garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update plugin_vulns.xml

Browse Source
This commit is contained in:
Peter van der Laan
2013-10-13 11:02:39 +02:00
parent db82b2584c
commit 7f6cd57e51
1 changed files with 32 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
data/plugin_vulns.xml
View File

@@ -5,7 +5,7 @@
<plugin name="content-slide">
<vulnerability>
<title>Content Slide 1.4.2 - Cross Site Requst Forgery Vulnerability</title>
<title>Content Slide &lt;=1.4.2 - Cross Site Requst Forgery Vulnerability</title>
<references>
<osvdb>93871</osvdb>
<cve>2013-2708</cve>
@@ -152,7 +152,7 @@
<plugin name="thanks-you-counter-button">
<vulnerability>
<title>Thank You Counter Button - XSS</title>
<title>Thank You Counter Button &lt;=1.8.2 - XSS</title>
<references>
<secunia>50977</secunia>
</references>
@@ -163,7 +163,7 @@
<plugin name="bookings">
<vulnerability>
<title>Bookings - XSS</title>
<title>Bookings &lt;=1.8.2 - XSS</title>
<references>
<secunia>50975</secunia>
</references>
@@ -174,12 +174,13 @@
<plugin name="cimy-user-manager">
<vulnerability>
<title>Cimy User Manager - Arbitrary File Disclosure</title>
<title>Cimy User Manager &lt;=1.4.2 - Arbitrary File Disclosure</title>
<references>
<secunia>50834</secunia>
<url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.4</fixed_in>
</vulnerability>
</plugin>
@@ -207,15 +208,17 @@
<plugin name="wp125">
<vulnerability>
<title>WP125 - Multiple XSS</title>
<title>WP125 &lt;=1.4.4 - Multiple XSS</title>
<references>
<secunia>50976</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.5</fixed_in>
</vulnerability>
<vulnerability>
<title>WP125 - CSRF</title>
<title>WP125 &lt;=1.4.9 - CSRF</title>
<references>
<cve>2013-2700</cve>
<url>http://www.securityfocus.com/bid/58934</url>
</references>
<type>CSRF</type>
@@ -6250,7 +6253,7 @@
<plugin name="digg-digg">
<vulnerability>
<title>Digg Digg CSRF</title>
<title>Digg Digg - CSRF</title>
<references>
<url>http://wordpress.org/plugins/digg-digg/changelog/</url>
<secunia>53120</secunia>
@@ -6276,7 +6279,7 @@
<plugin name="funcaptcha">
<vulnerability>
<title>FunCaptcha CSRF</title>
<title>FunCaptcha - CSRF</title>
<references>
<url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
</references>
@@ -6287,7 +6290,7 @@
<plugin name="xili-language">
<vulnerability>
<title>xili-language XSS</title>
<title>xili-language - XSS</title>
<references>
<url>http://wordpress.org/plugins/xili-language/changelog/</url>
</references>
@@ -6298,7 +6301,7 @@
<plugin name="wordpress-seo">
<vulnerability>
<title>Security issue which allowed any user to reset settings</title>
<title>wordpress-seo - Security issue which allowed any user to reset settings</title>
<references>
<url>http://wordpress.org/plugins/wordpress-seo/changelog/</url>
</references>
@@ -6309,7 +6312,7 @@
<plugin name="underconstruction">
<vulnerability>
<title>CSRF in WordPress underConstruction plugin</title>
<title>Under Construction - CSRF</title>
<references>
<url>http://wordpress.org/plugins/underconstruction/changelog/</url>
<secunia>52881</secunia>
@@ -6323,7 +6326,7 @@
<plugin name="adif-log-search-widget">
<vulnerability>
<title>ADIF Log Search Widget XSS Arbitrary Vulnerability</title>
<title>ADIF Log Search Widget - XSS Arbitrary Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/121777/</url>
<secunia>53599</secunia>
@@ -6358,7 +6361,7 @@
<plugin name="export-to-text">
<vulnerability>
<title>Remote File Inclusion Vulnerability</title>
<title>Export to text - Remote File Inclusion Vulnerability</title>
<references>
<secunia>51348</secunia>
<osvdb>93715</osvdb>
@@ -6472,7 +6475,7 @@
<plugin name="wp-maintenance-mode">
<vulnerability>
<title>WP Maintenance Mode Setting Manipulation CSRF</title>
<title>WP Maintenance Mode - Setting Manipulation CSRF</title>
<references>
