garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #314 from pvdl/master

Browse Source 
Update WordPress Vulnerabilities
This commit is contained in:
erwanlr
2013-10-12 12:30:22 -07:00
parent b72ce7caf5 9d6e50c8e2
commit 9e87d1f4d5
1 changed files with 123 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

225
data/plugin_vulns.xml
View File

@@ -204,7 +204,7 @@
<plugin name="wp125">
<vulnerability>
<title>WP125 Multiple - XSS</title>
<title>WP125 - Multiple XSS</title>
<references>
<secunia>50976</secunia>
</references>
@@ -253,7 +253,7 @@
<plugin name="floating-social-media-links">
<vulnerability>
<title>Floating Social Media Links Remote File Inclusion</title>
<title>Floating Social Media Links - Remote File Inclusion</title>
<references>
<secunia>51346</secunia>
<url>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/</url>
@@ -264,7 +264,7 @@
<plugin name="zingiri-forum">
<vulnerability>
<title>Zingiri Forum Arbitrary File Disclosure</title>
<title>Zingiri Forum - Arbitrary File Disclosure</title>
<references>
<secunia>50833</secunia>
<url>http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/</url>
@@ -293,7 +293,7 @@
<plugin name="extended-user-profile">
<vulnerability>
<title>extended-user-profile Full Path Disclosure vulnerability</title>
<title>extended-user-profile - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20118</url>
</references>
@@ -303,7 +303,7 @@
<plugin name="superslider-show">
<vulnerability>
<title>superslider-show Full Path Disclosure vulnerability</title>
<title>superslider-show - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20117</url>
</references>
@@ -323,7 +323,7 @@
<plugin name="contest/OpenInviter">
<vulnerability>
<title>OpenInviter Information Disclosure</title>
<title>OpenInviter - Information Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/119265/</url>
</references>
@@ -333,7 +333,7 @@
<plugin name="wp_rokbox">
<vulnerability>
<title>RokBox Multiple Vulnerabilities</title>
<title>RokBox - Multiple Vulnerabilities</title>
<references>
<url>http://1337day.com/exploit/19981</url>
</references>
@@ -395,7 +395,7 @@
<plugin name="grou-random-image-widget">
<vulnerability>
<title>grou-random-image-widget Full Path Disclosure</title>
<title>grou-random-image-widget - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20047</url>
</references>
@@ -405,14 +405,14 @@
<plugin name="sintic_gallery">
<vulnerability>
<title>sintic_gallery Arbitrary File Upload Vulnerability</title>
<title>sintic_gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19993</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>sintic_gallery Path Disclosure Vulnerability</title>
<title>sintic_gallery - Path Disclosure Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20020</url>
</references>
@@ -422,7 +422,7 @@
<plugin name="wp-useronline">
<vulnerability>
<title>WP-UserOnline Full Path Disclosure</title>
<title>WP-UserOnline - Full Path Disclosure</title>
<references>
<url>http://seclists.org/fulldisclosure/2010/Jul/8</url>
</references>
@@ -439,7 +439,7 @@
<plugin name="levelfourstorefront">
<vulnerability>
<title>Shopping Cart Shell Upload / SQL Injection</title>
<title>Shopping Cart - Shell Upload, SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/119217/</url>
<secunia>51690</secunia>
@@ -502,7 +502,7 @@
<plugin name="sitepress-multilingual-cms">
<vulnerability>
<title>sitepress-multilingual-cms Full Path Disclosure</title>
<title>sitepress-multilingual-cms - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20067</url>
</references>
@@ -649,7 +649,7 @@
