Merge pull request #340 from pvdl/master

Added new WordPress vulns

data/plugin_vulns.xml

@@ -6052,8 +6052,7 @@
       <title>social-media-widget - malicious code</title>
       <references>
         <url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</url>
-        <url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
+        <url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</url>
-        </url>
       </references>
       <type>UNKNOWN</type>
       <fixed_in>4.0.2</fixed_in>
@@ -7577,7 +7576,16 @@
       </references>
       <type>XSS</type>
     </vulnerability>
+  </plugin>
 
+  <plugin name="blue-wrench-videos-widget">
+    <vulnerability>
+      <title>Blue Wrench Video-Widget CSRF and Persistent XSS 0day Disclosure</title>
+      <references>
+        <url>http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/</url>
+      </references>
+      <type>MULTI</type>
+    </vulnerability>
   </plugin>
 
   <plugin name="wp-mailup">

data/theme_vulns.xml

@@ -1246,6 +1246,16 @@
     </vulnerability>
   </theme>
 
+  <theme name="DailyDeal">
+    <vulnerability>
+      <title>DailyDeal - Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/123748/</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
+  </theme>
+
   <theme name="dailyedition">
     <vulnerability>
       <title>WooThemes WooFramework Remote Unauthenticated Shortcode Execution</title>
@@ -1690,6 +1700,7 @@
     <vulnerability>
       <title>Slash WP - FPD, XSS and CS vulnerabilities</title>
       <references>
+        <url>http://packetstormsecurity.com/files/123748/</url>
         <url>http://seclists.org/fulldisclosure/2013/Jun/166</url>
       </references>
       <type>MULTI</type>