
|
||||
<vulnerability>
|
||||
<title>WordPress Deep-Blue Theme 1.9.2 Arbitrary File Upload Vulnerability</title>
|
||||
<title>Deep-Blue 1.9.2 - Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://packetstormsecurity.org/files/113843/</url>
|
||||
</references>
|
||||
@@ -477,7 +515,7 @@
|
||||
|
||||
<theme name="classipress">
|
||||
<vulnerability>
|
||||
<title>WordPress Classipress Theme <= 3.1.4 Stored XSS</title>
|
||||
<title>Classipress <= 3.1.4 - Stored XSS</title>
|
||||
<references>
|
||||
<exploitdb>18053</exploitdb>
|
||||
<url>http://cxsecurity.com/issue/WLB-2011110001</url>
|
||||
@@ -1528,7 +1566,7 @@
|
||||
|
||||
<theme name="dt-chocolate">
|
||||
<vulnerability>
|
||||
<title>Wordpress dt-chocolate Theme Image Open redirect</title>
|
||||
<title>dt-chocolate - Image Open redirect</title>
|
||||
<references>
|
||||
<url>http://cxsecurity.com/issue/WLB-2013020011</url>
|
||||
</references>
|
||||
@@ -1545,7 +1583,7 @@
|
||||
|
||||
<theme name="sandbox">
|
||||
<vulnerability>
|
||||
<title>Wordpress theme sandbox Arbitrary File Upload/FD Vulnerability</title>
|
||||
<title>sandbox - Arbitrary File Upload/FD Vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20228</url>
|
||||
</references>
|
||||
@@ -1555,7 +1593,7 @@
|
||||
|
||||
<theme name="clockstone">
|
||||
<vulnerability>
|
||||
<title>WordPress Clockstone Theme upload.php Arbitrary File Upload Vulnerability</title>
|
||||
<title>Clockstone - upload.php Arbitrary File Upload Vulnerability</title>
|
||||
<references>
|
||||
<secunia>51619</secunia>
|
||||
</references>
|
||||
@@ -1565,7 +1603,7 @@
|
||||
|
||||
<theme name="archin">
|
||||
<vulnerability>
|
||||
<title>WordPress Archin Theme Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
|
||||
<title>Archin - Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
|
||||
<references>
|
||||
<secunia>50711</secunia>
|
||||
</references>
|
||||
@@ -1575,7 +1613,7 @@
|
||||
|
||||
<theme name="purity">
|
||||
<vulnerability>
|
||||
<title>WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities</title>
|
||||
<title>Purity - Multiple Cross-Site Scripting Vulnerabilities</title>
|
||||
<references>
|
||||
<secunia>50627</secunia>
|
||||
</references>
|
||||
@@ -1599,7 +1637,7 @@
|
||||
|
||||
<theme name="montezuma">
|
||||
<vulnerability>
|
||||
<title>montezuma <= 1.1.3 XSS in ZeroClipboard.swf</title>
|
||||
<title>montezuma <= 1.1.3 - XSS in ZeroClipboard.swf</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20396</url>
|
||||
</references>
|
||||
@@ -1609,7 +1647,7 @@
|
||||
|
||||
<theme name="scarlet">
|
||||
<vulnerability>
|
||||
<title>scarlet <= 1.1.3 XSS in ZeroClipboard.swf</title>
|
||||
<title>scarlet <= 1.1.3 - XSS in ZeroClipboard.swf</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20396</url>
|
||||
</references>
|
||||
@@ -1619,7 +1657,7 @@
|
||||
|
||||
<theme name="allure-real-estate-theme-for-placester">
|
||||
<vulnerability>
|
||||
<title>allure-real-estate-theme-for-placester <= 0.1.1 XSS in ZeroClipboard.swf</title>
|
||||
<title>allure-real-estate-theme-for-placester <= 0.1.1 - XSS in ZeroClipboard.swf</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20396</url>
|
||||
</references>
|
||||
@@ -1629,7 +1667,7 @@
|
||||
|
||||
<theme name="allure-real-estate-theme-for-real-estate">
|
||||
<vulnerability>
|
||||
<title>allure-real-estate-theme-for-real-estate <= 0.1.1 XSS in ZeroClipboard.swf</title>
|
||||
<title>allure-real-estate-theme-for-real-estate <= 0.1.1 - XSS in ZeroClipboard.swf</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20396</url>
|
||||
</references>
|
||||
@@ -1639,7 +1677,7 @@
|
||||
|
||||
<theme name="felici">
|
||||
<vulnerability>
|
||||
<title>felici XSS Vulnerability</title>
|
||||
<title>felici - XSS Vulnerability</title>
|
||||
<references>
|
||||
<url>http://1337day.com/exploit/20560</url>
|
||||
</references>
|
||||
@@ -1649,7 +1687,7 @@
|
||||
|
||||
<theme name="classic">
|
||||
<vulnerability>
|
||||
<title>Classic v1.5 Theme PHP_SELF XSS</title>
|
||||
<title>Classic 1.5 - PHP_SELF XSS</title>
|
||||
<references>
|
||||
<url>http://osvdb.org/38450</url>
|
||||
<cve>2007-4483</cve>
|
||||
@@ -1660,7 +1698,7 @@
|
||||
|
||||
<theme name="brilliant">
|
||||
<vulnerability>
|
||||
<title>brilliant File Upload Vulnerability</title>
|
||||
<title>brilliant - File Upload Vulnerability</title>
|
||||
<references>
|
||||
<url>http://ruinedsec.wordpress.com/2013/04/03/wordpress-themes-exploits-are-in-action-wpscan/</url>
|
||||
</references>
|
||||
|
||||
Reference in New Issue
Block a user