<plugin name="power-zoomer">
<vulnerability>
<title>powerzoomer Arbitrary File Upload Vulnerability</title>
<title>powerzoomer - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20253</url>
</references>
@@ -727,7 +727,7 @@
<plugin name="wp-3dflick-slideshow">
<vulnerability>
<title>wp-3dflick-slideshow Arbitrary File Upload Vulnerability</title>
<title>wp-3dflick-slideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20255</url>
</references>
@@ -813,7 +813,7 @@
<plugin name="wp-homepage-slideshow">
<vulnerability>
<title>wp-homepage-slideshow Arbitrary File Upload Vulnerability</title>
<title>wp-homepage-slideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20260</url>
</references>
@@ -830,7 +830,7 @@
<plugin name="wp-image-news-slider">
<vulnerability>
<title>wp-image-news-slider Arbitrary File Upload Vulnerability</title>
<title>wp-image-news-slider - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20259</url>
</references>
@@ -855,7 +855,7 @@
<plugin name="wp-levoslideshow">
<vulnerability>
<title>wp-levoslideshow Arbitrary File Upload Vulnerability</title>
<title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20250</url>
</references>
@@ -882,7 +882,7 @@
<plugin name="wp-powerplaygallery">
<vulnerability>
<title>wp-powerplaygallery Arbitrary File Upload Vulnerability</title>
<title>wp-powerplaygallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20252</url>
</references>
@@ -899,7 +899,7 @@
<plugin name="wp-royal-gallery">
<vulnerability>
<title>wp-royal-gallery Arbitrary File Upload Vulnerability</title>
<title>wp-royal-gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20261</url>
</references>
@@ -923,7 +923,7 @@
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp superb Slideshow Full Path Disclosure</title>
<title>wp superb Slideshow - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/19979</url>
</references>
@@ -953,7 +953,7 @@
<plugin name="cardoza-ajax-search">
<vulnerability>
<title>Ajax Post Search Sql Injection</title>
<title>Ajax - Post Search Sql Injection</title>
<references>
<url>http://seclists.org/bugtraq/2012/Nov/33</url>
<secunia>51205</secunia>
@@ -977,7 +977,7 @@
<plugin name="catalog">
<vulnerability>
<title>Catalog HTML Code Injection and Cross-site scripting</title>
<title>Catalog - HTML Code Injection and Cross-site scripting</title>
<references>
<url>http://packetstormsecurity.com/files/117820/</url>
<secunia>51143</secunia>
@@ -1021,7 +1021,7 @@
<plugin name="slideshow-jquery-image-gallery">
<vulnerability>
<title>Slideshow jQuery Image Gallery Multiple Vulnerabilities</title>
<title>Slideshow jQuery Image Gallery - Multiple Vulnerabilities</title>
<references>
<url>http://www.waraxe.us/advisory-92.html</url>
</references>
@@ -1038,7 +1038,7 @@
<plugin name="social-discussions">
<vulnerability>
<title>Social Discussions Multiple Vulnerabilities</title>
<title>Social Discussions - Multiple Vulnerabilities</title>
<references>
<url>http://www.waraxe.us/advisory-93.html</url>
</references>
@@ -1048,7 +1048,7 @@
<plugin name="abtest">
<vulnerability>
<title>ABtest Directory Traversal</title>
<title>ABtest - Directory Traversal</title>
<references>
<url>
http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
@@ -1073,7 +1073,7 @@
<plugin name="nextgen_cu3er_gallery">
<vulnerability>
<title>NextGen Cu3er Gallery Information Disclosure</title>
<title>NextGen Cu3er Gallery - Information Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/116150/</url>
</references>
@@ -1083,7 +1083,7 @@
<plugin name="rich-widget">
<vulnerability>
<title>Rich Widget File Upload</title>
