Merge pull request #347 from pvdl/vulns

Update WordPress Vulnerabilities

data/plugin_vulns.xml

@@ -1353,9 +1353,7 @@
 
   <plugin name="auctionplugin">
     <vulnerability>
-      <title>Auctions 2.0.1.3 - Arbitrary
+      <title>Auctions 2.0.1.3 - Arbitrary File Upload Vulnerability</title>
-        File Upload Vulnerability
-      </title>
       <references>
         <url>http://packetstormsecurity.com/files/113568/</url>
       </references>
@@ -5193,8 +5191,7 @@
 
   <plugin name="xve-various-embed">
     <vulnerability>
-      <title>XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities
+      <title>XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities</title>
-      </title>
       <references>
         <secunia>50173</secunia>
       </references>
@@ -6695,8 +6692,7 @@
 
   <plugin name="buddypress-extended-friendship-request">
     <vulnerability>
-      <title>BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS
+      <title>BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS</title>
-      </title>
       <references>
         <osvdb>94807</osvdb>
       </references>
@@ -7390,7 +7386,7 @@
 
   <plugin name="landing-pages">
     <vulnerability>
-      <title>Landing Pages - Unspecified SQL Injection </title>
+      <title>Landing Pages - Unspecified SQL Injection</title>
       <references>
         <osvdb>98334</osvdb>
         <secunia>55192</secunia>
@@ -7784,4 +7780,16 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="rockhoist-ratings">
+    <vulnerability>
+      <title>Rockhoist Ratings 1.2.2 - wp-admin/admin-ajax.php postID Parameter SQL Injection</title>
+      <references>
+        <osvdb>99195</osvdb>
+        <secunia>55445</secunia>
+        <url>http://www.securityfocus.com/bid/63441</url>
+      </references>
+      <type>SQLI</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

data/wp_vulns.xml

@@ -26,6 +26,7 @@
         <url>http://core.trac.wordpress.org/changeset/25322</url>
       </references>
       <type>XSS</type>
+      <fixed_in>3.6.1</fixed_in>
     </vulnerability>
     <vulnerability>
       <title>Crafted String URL Redirect Restriction Bypass</title>
@@ -57,6 +58,7 @@
         <url>http://core.trac.wordpress.org/changeset/25322</url>
       </references>
       <type>XSS</type>
+      <fixed_in>3.6.1</fixed_in>
     </vulnerability>
   </wordpress>
 

lib/common/models/vulnerability/output.rb

@@ -14,7 +14,9 @@ class Vulnerability
 					puts ' | ' + red("* Reference: #{url}") if url
 				end
 			end
-		end
+      if !fixed_in.empty?
-
+         puts " | * Fixed in: #{fixed_in}"
+      end
+    end
   end
 end