diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index b5b90321..aa697fc3 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -25,7 +25,9 @@
Crayon Syntax Highlighter Remote File Inclusion
http://secunia.com/advisories/50804/
- http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
+
+ http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
+
RFI
@@ -78,7 +80,9 @@
FireStorm Professional Real Estate Plugin < 2.06.03 Multiple SQL Injection
http://secunia.com/advisories/50873/
- http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
+
+ http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
+
SQLI
@@ -120,7 +124,8 @@
Floating Social Media Links Remote File Inclusion
http://secunia.com/advisories/51346/
- http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/
+ http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/
+
RFI
@@ -138,7 +143,8 @@
Google Document Embedder < 2.5.4 Arbitrary File Disclosure
http://www.exploit-db.com/exploits/23970/
- http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
+ http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
+
http://secunia.com/advisories/50832/
exploit/unix/webapp/wp_google_document_embedder_exec
UNKNOWN
@@ -172,7 +178,8 @@
OpenInviter Information Disclosure
- http://packetstormsecurity.com/files/119265/WordPress-OpenInviter-Information-Disclosure.html
+ http://packetstormsecurity.com/files/119265/WordPress-OpenInviter-Information-Disclosure.html
+
UNKNOWN
@@ -279,7 +286,9 @@
WordPress plugin Asset manager upload.php Arbitrary Code Execution
- http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
+
+ http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
+
UPLOAD
@@ -452,6 +461,11 @@
http://secunia.com/advisories/51250/
XSS
+
+ WordPress Carousel Slideshow Plugin < 3.10 Unspecified Vulnerabilities
+ http://secunia.com/advisories/50377/
+ UNKNOWN
+
@@ -500,6 +514,11 @@
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
+
+ WordPress Image News slider Plugin < 3.4 Unspecified Vulnerabilities
+ http://secunia.com/advisories/50390/
+ UNKNOWN
+
@@ -623,8 +642,10 @@
- ABtest Directory Traversal
- http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
+ ABtest Directory Traversal
+
+ http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
+
UNKNOWN
@@ -681,6 +702,7 @@
SimpleMail 1.0.6 Stored XSS
http://www.exploit-db.com/exploits/20361/
+ http://secunia.com/advisories/50208/
XSS
@@ -689,6 +711,7 @@
Postie 1.4.3 Stored XSS
http://www.exploit-db.com/exploits/20360/
+ http://secunia.com/advisories/50207/
XSS
@@ -697,6 +720,7 @@
RSVPMaker v2.5.4 Persistent XSS
http://www.exploit-db.com/exploits/20474/
+ http://secunia.com/advisories/50289/
XSS
@@ -705,6 +729,7 @@
Mz-jajak <= 2.1 SQL Injection Vulnerability
http://www.exploit-db.com/exploits/20416/
+ http://secunia.com/advisories/50217/
SQLI
@@ -727,8 +752,9 @@
- Backup Plugin 2.0.1 Information Disclosure
+ Backup Plugin < 2.1 Information Disclosure
http://www.exploit-db.com/exploits/19524/
+ http://secunia.com/advisories/50038/
UNKNOWN
@@ -800,7 +826,8 @@
VideoWhisper Video Conference
- 4.51 Arbitrary File Upload Vulnerability
+ 4.51 Arbitrary File Upload Vulnerability
+
http://packetstormsecurity.org/files/113580/
UPLOAD
@@ -809,7 +836,8 @@
Auctions Plugin 2.0.1.3 Arbitrary
-File Upload Vulnerability