<osvdb>94450</osvdb>
</references>
@@ -6493,7 +6496,7 @@
<plugin name="mapsmarker">
<vulnerability>
<title>Leaflet Maps Marker Tag Multiple Parameter SQL Injection</title>
<title>Leaflet Maps Marker - Tag Multiple Parameter SQL Injection</title>
<references>
<osvdb>94388</osvdb>
</references>
@@ -6526,7 +6529,7 @@
<plugin name="dropdown-menu-widget">
<vulnerability>
<title>Dropdown Menu Widget Script Insertion CSRF</title>
<title>Dropdown Menu Widget - Script Insertion CSRF</title>
<references>
<osvdb>94771</osvdb>
</references>
@@ -6536,7 +6539,7 @@
<plugin name="buddypress-extended-friendship-request">
<vulnerability>
<title>BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS
<title>BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS
</title>
<references>
<osvdb>94807</osvdb>
@@ -6548,7 +6551,7 @@
<plugin name="wp-private-messages">
<vulnerability>
<title>wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection</title>
<title>wp-private-messages - /wp-admin/profile.php msgid Parameter SQL Injection</title>
<references>
<osvdb>94702</osvdb>
</references>
@@ -6558,7 +6561,7 @@
<plugin name="stream-video-player">
<vulnerability>
<title>Stream Video Player - - Setting Manipulation CSRF</title>
<title>Stream Video Player - Setting Manipulation CSRF</title>
<references>
<osvdb>94466</osvdb>
</references>
@@ -6568,7 +6571,7 @@
<plugin name="duplicator">
<vulnerability>
<title>Duplicator installer.cleanup.php package Parameter XSS</title>
<title>Duplicator - installer.cleanup.php package Parameter XSS</title>
<references>
<osvdb>95627</osvdb>
<cve>2013-4625</cve>
@@ -6580,7 +6583,7 @@
<plugin name="citizen-space">
<vulnerability>
<title>Citizen Space Script Insertion CSRF</title>
<title>Citizen Space - Script Insertion CSRF</title>
<references>
<osvdb>95570</osvdb>
</references>
@@ -6591,7 +6594,7 @@
<plugin name="spicy-blogroll">
<vulnerability>
<title>Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
<title>Spicy Blogroll - spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
<references>
<osvdb>95557</osvdb>
<exploitdb>26804</exploitdb>
@@ -6602,7 +6605,7 @@
<plugin name="pie-register">
<vulnerability>
<title>Pie Register wp-login.php Multiple Parameter XSS</title>
<title>Pie Register - wp-login.php Multiple Parameter XSS</title>
<references>
<osvdb>95160</osvdb>
</references>
@@ -6613,7 +6616,7 @@
<plugin name="xhanch-my-twitter">
<vulnerability>
<title>CSRF in admin/setting.php in Xhanch</title>
<title>Xhanch my Twitter - CSRF in admin/setting.php</title>
<references>
<osvdb>96027</osvdb>
<secunia>53133</secunia>
@@ -6640,7 +6643,7 @@
<plugin name="hms-testimonials">
<vulnerability>
<title>CSRF in HMS Testimonials 2.0.10</title>
<title>HMS Testimonials 2.0.10 - CSRF</title>
<references>
<url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
<cve>2013-4240</cve>
@@ -6655,7 +6658,7 @@
<fixed_in>2.0.11</fixed_in>
</vulnerability>
<vulnerability>
<title>XSS in HMS Testimonials 2.0.10</title>
<title>HMS Testimonials 2.0.10 - XSS</title>
<references>
<url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
<cve>2013-4241</cve>
@@ -6718,7 +6721,7 @@
<plugin name="platinum-seo-pack">
<vulnerability>
<title>platinum_seo_pack.php s Parameter Reflected XSS</title>
<title>platinum_seo_pack.php - s Parameter Reflected XSS</title>
<references>
<osvdb>97263</osvdb>
</references>
@@ -6796,11 +6799,11 @@
<vulnerability>
<title>Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution</title>
<references>
<url>http://packetstormsecurity.com/files/123349/</url>
<url>http://xforce.iss.net/xforce/xfdb/87384</url>
<osvdb>97662</osvdb>
<cve>2013-5961</cve>
<exploitdb>28452</exploitdb>
<url>http://packetstormsecurity.com/files/123349/</url>
<url>http://xforce.iss.net/xforce/xfdb/87384</url>
</references>
<type>UPLOAD</type>
</vulnerability>