<title>Rich Widget - File Upload</title>
<references>
<url>http://packetstormsecurity.com/files/115787/</url>
</references>
@@ -1093,7 +1093,7 @@
<plugin name="monsters-editor-10-for-wp-super-edit">
<vulnerability>
<title>Monsters Editor Shell Upload</title>
<title>Monsters Editor - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/115788/</url>
</references>
@@ -1145,7 +1145,7 @@
<plugin name="rsvpmaker">
<vulnerability>
<title>RSVPMaker v2.5.4 - Persistent XSS</title>
<title>RSVPMaker 2.5.4 - Persistent XSS</title>
<references>
<exploitdb>20474</exploitdb>
<secunia>50289</secunia>
@@ -1167,7 +1167,7 @@
<plugin name="resume-submissions-job-postings">
<vulnerability>
<title>Resume Submissions Job Posting v2.5.1 - Unrestricted File Upload</title>
<title>Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload</title>
<references>
<url>http://packetstormsecurity.com/files/114716/</url>
</references>
@@ -1177,7 +1177,7 @@
<plugin name="wp-predict">
<vulnerability>
<title>WP-Predict v1.0 - Blind SQL Injection</title>
<title>WP-Predict 1.0 - Blind SQL Injection</title>
<references>
<exploitdb>19715</exploitdb>
@@ -1200,7 +1200,7 @@
<plugin name="moodthingy-mood-rating-widget">
<vulnerability>
<title>MoodThingy Widget v0.8.7 - Blind SQL Injection</title>
<title>MoodThingy Widget 0.8.7 - Blind SQL Injection</title>
<references>
<exploitdb>19572</exploitdb>
</references>
@@ -1210,7 +1210,7 @@
<plugin name="paid-business-listings">
<vulnerability>
<title>Paid Business Listings v1.0.2 - Blind SQL Injection</title>
<title>Paid Business Listings 1.0.2 - Blind SQL Injection</title>
<references>
<exploitdb>19481</exploitdb>
</references>
@@ -1297,7 +1297,7 @@
<plugin name="auctionplugin">
<vulnerability>
<title>Auctions - 2.0.1.3 - Arbitrary
<title>Auctions 2.0.1.3 - Arbitrary
File Upload Vulnerability
</title>
<references>
@@ -1359,9 +1359,7 @@
<plugin name="contus-video-galleryversion-10">
<vulnerability>
<title>Contus Video Gallery 1.3 - Arbitrary
File Upload Vulnerability
</title>
<title>Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/113571/</url>
</references>
@@ -1485,7 +1483,7 @@
<plugin name="custom-content-type-manager">
<vulnerability>
<title>Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability</title>
<title>Custom Content Type Manager 0.9.5.13pl - Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19058</exploitdb>
</references>
@@ -1522,7 +1520,7 @@
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Front End Upload v0.5.4 - Arbitrary PHP File Upload</title>
<title>Front End Upload 0.5.4 - Arbitrary PHP File Upload</title>
<references>
<exploitdb>20083</exploitdb>
</references>
@@ -1659,14 +1657,14 @@
<plugin name="store-locator-le">
<vulnerability>
<title>Google Maps via Store Locator Multiple Vulnerabilities</title>
<title>Google Maps via Store Locator - Multiple Vulnerabilities</title>
<references>
<exploitdb>18989</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>store-locator-le SQL Injection</title>
<title>store-locator-le - SQL Injection</title>
<references>
<secunia>51757</secunia>
</references>
@@ -1698,7 +1696,7 @@
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - XSS / CSRF / SQL Injection</title>
<title>FoxyPress 0.4.2.5 - XSS, CSRF, SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/117768/</url>
<secunia>51109</secunia>
@@ -2197,7 +2195,7 @@
<plugin name="cms-tree-page-view">
<vulnerability>
<title>XSS vulnerability in CMS Tree Page View Plugin</title>
<title>CMS Tree Page View - XSS vulnerability</title>
<references>
<url>https://www.htbridge.com/advisory/HTB23083</url>