+ File Upload Vulnerability
+
http://packetstormsecurity.org/files/113568/
UPLOAD
@@ -858,7 +886,8 @@ File Upload Vulnerability
Contus Video Gallery 1.3 Arbitrary
-File Upload Vulnerability
+ File Upload Vulnerability
+
http://packetstormsecurity.org/files/113571/
UPLOAD
@@ -872,7 +901,8 @@ File Upload Vulnerability
Contus HD FLV Player 1.7 Arbitrary
-File Upload Vulnerability
+ File Upload Vulnerability
+
http://packetstormsecurity.org/files/113570/
UPLOAD
@@ -932,6 +962,11 @@ File Upload Vulnerability
http://secunia.com/advisories/49923/
AUTHBYPASS
+
+ WordPress Mac Photo Gallery Plugin < 3.0 Multiple Script Insertion Vulnerabilities
+ http://secunia.com/advisories/49836/
+ XSS
+
Mac Photo Gallery 2.7 Arbitrary File Upload
http://www.exploit-db.com/exploits/19056/
@@ -1104,7 +1139,9 @@ File Upload Vulnerability
Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload
- http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/, http://www.exploit-db.com/exploits/19100/
+ http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/,
+ http://www.exploit-db.com/exploits/19100/
+
UPLOAD
@@ -1228,6 +1265,7 @@ File Upload Vulnerability
LeagueManager <= 3.7 Cross Site Scripting
http://packetstormsecurity.org/files/112698/
+ http://secunia.com/advisories/49949/
XSS
@@ -1390,6 +1428,11 @@ File Upload Vulnerability
+
+ WordPress Zingiri Web Shop Plugin < 2.4.8 Cookie SQL Injection Vulnerability
+ http://secunia.com/advisories/49398/
+ SQLI
+
Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities
http://www.exploit-db.com/exploits/18787/
@@ -1449,7 +1492,7 @@ File Upload Vulnerability
- Register Plus Redux <= 3.8.3 Cross Site Scripting
+ Register Plus Redux <= 3.8.3 Cross Site Scripting
http://packetstormsecurity.org/files/111367
XSS
@@ -1597,7 +1640,7 @@ File Upload Vulnerability
- Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability
+ Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability
http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html
XSS
@@ -2947,13 +2990,18 @@ File Upload Vulnerability
- GD Star Rating plugin <= 1.9.10 SQL Injection
- http://www.exploit-db.com/exploits/17973/
- SQLI
+ WordPress GD Star Rating Plugin < 1.9.19 Export Security Bypass Security Issue
+ http://secunia.com/advisories/49850/
+ AUTHBYPASS
GD Star Rating plugin <= 1.9.16 Cross Site Scripting
http://www.packetstormsecurity.org/files/112702
+ XSS
+
+
+ GD Star Rating plugin <= 1.9.10 SQL Injection
+ http://www.exploit-db.com/exploits/17973/
SQLI
@@ -3251,7 +3299,7 @@ File Upload Vulnerability
SQLI
-
+
WordPress Zingiri Form Builder Plugin < 1.2.1 "error" Cross-Site Scripting Vulnerability
@@ -3267,7 +3315,7 @@ File Upload Vulnerability
CSRF
-
+
Wordpress Download Shortcode Plugin < 0.2.1 "file" Arbitrary File Disclosure Vulnerability
@@ -3275,7 +3323,7 @@ File Upload Vulnerability
LFI
-
+
WordPress Crayon Syntax Highlighter Plugin < 1.13"wp_load" Remote File Inclusion Vulnerability
@@ -3283,7 +3331,7 @@ File Upload Vulnerability
RFI
-
+
WordPress eShop Magic Plugin < 0.2 "file" Arbitrary File Disclosure Vulnerability
@@ -3291,7 +3339,7 @@ File Upload Vulnerability
LFI
-
+
WordPress Pinterest "Pin It" Button Lite Plugin < 1.4.0 Multiple Unspecified Vulnerabilities
@@ -3299,7 +3347,7 @@ File Upload Vulnerability
MULTI
-
+
