From 95557ce095c46f5ef4a1af215688ad97922328ac Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Tue, 17 Sep 2013 14:34:33 +0100
Subject: [PATCH] Some vulns added

---
 data/plugin_vulns.xml | 48 +++++++++++++++++++++++++++++++++++++++++++
 data/wp_vulns.xml     | 43 +++++++++++++++++++++++++++++++++++++-
 2 files changed, 90 insertions(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 8ae79715..79b2a8d1 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -2794,6 +2794,15 @@
       </references>
       <type>SQLI</type>
     </vulnerability>
+    <vulnerability>
+      <title>Privilege Escalation CSRF</title>
+      <references>
+        <osvdb>96905</osvdb>
+        <cve>2013-0736</cve>
+        <secunia>47687</secunia>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
   </plugin>
 
   <plugin name="accept-signups">
@@ -6494,4 +6503,43 @@
       <fixed_in>1.3.8</fixed_in>
     </vulnerability>
   </plugin>
+
+  <plugin name="design-approval-system">
+    <vulnerability>
+      <title>/admin/walkthrough/walkthrough.php step Parameter Reflected XSS</title>
+      <references>
+        <url>http://seclists.org/bugtraq/2013/Sep/54</url>
+        <cve>2013-5711</cve>
+        <osvdb>97279</osvdn>
+      </references>
+      <fixed_in>3.7</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="event-easy-calendar">
+    <vulnerability>
+      <title>Multiple Administrator Action CSRF</title>
+      <references>
+        <osvdb>97042</osvdb>
+      </references>
+    </vulnerability>
+    <vulnerability>
+      <title>Multiple Unspecified XSS</title>
+      <references>
+        <osvdb>97041</osvdb>
+      </references>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="">
+    <vulnerability>
+      <title></title>
+      <references>
+        <url></url>
+        <cve></cve>
+        <osvdb></osvdb>
+      </references>
+      <fixed_in></fixed_in>
+    </vulnerability>
+  </plugin>
 </vulnerabilities>
diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index f9154631..659d12f5 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -10,10 +10,51 @@
         <url>http://vagosec.org/2013/09/wordpress-php-object-injection/</url>
         <url>http://www.openwall.com/lists/oss-security/2013/09/12/1</url>
         <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340</url>
-        <cve>2013-4340</cve>
+        <url>http://core.trac.wordpress.org/changeset/25325</url>
+        <secunia>54803</secunia>
+        <cve>2013-4338</cve>
+        <osvdb>97211</osvdb>
       </references>
       <type>UNKNOWN</type>
     </vulnerability>
+    <vulnerability>
+      <title>wp-includes/functions.php get_allowed_mime_types Function SWF / EXE File Upload XSS Weakness</title>
+      <references>
+        <osvdb>97210</osvdb>
+        <cve>2013-5739</cve>
+        <url>http://core.trac.wordpress.org/changeset/25322</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Crafted String URL Redirect Restriction Bypass</title>
+      <references>
+        <osvdb>97212</osvdb>
+        <cve>2013-4339</cve>
+        <secunia>54803</secunia>
+        <url>http://core.trac.wordpress.org/changeset/25323</url>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-admin/includes/post.php user_ID Parameter Manipulation Post Authorship Spoofing</title>
+      <references>
+        <osvdb>97213</osvdb>
+        <cve>2013-4340</cve>
+        <secunia>54803</secunia>
+        <url>http://core.trac.wordpress.org/changeset/25321</url>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+    <vulnerability>
+      <title>wp-includes/functions.php get_allowed_mime_types Function HTML File Upload XSS Weakness</title>
+      <references>
+        <osvdb>97214</osvdb>
+        <cve>2013-5738</cve>
+        <url>http://core.trac.wordpress.org/changeset/25322</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
   </wordpress>
 
   <wordpress version="3.5.2">