From f16692e3aee50645eae454bf372432b725e93f78 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 12 Nov 2013 12:18:57 +0100
Subject: [PATCH 1/6] Added some vulns from Security Focus

---
 data/plugin_vulns.xml | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index bda8e428..5272a7e9 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -583,6 +583,14 @@
       </references>
       <type>XSS</type>
     </vulnerability>
+    <vulnerability>
+      <title>Blaze Slideshow 2.1 - Unspecified Security Vulnerability</title>
+      <references>
+        <url>http://www.securityfocus.com/bid/52677</url>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>2.2</fixed_in>
+    </vulnerability>
   </plugin>
 
   <plugin name="comment-extra-field">
@@ -1710,6 +1718,14 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>WP Marketplace 1.2.1 - File Enumeration Weakness and File Upload Vulnerabilities</title>
+      <references>
+        <url>http://www.securityfocus.com/bid/52960</url>
+      </references>
+      <type>UPLOAD</type>
+      <fixed_in>1.2.2</fixed_in>
+    </vulnerability>
   </plugin>
 
   <plugin name="store-locator-le">
@@ -1951,7 +1967,7 @@
       <type>XSS</type>
     </vulnerability>
     <vulnerability>
-      <title>LeagueManager v3.8 - SQL Injection</title>
+      <title>LeagueManager 3.8 - SQL Injection</title>
       <references>
         <exploitdb>24789</exploitdb>
         <cve>2013-1852</cve>
@@ -2441,8 +2457,10 @@
       <title>Count Per Day 3.1.1 - Cross Site Scripting</title>
       <references>
         <url>http://packetstormsecurity.com/files/114787/</url>
+        <url>http://www.securityfocus.com/bid/54258</url>
       </references>
       <type>XSS</type>
+      <fixed_in>3.2</fixed_in>
     </vulnerability>
     <vulnerability>
       <title>Count Per Day &lt;= 3.1.1 - Multiple Vulnerabilities</title>
@@ -7963,4 +7981,24 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="fcchat">
+    <vulnerability>
+      <title>FCChat 2.2.11-2.2.13 - Upload.php Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://www.securityfocus.com/bid/53855</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="another-wordpress-classifieds-plugin">
+    <vulnerability>
+      <title>Another WordPress Classifieds - Unspecified Image Upload Vulnerability</title>
+      <references>
+        <url>http://www.securityfocus.com/bid/52861</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

From f833181d81186ac2c40c231098599775637a0cb9 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 12 Nov 2013 13:59:24 +0100
Subject: [PATCH 2/6] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 5272a7e9..ff3fc046 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -1492,6 +1492,7 @@
       <title>PICA Photo Gallery 1.0 - Remote File Disclosure</title>
       <references>
         <exploitdb>19016</exploitdb>
+        <url>http://www.securityfocus.com/bid/53893</url>
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
@@ -4651,16 +4652,21 @@
 
   <plugin name="ripe-hd-player">
     <vulnerability>
-      <title>ripe-hd-player 1.0 - SQL Injection</title>
+      <title>ripe-hd-player 1.0 - ripe-hd-player/config.php id Parameter SQL Injection</title>
       <references>
+        <osvdb>89437</osvdb>
         <exploitdb>24229</exploitdb>
+        <url>http://xforce.iss.net/xforce/xfdb/81415</url>
       </references>
       <type>SQLI</type>
     </vulnerability>
     <vulnerability>
-      <title>ripe-hd-player 1.0 - Full Path Disclosure</title>
+      <title>ripe-hd-player 1.0 - Multiple Script Direct Request Path Disclosure</title>
       <references>
+        <osvdb>89438</osvdb>
         <exploitdb>24229</exploitdb>
+        <url>http://www.securityfocus.com/bid/57473</url>
+        <url>http://xforce.iss.net/xforce/xfdb/81414</url>
       </references>
       <type>FPD</type>
     </vulnerability>
@@ -7174,6 +7180,13 @@
         <url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
       </references>
       <type>XSS</type>
+    </vulnerability>
+      <title>LBG Zoominoutslider - add_banner.php Unspecified XSS</title>
+      <references>
+        <osvdb>99320</osvdb>
+        <url>http://packetstormsecurity.com/files/123367/</url>
+      </references>
+      <type>XSS</type>
     </vulnerability>
     <vulnerability>
       <title>LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure</title>
@@ -8001,4 +8014,14 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="picturesurf-gallery">
+    <vulnerability>
+      <title>Picturesurf Gallery 1.2 - upload.php Arbitrary File Upload Vulnerability</title>
+      <references>
+        <url>http://www.securityfocus.com/bid/53894</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

