diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 32b637ae..9926281f 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -71,7 +71,12 @@
- FireStorm Professional Real Estate Plugin Multiple SQL Injection
+ WordPress FireStorm Professional Real Estate Plugin < 2.06.04 "id" SQL Injection Vulnerability
+ http://secunia.com/advisories/51107/
+ SQLI
+
+
+ FireStorm Professional Real Estate Plugin < 2.06.03 Multiple SQL Injection
http://secunia.com/advisories/50873/
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
SQLI
@@ -88,7 +93,7 @@
- All Video Gallery
+ Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/50874/
http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/
SQLI
@@ -131,9 +136,10 @@
- Google Document Embedder Arbitrary File Disclosure
+ Google Document Embedder < 2.5.4 Arbitrary File Disclosure
http://www.exploit-db.com/exploits/23970/
http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
+ http://secunia.com/advisories/50832/
exploit/unix/webapp/wp_google_document_embedder_exec
UNKNOWN
@@ -216,8 +222,9 @@
- Shopping Cart 8.1.14 Shell Upload / SQL Injection
+ Shopping Cart <, 8.1.15 Shell Upload / SQL Injection
http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt
+ http://secunia.com/advisories/51690/
MULTI
@@ -250,6 +257,7 @@
Advanced Custom Fields <= 3.5.1 Remote File Inclusion
http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt
+ http://secunia.com/advisories/51037/
exploit/unix/webapp/wp_advanced_custom_fields_exec
RFI
@@ -408,6 +416,7 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+ http://secunia.com/advisories/51224/
XSS
@@ -440,6 +449,7 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+ http://secunia.com/advisories/51250/
XSS
@@ -555,8 +565,10 @@
- Ajax Post Search 1.1 Sql Injection
+ Ajax Post Search < 1.3 Sql Injection
http://seclists.org/bugtraq/2012/Nov/33
+ http://secunia.com/advisories/51205/
+ http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html
SQLI
@@ -573,6 +585,7 @@
Catalog HTML Code Injection and Cross-site scripting
http://packetstormsecurity.org/files/117820/wpcatalog-xss.txt
+ http://secunia.com/advisories/51143/
MULTI
@@ -587,10 +600,15 @@
- Slideshow jQuery Image Gallery Multiple Vulnerabilities
+ Slideshow jQuery Image Gallery Multiple Vulnerabilities
http://www.waraxe.us/advisory-92.html
MULTI
+
+ WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities
+ http://secunia.com/advisories/51135/
+ XSS
+
@@ -1085,6 +1103,7 @@ File Upload Vulnerability
FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection
http://packetstormsecurity.org/files/117768
+ http://secunia.com/advisories/51109/
MULTI
@@ -1175,6 +1194,11 @@ File Upload Vulnerability
http://packetstormsecurity.org/files/112693/
XSS
+
+ Pretty Link Lite <= 1.6.1 Cross Site Scripting
+ http://secunia.com/advisories/50980/
+ XSS
+
@@ -1769,6 +1793,11 @@ File Upload Vulnerability
+
+ WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities
+ http://secunia.com/advisories/51100/
+ MULTI
+
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
@@ -1979,6 +2008,7 @@ File Upload Vulnerability
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+ http://secunia.com/advisories/51271/
XSS
@@ -2619,6 +2649,11 @@ File Upload Vulnerability
http://www.exploit-db.com/exploits/17808/
SQLI
+
+ WordPress WP-Filebase Plugin < 0.2.9.25 Unspecified Vulnerabilities
+ http://secunia.com/advisories/51269/
+ UNKNOWN
+
@@ -2929,6 +2964,11 @@ File Upload Vulnerability
http://www.exploit-db.com/exploits/17983/
SQLI
+
+ WP Photo Album Plus <= 4.8.12 Cross-Site Scripting
+ http://secunia.com/advisories/51679/
+ XSS
+
WP Photo Album Plus < 4.9.1 Full Path Disclosure
http://1337day.com/exploit/20125
@@ -2939,6 +2979,11 @@ File Upload Vulnerability
http://secunia.com/advisories/51829/
XSS
+
+ WP Photo Album Plus < 4.9.3 XSS
+ http://secunia.com/advisories/51669/
+ XSS
+
@@ -2958,6 +3003,7 @@ File Upload Vulnerability
portable-phpMyAdmin < 1.3.1 Authentication Bypass
http://www.exploit-db.com/exploits/23356
+ http://secunia.com/advisories/51520/
AUTHBYPASS
@@ -3060,6 +3106,11 @@ File Upload Vulnerability
http://seclists.org/bugtraq/2013/Jan/86
SQLI
+
+ WordPress Poll Plugin < 33.6 Multiple SQL Injection Vulnerabilities
+ http://secunia.com/advisories/50910/
+ SQLI
+
@@ -3096,5 +3147,94 @@ File Upload Vulnerability
+
+
+ WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities
+ http://secunia.com/advisories/51581/
+ MULTI
+
+
+
+
+
+ WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability
+ http://secunia.com/advisories/51543/
+ CSRF
+
+
+
+
+
+ WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability
+ http://secunia.com/advisories/51419/
+ XSS
+
+
+
+
+
+ WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability
+ http://secunia.com/advisories/51385/
+ XSS
+
+
+
+
+
+ WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability
+ http://secunia.com/advisories/51384/
+ XSS
+
+
+
+
+
+ WordPress vTiger CRM Lead Capture Plugin < 1.1.0 Unspecified Vulnerability
+ http://secunia.com/advisories/51305/
+ UNKNOWN
+
+
+
+
+
+ WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability
+ http://secunia.com/advisories/50982/
+ XSS
+
+
+
+
+
+ WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability
+ http://secunia.com/advisories/51082/
+ CSRF
+
+
+
+
+
+ WordPress Wysija Newsletters Plugin < 2.1.7 swfupload Cross-Site Scripting Vulnerability
+ http://secunia.com/advisories/51249/
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+ XSS
+
+
+
+
+
+ WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability
+ http://secunia.com/advisories/51179/
+ SQLI
+
+
+
+
+
+ WordPress Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability
+ http://secunia.com/advisories/50981/
+ XSS
+
+
+
diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 4cf2e2ba..4852838f 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1186,4 +1186,12 @@
+
+
+ WordPress Clockstone Theme upload.php Arbitrary File Upload Vulnerability
+ http://secunia.com/advisories/51619/
+ UPLOAD
+
+
+