From be3937c3614ba05318e31d56f1152290eef3b037 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 25 Oct 2013 09:19:59 +0200 Subject: [PATCH 1/2] Added DailyDeal Theme vuln --- data/theme_vulns.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml index 98407dff..37b89e22 100644 --- a/data/theme_vulns.xml +++ b/data/theme_vulns.xml @@ -1246,6 +1246,16 @@ + + + DailyDeal - Shell Upload + + http://packetstormsecurity.com/files/123748/ + + RCE + + + WooThemes WooFramework Remote Unauthenticated Shortcode Execution @@ -1690,6 +1700,7 @@ Slash WP - FPD, XSS and CS vulnerabilities + http://packetstormsecurity.com/files/123748/ http://seclists.org/fulldisclosure/2013/Jun/166 MULTI From 96b6e5db87db224e73af23594700b108cc97f87b Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 25 Oct 2013 09:41:17 +0200 Subject: [PATCH 2/2] Added Blue Wrench Video Widget vulnerability found by SecurityUndefined --- data/plugin_vulns.xml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index f386187f..e5f0af14 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -6052,8 +6052,7 @@ social-media-widget - malicious code http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk - http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot - + http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot UNKNOWN 4.0.2 @@ -7577,7 +7576,16 @@ XSS + + + + Blue Wrench Video-Widget CSRF and Persistent XSS 0day Disclosure + + http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/ + + MULTI +