From 7f6cd57e517fbadb3f164b8fe6167a0a9286dfa0 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sun, 13 Oct 2013 11:02:39 +0200
Subject: [PATCH] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 61 +++++++++++++++++++++++--------------------
 1 file changed, 32 insertions(+), 29 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index e031715c..ad0c044d 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -5,7 +5,7 @@
 
   <plugin name="content-slide">
     <vulnerability>
-      <title>Content Slide 1.4.2 - Cross Site Requst Forgery Vulnerability</title>
+      <title>Content Slide &lt;=1.4.2 - Cross Site Requst Forgery Vulnerability</title>
       <references>
         <osvdb>93871</osvdb>
         <cve>2013-2708</cve>
@@ -152,7 +152,7 @@
 
   <plugin name="thanks-you-counter-button">
     <vulnerability>
-      <title>Thank You Counter Button - XSS</title>
+      <title>Thank You Counter Button &lt;=1.8.2 - XSS</title>
       <references>
         <secunia>50977</secunia>
       </references>
@@ -163,7 +163,7 @@
 
   <plugin name="bookings">
     <vulnerability>
-      <title>Bookings - XSS</title>
+      <title>Bookings &lt;=1.8.2 - XSS</title>
       <references>
         <secunia>50975</secunia>
       </references>
@@ -174,12 +174,13 @@
 
   <plugin name="cimy-user-manager">
     <vulnerability>
-      <title>Cimy User Manager - Arbitrary File Disclosure</title>
+      <title>Cimy User Manager &lt;=1.4.2 - Arbitrary File Disclosure</title>
       <references>
         <secunia>50834</secunia>
         <url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>1.4.4</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -207,15 +208,17 @@
 
   <plugin name="wp125">
     <vulnerability>
-      <title>WP125 - Multiple XSS</title>
+      <title>WP125 &lt;=1.4.4 - Multiple XSS</title>
       <references>
         <secunia>50976</secunia>
       </references>
       <type>XSS</type>
+      <fixed_in>1.4.5</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>WP125 - CSRF</title>
+      <title>WP125 &lt;=1.4.9 - CSRF</title>
       <references>
+        <cve>2013-2700</cve>
         <url>http://www.securityfocus.com/bid/58934</url>
       </references>
       <type>CSRF</type>
@@ -6250,7 +6253,7 @@
 
   <plugin name="digg-digg">
     <vulnerability>
-      <title>Digg Digg CSRF</title>
+      <title>Digg Digg - CSRF</title>
       <references>
         <url>http://wordpress.org/plugins/digg-digg/changelog/</url>
         <secunia>53120</secunia>
@@ -6276,7 +6279,7 @@
 
   <plugin name="funcaptcha">
     <vulnerability>
-      <title>FunCaptcha CSRF</title>
+      <title>FunCaptcha - CSRF</title>
       <references>
         <url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
       </references>
@@ -6287,7 +6290,7 @@
 
   <plugin name="xili-language">
     <vulnerability>
-      <title>xili-language XSS</title>
+      <title>xili-language - XSS</title>
       <references>
         <url>http://wordpress.org/plugins/xili-language/changelog/</url>
       </references>
@@ -6298,7 +6301,7 @@
 
   <plugin name="wordpress-seo">
     <vulnerability>
-      <title>Security issue which allowed any user to reset settings</title>
+      <title>wordpress-seo - Security issue which allowed any user to reset settings</title>
       <references>
         <url>http://wordpress.org/plugins/wordpress-seo/changelog/</url>
       </references>
@@ -6309,7 +6312,7 @@
 
   <plugin name="underconstruction">
     <vulnerability>
-      <title>CSRF in WordPress underConstruction plugin</title>
+      <title>Under Construction - CSRF</title>
       <references>
         <url>http://wordpress.org/plugins/underconstruction/changelog/</url>
         <secunia>52881</secunia>
@@ -6323,7 +6326,7 @@
 
   <plugin name="adif-log-search-widget">
     <vulnerability>
-      <title>ADIF Log Search Widget XSS Arbitrary Vulnerability</title>
+      <title>ADIF Log Search Widget - XSS Arbitrary Vulnerability</title>
       <references>
         <url>http://packetstormsecurity.com/files/121777/</url>
         <secunia>53599</secunia>
@@ -6358,7 +6361,7 @@
 
   <plugin name="export-to-text">
     <vulnerability>
-      <title>Remote File Inclusion Vulnerability</title>
+      <title>Export to text - Remote File Inclusion Vulnerability</title>
       <references>
         <secunia>51348</secunia>
         <osvdb>93715</osvdb>
@@ -6472,7 +6475,7 @@
 
