diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index bda8e428..68dfc20c 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -493,6 +493,14 @@
UPLOAD
+
+ Uploader 1.0.4 - notify.php blog Parameter XSS
+
+ 90840
+ 52465
+
+ XSS
+
@@ -583,6 +591,14 @@
XSS
+
+ Blaze Slideshow 2.1 - Unspecified Security Vulnerability
+
+ http://www.securityfocus.com/bid/52677
+
+ UNKNOWN
+ 2.2
+
@@ -1484,6 +1500,7 @@
PICA Photo Gallery 1.0 - Remote File Disclosure
19016
+ http://www.securityfocus.com/bid/53893
UNKNOWN
@@ -1710,6 +1727,14 @@
UPLOAD
+
+ WP Marketplace 1.2.1 - File Enumeration Weakness and File Upload Vulnerabilities
+
+ http://www.securityfocus.com/bid/52960
+
+ UPLOAD
+ 1.2.2
+
@@ -1951,7 +1976,7 @@
XSS
- LeagueManager v3.8 - SQL Injection
+ LeagueManager 3.8 - SQL Injection
24789
2013-1852
@@ -2430,6 +2455,22 @@
XSS
+
+ Count Per Day 3.2.3 - notes.php Malformed Requests Remote DoS
+
+ 90833
+ http://seclists.org/fulldisclosure/2013/Mar/43
+
+ UNKNOWN
+
+
+ Count Per Day 3.2.3 - Multiple Script Direct Request Path Disclosure
+
+ 90832
+ http://seclists.org/fulldisclosure/2013/Mar/43
+
+ FPD
+
Count Per Day 3.2.3 - Cross Site Scripting
@@ -2441,8 +2482,10 @@
Count Per Day 3.1.1 - Cross Site Scripting
http://packetstormsecurity.com/files/114787/
+ http://www.securityfocus.com/bid/54258
XSS
+ 3.2
Count Per Day <= 3.1.1 - Multiple Vulnerabilities
@@ -2699,16 +2742,20 @@
SQLI
- WP Symposium - "u" XSS
+ WP Symposium 13.02 - wp-symposium/invite.php u Parameter XSS
+ 92275
+ 2013-2695
52864
XSS
13.04
- WP Symposium - "u" Redirection Weakness
+ WP Symposium 13.02 - invite.php u Parameter Arbitrary Site Redirect
+ 92274
+ 2013-2694
52925
REDIRECT
@@ -4633,16 +4680,21 @@
- ripe-hd-player 1.0 - SQL Injection
+ ripe-hd-player 1.0 - ripe-hd-player/config.php id Parameter SQL Injection
+ 89437
24229
+ http://xforce.iss.net/xforce/xfdb/81415
SQLI
- ripe-hd-player 1.0 - Full Path Disclosure
+ ripe-hd-player 1.0 - Multiple Script Direct Request Path Disclosure
+ 89438
24229
+ http://www.securityfocus.com/bid/57473
+ http://xforce.iss.net/xforce/xfdb/81414
FPD
@@ -4808,6 +4860,33 @@
XSS
5.3.4
+
+ Events Manager 5.3.5 - wp-admin/admin-ajax.php dbem_phone Parameter XSS
+
+ 90913
+ 52475
+
+ XSS
+ 5.3.6
+
+
+ Events Manager 5.3.5 - index.php event_owner_name Parameter XSS
+
+ 90914
+ 52475
+
+ XSS
+ 5.3.6
+
+
+ Events Manager 5.3.5 - wp-admin/post.php Multiple Parameter XSS
+
+ 90915
+ 52475
+
+ XSS
+ 5.3.6
+
Events Manager 5.3.8 - Multiple XSS Vulnerabilities
@@ -5531,9 +5610,19 @@
- Contact Form - XSS
+ Contact Form 3.34 - contact_form.php cntctfrm_contact_message Parameter XSS
+
+ 90502
+ 52179
+
+ XSS
+ 3.35
+
+
+ Contact Form 3.36 - contact_form.php cntctfrm_contact_email Parameter XSS
90503
+ 52250
XSS
@@ -5584,9 +5673,11 @@
- Responsive Logo Slideshow - Cross Site Scripting
+ Responsive Logo Slideshow - URL and Image Field XSS
+ 90406
http://packetstormsecurity.com/files/120379/
+ http://seclists.org/bugtraq/2013/Feb/84
XSS
@@ -6138,7 +6229,7 @@
- social-media-widget - malicious code
+ Social Media Widget - malicious code
http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk
http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
@@ -6146,6 +6237,17 @@
UNKNOWN
4.0.2
+
+ Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection
+
+ 92312
+ 2013-1949
+ 53020
+ http://seclists.org/oss-sec/2013/q2/10
+
+ UNKNOWN
+ 4.0.1
+
@@ -6240,8 +6342,9 @@
- top-10 - CSRF
+ top-10 1.9.2 - Setting Manipulation CSRF
+ 92849
53205
CSRF
@@ -6374,8 +6477,9 @@
- Contextual Related Posts - Cross-Site Request Forgery Vulnerability
+ Contextual Related Posts 1.8.6 - Cross-Site Request Forgery Vulnerability
+ 93088
52960
CSRF
@@ -6385,8 +6489,10 @@
- Calendar - Cross-Site Request Forgery Vulnerability
+ Calendar 1.3.2 - Entry Addition CSRF
+ 93025
+ 2013-2698
52841
CSRF
@@ -6396,8 +6502,11 @@
- Feedweb - 'wp_post_id' Parameter XSS
+ Feedweb 1.8.8 - widget_remove.php wp_post_id Parameter XSS
+ 91951
+ 2013-3720
+ 52855
http://www.securityfocus.com/bid/58771
XSS
@@ -6478,9 +6587,10 @@
- xili-language - XSS
+ xili-language - index.php lang Parameter XSS
- http://wordpress.org/plugins/xili-language/changelog/
+ 93233
+ 53364
XSS
2.8.6
@@ -6504,6 +6614,14 @@
XSS
+
+ WordPress SEO 1.4.6 - Reset Settings Feature Access Restriction Bypass
+
+ 92147
+ 52949
+
+ UNKNOWN
+
@@ -7157,6 +7275,14 @@
XSS
+
+ LBG Zoominoutslider - add_banner.php Unspecified XSS
+
+ 99320
+ http://packetstormsecurity.com/files/123367/
+
+ XSS
+
LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure
@@ -7963,4 +8089,34 @@
+
+
+ FCChat 2.2.11-2.2.13 - Upload.php Arbitrary File Upload Vulnerability
+
+ http://www.securityfocus.com/bid/53855
+
+ UPLOAD
+
+
+
+
+
+ Another WordPress Classifieds - Unspecified Image Upload Vulnerability
+
+ http://www.securityfocus.com/bid/52861
+
+ UPLOAD
+
+
+
+
+
+ Picturesurf Gallery 1.2 - upload.php Arbitrary File Upload Vulnerability
+
+ http://www.securityfocus.com/bid/53894
+
+ UPLOAD
+
+
+