From 921596f6f81492e6a7c929a76e34bd9315b45a55 Mon Sep 17 00:00:00 2001
From: Peter <vanderlaan.pm@gmail.com>
Date: Thu, 31 Jul 2014 11:43:42 +0200
Subject: [PATCH] Added WP-e-Commerce Vulns. Fix #640

---
 data/plugin_vulns.xml | 52 ++++++++++++++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 16 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 144a5a98..bf02f875 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -5579,22 +5579,6 @@
   </plugin>
 
   <plugin name="wp-e-commerce">
-    <vulnerability>
-      <title>WP e-Commerce 3.8.6 - wpsc-cart_widget.php cart_messages Parameter XSS</title>
-      <references>
-        <osvdb>74295</osvdb>
-        <secunia>45513</secunia>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.8.8</fixed_in>
-    </vulnerability>
-    <vulnerability>
-      <title>WP e-Commerce &lt;= 3.8.6 - SQL Injection Vulnerability</title>
-      <references>
-        <exploitdb>17832</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
     <vulnerability>
       <title>WP-e-Commerce 3.8.9.5 - Cross Site Scripting Vulnerability</title>
       <references>
@@ -5634,6 +5618,42 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>WP-e-Commerce 3.8.9 - purchase-log-list-table-class.php m Parameter XSS</title>
+      <references>
+        <osvdb>88231</osvdb>
+        <url>http://www.securityfocus.com/bid/56499</url>
+        <url>http://xforce.iss.net/xforce/xfdb/80048</url>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.8.9.1</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>WP-e-Commerce 3.8.9 - purchaselogs.class.php view_purchlogs_by_status Parameter SQL Injection</title>
+      <references>
+        <osvdb>88232</osvdb>
+        <url>http://www.securityfocus.com/bid/56499</url>
+        <url>http://xforce.iss.net/xforce/xfdb/80042</url>
+      </references>
+      <type>SQLI</type>
+      <fixed_in>3.8.9.1</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>WP e-Commerce 3.8.6 - wpsc-cart_widget.php cart_messages Parameter XSS</title>
+      <references>
+        <osvdb>74295</osvdb>
+        <secunia>45513</secunia>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.8.8</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>WP e-Commerce &lt;= 3.8.6 - SQL Injection Vulnerability</title>
+      <references>
+        <exploitdb>17832</exploitdb>
+      </references>
+      <type>SQLI</type>
+    </vulnerability>
   </plugin>
 
   <plugin name="filedownload">