WordPress CSS Plus Plugin < 1.3.2 Unspecified Vulnerabilities
@@ -3307,7 +3355,7 @@ File Upload Vulnerability
UNKNOWN
-
+
WordPress Multisite Plugin Manager Plugin < 3.1.2 Two Cross-Site Scripting Vulnerabilities
@@ -3315,7 +3363,7 @@ File Upload Vulnerability
XSS
-
+
WordPress ABC Test Plugin "id" Cross-Site Scripting Vulnerability
@@ -3323,7 +3371,7 @@ File Upload Vulnerability
XSS
-
+
Wordpress Token Manager Plugin "tid" Cross-Site Scripting Vulnerabilities
@@ -3331,7 +3379,7 @@ File Upload Vulnerability
XSS
-
+
WordPress Sexy Add Template Plugin Cross-Site Request Forgery Vulnerability
@@ -3339,7 +3387,7 @@ File Upload Vulnerability
CSRF
-
+
WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability
@@ -3347,7 +3395,7 @@ File Upload Vulnerability
CSRF
-
+
WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability
@@ -3355,7 +3403,7 @@ File Upload Vulnerability
XSS
-
+
WordPress WP-TopBar Plugin < 4.0.3 Cross-Site Request Forgery Vulnerability
@@ -3363,6 +3411,103 @@ File Upload Vulnerability
CSRF
+
+
+
+ WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities
+ http://secunia.com/advisories/50466/
+ SQLI
+
+
+
+
+
+ WordPress Cloudsafe365 Plugin < 1.47 Multiple Vulnerabilities
+ http://secunia.com/advisories/50392/
+ MULTI
+
+
+
+
+
+ WordPress Vitamin Plugin < 1.1 Two Arbitrary File Disclosure Vulnerabilities
+ http://secunia.com/advisories/50176/
+ LFI
+
+
+
+
+
+ WordPress Featured Post with thumbnail Plugin < 1.5 Unspecified timthumb Vulnerability
+ http://secunia.com/advisories/50161/
+ UNKNOWN
+
+
+
+
+
+ WordPress WP Lead Management Plugin Script Insertion Vulnerabilities
+ http://secunia.com/advisories/50166/
+ XSS
+
+
+
+
+
+ WordPress XVE Various Embed Plugin JW Player < 1.0.4 Multiple Cross-Site Scripting Vulnerabilities
+
+ http://secunia.com/advisories/50173/
+ XSS
+
+
+
+
+
+ WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities
+ http://secunia.com/advisories/50100/
+ AUTHBYPASS
+
+
+
+
+
+ WordPress Backend Localization Plugin < 2.0 Cross-Site Scripting Vulnerabilities
+ http://secunia.com/advisories/50099/
+ XSS
+
+
+
+
+ WordPress Flexi Quote Rotator Plugin < 0.9.2 Cross-Site Request Forgery and SQL Injection Vulnerabilities
+ http://secunia.com/advisories/49910/
+ MULTI
+
+
+
+
+
+ WordPress Get Off Malicious Scripts < 1.2.07.20 Cross-Site Scripting Vulnerability
+ http://secunia.com/advisories/50030/
+ XSS
+
+
+
+
+
+ WordPress Cimy User Extra Fields Plugin < 2.3.9 Arbitrary File Upload Vulnerability
+ http://secunia.com/advisories/49975/
+ UPLOAD
+
+
+
+
+
+ WordPress Nmedia Users File Uploader Plugin < 2.0 Arbitrary File Upload Vulnerability
+ http://secunia.com/advisories/49996/
+ UPLOAD
+
+
+
diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index cd8ec37d..9a417040 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1172,7 +1172,7 @@
- Multiple vulnerabilities in Chocolate WP theme for WordPress
+ Multiple vulnerabilities in Chocolate WP theme for WordPress
http://seclists.org/fulldisclosure/2013/Jan/215
MULTI
@@ -1201,7 +1201,7 @@
MULTI
-
+
WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities
@@ -1209,5 +1209,5 @@
XSS
-
+
diff --git a/data/vuln.xsd b/data/vuln.xsd
index 8be3abc4..aee74e38 100644
--- a/data/vuln.xsd
+++ b/data/vuln.xsd
@@ -90,5 +90,4 @@
-
\ No newline at end of file