</references>
@@ -2483,7 +2481,7 @@
<plugin name="clickdesk-live-support-chat">
<vulnerability>
<title>Click Desk Live Support Chat Cross Site Scripting Vulnerability</title>
<title>Click Desk Live Support Chat - Cross Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/148</url>
</references>
@@ -2609,7 +2607,7 @@
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Symposium &quot;u&quot; XSS</title>
<title>WP Symposium - &quot;u&quot; XSS</title>
<references>
<secunia>52864</secunia>
</references>
@@ -2617,7 +2615,7 @@
<fixed_in>13.04</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &quot;u&quot; Redirection Weakness</title>
<title>WP Symposium - &quot;u&quot; Redirection Weakness</title>
<references>
<secunia>52925</secunia>
</references>
@@ -2647,7 +2645,7 @@
<plugin name="beer-recipes">
<vulnerability>
<title>Beer Recipes v.1.0 - XSS</title>
<title>Beer Recipes 1.0 - XSS</title>
<references>
<exploitdb>17453</exploitdb>
</references>
@@ -2667,7 +2665,7 @@
<plugin name="editormonkey">
<vulnerability>
<title>EditorMonkey (FCKeditor) Arbitrary File Upload</title>
<title>EditorMonkey - (FCKeditor) Arbitrary File Upload</title>
<references>
<exploitdb>17284</exploitdb>
</references>
@@ -2888,7 +2886,7 @@
<plugin name="user-photo">
<vulnerability>
<title>User Photo Component Remote File Upload Vulnerability</title>
<title>User Photo - Component Remote File Upload Vulnerability</title>
<references>
<exploitdb>16181</exploitdb>
<osvdb>71071</osvdb>
@@ -2900,7 +2898,7 @@
<plugin name="enable-media-replace">
<vulnerability>
<title>Enable Media Replace Multiple Vulnerabilities</title>
<title>Enable Media Replace - Multiple Vulnerabilities</title>
<references>
<exploitdb>16144</exploitdb>
</references>
@@ -2967,7 +2965,7 @@
<plugin name="events-manager-extended">
<vulnerability>
<title>Events Manager Extended Persistent XSS Vulnerability</title>
<title>Events Manager Extended - Persistent XSS Vulnerability</title>
<references>
<exploitdb>14923</exploitdb>
</references>
@@ -2994,7 +2992,7 @@
<plugin name="mylinksdump">
<vulnerability>
<title>myLDlinker SQL Injection Vulnerability</title>
<title>myLDlinker - SQL Injection Vulnerability</title>
<references>
<exploitdb>14441</exploitdb>
</references>
@@ -3004,7 +3002,7 @@
<plugin name="firestats">
<vulnerability>
<title>Firestats Remote Configuration File Download</title>
<title>Firestats - Remote Configuration File Download</title>
<references>
<exploitdb>14308</exploitdb>
</references>
@@ -3014,7 +3012,7 @@
<plugin name="simple-press">
<vulnerability>
<title>Simple:Press SQL Injection Vulnerability</title>
<title>Simple Press - SQL Injection Vulnerability</title>
<references>
<exploitdb>14198</exploitdb>
</references>
@@ -3043,7 +3041,7 @@
<fixed_in>1.9.8</fixed_in>
</vulnerability>
<vulnerability>
<title>XSS in NextGEN Gallery &lt;= 1.5.1</title>
<title>NextGEN Gallery &lt;= 1.5.1 - XSS Vulnerability</title>
<references>
<exploitdb>12098</exploitdb>
</references>
@@ -3071,7 +3069,7 @@
<plugin name="cpl">
<vulnerability>
<title>Copperleaf Photolog SQL injection</title>
<title>Copperleaf Photolog - SQL injection</title>
<references>
<exploitdb>11458</exploitdb>
</references>
@@ -3081,7 +3079,7 @@
<plugin name="events-calendar">
<vulnerability>
<title>Events SQL Injection Vulnerability</title>
<title>Events Calendar - SQL Injection Vulnerability</title>
<references>
<exploitdb>10929</exploitdb>
<osvdb>95677</osvdb>
@@ -3090,7 +3088,7 @@
<fixed_in>6.7.10</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Events Calendar wp-admin/admin.php EC_id Parameter XSS</title>