From 4e069394631d975f1752fe7cbf0145ba935dfe34 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 12 Nov 2013 16:31:36 +0100
Subject: [PATCH 3/6] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 86 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 80 insertions(+), 6 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index ff3fc046..4aa964b6 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -493,7 +493,14 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
-  </plugin>
+    <vulnerability>
+      <title>Uploader 1.0.4 - notify.php blog Parameter XSS</title>
+      <references>
+        <osvdb>90840</osvdb>
+        <secunia>52465</secunia>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
 
   <plugin name="xerte-online">
     <vulnerability>
@@ -2447,6 +2454,22 @@
       </references>
       <type>XSS</type>
     </vulnerability>
+    <vulnerability>
+      <title>Count Per Day 3.2.3 - notes.php Malformed Requests Remote DoS</title>
+      <references>
+        <osvdb>90833</osvdb>
+        <url>http://seclists.org/fulldisclosure/2013/Mar/43</url>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Count Per Day 3.2.3 - Multiple Script Direct Request Path Disclosure</title>
+      <references>
+        <osvdb>90832</osvdb>
+        <url>http://seclists.org/fulldisclosure/2013/Mar/43</url>
+      </references>
+      <type>FPD</type>
+    </vulnerability>
     <vulnerability>
       <title>Count Per Day 3.2.3 - Cross Site Scripting</title>
       <references>
@@ -4832,6 +4855,33 @@
       <type>XSS</type>
       <fixed_in>5.3.4</fixed_in>
     </vulnerability>
+    <vulnerability>
+      <title>Events Manager 5.3.5 - wp-admin/admin-ajax.php dbem_phone Parameter XSS</title>
+      <references>
+        <osvdb>90913</osvdb>
+        <secunia>52475</secunia>
+      </references>
+      <type>XSS</type>
+      <fixed_in>5.3.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Events Manager 5.3.5 - index.php event_owner_name Parameter XSS</title>
+      <references>
+        <osvdb>90914</osvdb>
+        <secunia>52475</secunia>
+      </references>
+      <type>XSS</type>
+      <fixed_in>5.3.6</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Events Manager 5.3.5 - wp-admin/post.php Multiple Parameter XSS</title>
+      <references>
+        <osvdb>90915</osvdb>
+        <secunia>52475</secunia>
+      </references>
+      <type>XSS</type>
+      <fixed_in>5.3.6</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>Events Manager 5.3.8 - Multiple XSS Vulnerabilities</title>
       <references>
@@ -5555,9 +5605,19 @@
 
   <plugin name="contact-form-plugin">
     <vulnerability>
-      <title>Contact Form - XSS</title>
+      <title>Contact Form 3.34 - contact_form.php cntctfrm_contact_message Parameter XSS</title>
+      <references>
+        <osvdb>90502</osvdb>
+        <secunia>52179</secunia>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.35</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Contact Form 3.36 - contact_form.php cntctfrm_contact_email Parameter XSS</title>
       <references>
         <osvdb>90503</osvdb>
+        <secunia>52250</secunia>
       </references>
       <type>XSS</type>
     </vulnerability>
@@ -5608,9 +5668,11 @@
 
   <plugin name="responsive-logo-slideshow">
     <vulnerability>
-      <title>Responsive Logo Slideshow - Cross Site Scripting</title>
+      <title>Responsive Logo Slideshow - URL and Image Field XSS</title>
       <references>
+        <osvdb>90406</osvdb>
         <url>http://packetstormsecurity.com/files/120379/</url>
+        <url>http://seclists.org/bugtraq/2013/Feb/84</url>
       </references>
       <type>XSS</type>
     </vulnerability>
@@ -6420,8 +6482,11 @@
 
   <plugin name="feedweb">
     <vulnerability>
-      <title>Feedweb - 'wp_post_id' Parameter XSS</title>
+      <title>Feedweb 1.8.8 - widget_remove.php wp_post_id Parameter XSS</title>
       <references>
+        <osvdb>91951</osvdb>
+        <cve>2013-3720</cve>
+        <secunia>52855</secunia>
         <url>http://www.securityfocus.com/bid/58771</url>
       </references>
       <type>XSS</type>
@@ -6502,9 +6567,10 @@
 
   <plugin name="xili-language">
     <vulnerability>
-      <title>xili-language - XSS</title>
+      <title>xili-language - index.php lang Parameter XSS</title>
       <references>
-        <url>http://wordpress.org/plugins/xili-language/changelog/</url>
+        <osvdb>93233</osvdb>
+        <secunia>53364</secunia>
       </references>
       <type>XSS</type>
       <fixed_in>2.8.6</fixed_in>
@@ -6528,6 +6594,14 @@
       </references>
       <type>XSS</type>
     </vulnerability>
+   <vulnerability>
+      <title>WordPress SEO 1.4.6 - Reset Settings Feature Access Restriction Bypass</title>
+      <references>
+        <osvdb>92147</osvdb>
+        <secunia>52949</secunia>
+      </references>
+      <type>UNKNOWN>
+    </vulnerability>
   </plugin>
 