   <plugin name="wp-maintenance-mode">
     <vulnerability>
-      <title>WP Maintenance Mode Setting Manipulation CSRF</title>
+      <title>WP Maintenance Mode - Setting Manipulation CSRF</title>
       <references>
         <osvdb>94450</osvdb>
       </references>
@@ -6493,7 +6496,7 @@
 
   <plugin name="mapsmarker">
     <vulnerability>
-      <title>Leaflet Maps Marker Tag Multiple Parameter SQL Injection</title>
+      <title>Leaflet Maps Marker - Tag Multiple Parameter SQL Injection</title>
       <references>
         <osvdb>94388</osvdb>
       </references>
@@ -6526,7 +6529,7 @@
 
   <plugin name="dropdown-menu-widget">
     <vulnerability>
-      <title>Dropdown Menu Widget Script Insertion CSRF</title>
+      <title>Dropdown Menu Widget - Script Insertion CSRF</title>
       <references>
         <osvdb>94771</osvdb>
       </references>
@@ -6536,7 +6539,7 @@
 
   <plugin name="buddypress-extended-friendship-request">
     <vulnerability>
-      <title>BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS
+      <title>BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS
       </title>
       <references>
         <osvdb>94807</osvdb>
@@ -6548,7 +6551,7 @@
 
   <plugin name="wp-private-messages">
     <vulnerability>
-      <title>wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection</title>
+      <title>wp-private-messages - /wp-admin/profile.php msgid Parameter SQL Injection</title>
       <references>
         <osvdb>94702</osvdb>
       </references>
@@ -6558,7 +6561,7 @@
 
   <plugin name="stream-video-player">
     <vulnerability>
-      <title>Stream Video Player - - Setting Manipulation CSRF</title>
+      <title>Stream Video Player - Setting Manipulation CSRF</title>
       <references>
         <osvdb>94466</osvdb>
       </references>
@@ -6568,7 +6571,7 @@
 
   <plugin name="duplicator">
     <vulnerability>
-      <title>Duplicator installer.cleanup.php package Parameter XSS</title>
+      <title>Duplicator - installer.cleanup.php package Parameter XSS</title>
       <references>
         <osvdb>95627</osvdb>
         <cve>2013-4625</cve>
@@ -6580,7 +6583,7 @@
 
   <plugin name="citizen-space">
     <vulnerability>
-      <title>Citizen Space Script Insertion CSRF</title>
+      <title>Citizen Space - Script Insertion CSRF</title>
       <references>
         <osvdb>95570</osvdb>
       </references>
@@ -6591,7 +6594,7 @@
 
   <plugin name="spicy-blogroll">
     <vulnerability>
-      <title>Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
+      <title>Spicy Blogroll - spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
       <references>
         <osvdb>95557</osvdb>
         <exploitdb>26804</exploitdb>
@@ -6602,7 +6605,7 @@
 
   <plugin name="pie-register">
     <vulnerability>
-      <title>Pie Register wp-login.php Multiple Parameter XSS</title>
+      <title>Pie Register - wp-login.php Multiple Parameter XSS</title>
       <references>
         <osvdb>95160</osvdb>
       </references>
@@ -6613,7 +6616,7 @@
 
   <plugin name="xhanch-my-twitter">
     <vulnerability>
-      <title>CSRF in admin/setting.php in Xhanch</title>
+      <title>Xhanch my Twitter - CSRF in admin/setting.php</title>
       <references>
         <osvdb>96027</osvdb>
         <secunia>53133</secunia>
@@ -6640,7 +6643,7 @@
 
   <plugin name="hms-testimonials">
     <vulnerability>
-      <title>CSRF in HMS Testimonials 2.0.10</title>
+      <title>HMS Testimonials 2.0.10 - CSRF</title>
       <references>
         <url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
         <cve>2013-4240</cve>
@@ -6655,7 +6658,7 @@
       <fixed_in>2.0.11</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>XSS in HMS Testimonials 2.0.10</title>
+      <title>HMS Testimonials 2.0.10 - XSS</title>
       <references>
         <url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
         <cve>2013-4241</cve>
@@ -6718,7 +6721,7 @@
 
   <plugin name="platinum-seo-pack">
     <vulnerability>
-      <title>platinum_seo_pack.php s Parameter Reflected XSS</title>
+      <title>platinum_seo_pack.php - s Parameter Reflected XSS</title>
       <references>
         <osvdb>97263</osvdb>
       </references>
@@ -6796,11 +6799,11 @@
     <vulnerability>
       <title>Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution</title>
       <references>
-        <url>http://packetstormsecurity.com/files/123349/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/87384</url>
         <osvdb>97662</osvdb>
         <cve>2013-5961</cve>
         <exploitdb>28452</exploitdb>
+        <url>http://packetstormsecurity.com/files/123349/</url>
+        <url>http://xforce.iss.net/xforce/xfdb/87384</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>