<title>Events Calendar - wp-admin/admin.php EC_id Parameter XSS</title>
<references>
<osvdb>74705</osvdb>
</references>
@@ -3101,7 +3099,7 @@
<plugin name="ImageManager">
<vulnerability>
<title>Image Manager Plugins Shell Upload Vulnerability</title>
<title>Image Manager - Shell Upload Vulnerability</title>
<references>
<exploitdb>10325</exploitdb>
</references>
@@ -3118,7 +3116,7 @@
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WP-Cumulus Cross Site Scripting Vulnerabily</title>
<title>WP-Cumulus - Cross Site Scripting Vulnerabily</title>
<references>
<url>http://seclists.org/fulldisclosure/2011/Nov/340</url>
</references>
@@ -3207,7 +3205,7 @@
<plugin name="wp-lytebox">
<vulnerability>
<title>Lytebox (wp-lytebox) Local File Inclusion Vulnerability</title>
<title>Lytebox - Local File Inclusion Vulnerability</title>
<references>
<exploitdb>8791</exploitdb>
</references>
@@ -3272,7 +3270,7 @@
<plugin name="wp-download">
<vulnerability>
<title>Download (dl_id) SQL Injection Vulnerability</title>
<title>Download - (dl_id) SQL Injection Vulnerability</title>
<references>
<exploitdb>5326</exploitdb>
</references>
@@ -3292,7 +3290,7 @@
<plugin name="wp-photo-album">
<vulnerability>
<title>Photo album Remote SQL Injection Vulnerability</title>
<title>Photo album - Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5135</exploitdb>
</references>
@@ -3319,14 +3317,14 @@
<plugin name="st_newsletter">
<vulnerability>
<title>st_newsletter Remote SQL Injection Vulnerability</title>
<title>st_newsletter - Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5053</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>st_newsletter (stnl_iframe.php) SQL Injection Vuln</title>
<title>st_newsletter - (stnl_iframe.php) SQL Injection Vulnerability</title>
<references>
<exploitdb>6777</exploitdb>
</references>
@@ -3336,7 +3334,7 @@
<plugin name="wordspew">
<vulnerability>
<title>Wordspew Remote SQL Injection Vulnerability</title>
<title>Wordspew - Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5039</exploitdb>
</references>
@@ -3443,7 +3441,7 @@
<plugin name="backupwordpress">
<vulnerability>
<title>BackUp &lt;= 0.4.2b RFI Vulnerability</title>
<title>BackUp &lt;= 0.4.2b - RFI Vulnerability</title>
<references>
<exploitdb>4593</exploitdb>
</references>
@@ -3681,7 +3679,7 @@
<plugin name="yolink-search">
<vulnerability>
<title>yolink Search "s" Cross-Site Scripting Vulnerability</title>
<title>yolink Search - "s" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>52030</secunia>
</references>
@@ -3863,7 +3861,7 @@
<plugin name="eventify">
<vulnerability>
<title>Eventify - Simple Events &lt;= 1.7.f SQL Injection Vulnerability</title>
<title>Eventify - Simple Events &lt;= 1.7.f - SQL Injection Vulnerability</title>
<references>
<exploitdb>17794</exploitdb>
</references>
@@ -3900,7 +3898,7 @@
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>1 Flash Gallery Arbiraty File Upload Exploit (MSF)</title>
<title>1 Flash Gallery - Arbiraty File Upload Exploit (MSF)</title>
<references>
<exploitdb>17801</exploitdb>
</references>
@@ -3917,7 +3915,7 @@
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP-Filebase Unspecified Vulnerabilities</title>
<title>WP-Filebase - Unspecified Vulnerabilities</title>
<references>
<secunia>51269</secunia>
</references>
@@ -4029,7 +4027,7 @@
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Mailing List Arbitrary file download</title>
<title>Mailing List - Arbitrary file download</title>
<references>
<exploitdb>18276</exploitdb>
</references>
@@ -4091,7 +4089,7 @@