   <plugin name="underconstruction">

From e18f2c99882e6ecd63ca44e2f88ec657b79e7a8e Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 12 Nov 2013 16:44:43 +0100
Subject: [PATCH 4/6] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 4aa964b6..f32c8d41 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -501,6 +501,7 @@
       </references>
       <type>XSS</type>
     </vulnerability>
+  </plugin>
 
   <plugin name="xerte-online">
     <vulnerability>

From a39145321314fe2d26d6be7a0d741a492bd3ed9e Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 12 Nov 2013 16:57:10 +0100
Subject: [PATCH 5/6] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index f32c8d41..63f4ca4f 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -6601,7 +6601,7 @@
         <osvdb>92147</osvdb>
         <secunia>52949</secunia>
       </references>
-      <type>UNKNOWN>
+      <type>UNKNOWN</type>
     </vulnerability>
   </plugin>
 

From d4758bd22f982fb67e3c1eb15eedfea3791b8717 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Tue, 12 Nov 2013 17:19:42 +0100
Subject: [PATCH 6/6] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 63f4ca4f..68dfc20c 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -2742,16 +2742,20 @@
       <type>SQLI</type>
     </vulnerability>
     <vulnerability>
-      <title>WP Symposium - &quot;u&quot; XSS</title>
+      <title>WP Symposium 13.02 - wp-symposium/invite.php u Parameter XSS</title>
       <references>
+        <osvdb>92275</osvdb>
+        <cve>2013-2695</cve>
         <secunia>52864</secunia>
       </references>
       <type>XSS</type>
       <fixed_in>13.04</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>WP Symposium - &quot;u&quot; Redirection Weakness</title>
+      <title>WP Symposium 13.02 - invite.php u Parameter Arbitrary Site Redirect</title>
       <references>
+        <osvdb>92274</osvdb>
+        <cve>2013-2694</cve>
         <secunia>52925</secunia>
       </references>
       <type>REDIRECT</type>
@@ -6225,7 +6229,7 @@
 
   <plugin name="social-media-widget">
     <vulnerability>
-      <title>social-media-widget - malicious code</title>
+      <title>Social Media Widget - malicious code</title>
       <references>
         <url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</url>
         <url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</url>
@@ -6233,6 +6237,17 @@
       <type>UNKNOWN</type>
       <fixed_in>4.0.2</fixed_in>
     </vulnerability>
+    <vulnerability>
+      <title>Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection</title>
+      <references>
+        <osvdb>92312</osvdb>
+        <cve>2013-1949</cve>
+        <secunia>53020</secunia>
+        <url>http://seclists.org/oss-sec/2013/q2/10</url>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>4.0.1</fixed_in>
+    </vulnerability>
   </plugin>
 
   <plugin name="facebook-members">
@@ -6327,8 +6342,9 @@
 
   <plugin name="top-10">
     <vulnerability>
-      <title>top-10 - CSRF</title>
+      <title>top-10 1.9.2 - Setting Manipulation CSRF</title>
       <references>
+        <osvdb>92849</osvdb>
         <secunia>53205</secunia>
       </references>
       <type>CSRF</type>
@@ -6461,8 +6477,9 @@
 
   <plugin name="contextual-related-posts">
     <vulnerability>
-      <title>Contextual Related Posts - Cross-Site Request Forgery Vulnerability</title>
+      <title>Contextual Related Posts 1.8.6 - Cross-Site Request Forgery Vulnerability</title>
       <references>
+        <osvdb>93088</osvdb>
         <secunia>52960</secunia>
       </references>
       <type>CSRF</type>
@@ -6472,8 +6489,10 @@
 
   <plugin name="calendar">
     <vulnerability>
-      <title>Calendar - Cross-Site Request Forgery Vulnerability</title>
+      <title>Calendar 1.3.2 - Entry Addition CSRF</title>
       <references>
+        <osvdb>93025</osvdb>
+        <cve>2013-2698</cve>
         <secunia>52841</secunia>
       </references>
       <type>CSRF</type>
@@ -7256,6 +7275,7 @@
       </references>
       <type>XSS</type>
     </vulnerability>
+    <vulnerability>
       <title>LBG Zoominoutslider - add_banner.php Unspecified XSS</title>
       <references>
         <osvdb>99320</osvdb>