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Category Grid View Gallery CatGridPost.php ID Parameter XSS</title>
<title>Category Grid View Gallery - CatGridPost.php ID Parameter XSS</title>
<references>
<osvdb>94805</osvdb>
</references>
@@ -4349,7 +4347,7 @@
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus Full Path Disclosure</title>
<title>WP Photo Album Plus - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20125</url>
</references>
@@ -4357,7 +4355,7 @@
<fixed_in>4.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus index.php wppa-tag Parameter XSS</title>
<title>WP Photo Album Plus - index.php wppa-tag Parameter XSS</title>
<references>
<osvdb>89165</osvdb>
<secunia>51829</secunia>
@@ -4366,7 +4364,7 @@
<fixed_in>4.9.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability</title>
<title>WP Photo Album Plus - "commentid" Cross-Site Scripting Vulnerability</title>
<references>
<osvdb>93033</osvdb>
<cve>2013-3254</cve>
@@ -4376,7 +4374,7 @@
<fixed_in>5.0.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS</title>
<title>WP Photo Album Plus - wp-admin/admin.php edit_id Parameter XSS</title>
<references>
<osvdb>94465</osvdb>
<secunia>53915</secunia>
@@ -4509,7 +4507,7 @@
<plugin name="floating-tweets">
<vulnerability>
<title>floating-tweets persistent - XSS</title>
<title>floating-tweets - persistent XSS</title>
<references>
<url>http://packetstormsecurity.com/files/119499/</url>
<url>http://websecurity.com.ua/6023/</url>
@@ -4517,7 +4515,7 @@
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>floating-tweets directory traversal</title>
<title>floating-tweets - directory traversal</title>
<references>
<url>http://packetstormsecurity.com/files/119499/</url>
<url>http://websecurity.com.ua/6023/</url>
@@ -4547,7 +4545,7 @@
<fixed_in>0.9.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Simple Login Log SQL Injection</title>
<title>Simple Login Log - SQL Injection</title>
<references>
<secunia>51780</secunia>
</references>
@@ -4558,7 +4556,7 @@
<plugin name="wp-slimstat">
<vulnerability>
<title>wp-slimstat XSS</title>
<title>wp-slimstat - XSS</title>
<references>
<secunia>51721</secunia>
</references>
@@ -4580,7 +4578,7 @@
<plugin name="browser-rejector">
<vulnerability>
<title>browser-rejector Remote and Local File Inclusion</title>
<title>browser-rejector - Remote and Local File Inclusion</title>
<references>
<secunia>51739</secunia>
</references>
@@ -4591,7 +4589,7 @@
<plugin name="wp-file-uploader">
<vulnerability>
<title>File Uploader PHP File Upload Vulnerability</title>
<title>File Uploader - PHP File Upload Vulnerability</title>
<references>
<url>http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/</url>
</references>
@@ -4601,7 +4599,7 @@
<plugin name="cardoza-wordpress-poll">
<vulnerability>
<title>Poll Cross-Site Request Forgery Vulnerability</title>
<title>Cardoza Wordpress poll - Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51925</secunia>
</references>
@@ -4609,7 +4607,7 @@
<fixed_in>34.06</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin</title>
<title>Cardoza Wordpress poll - Multiple SQL injection vulnerabilities</title>
<references>
<secunia>51942</secunia>
<url>http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html</url>
@@ -4618,7 +4616,7 @@
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Poll Multiple SQL Injection Vulnerabilities</title>
<title>Cardoza Wordpress poll - Multiple SQL Injection Vulnerabilities</title>
<references>
<secunia>50910</secunia>
</references>
@@ -4629,7 +4627,7 @@
<plugin name="devformatter">
<vulnerability>
<title>Developer Formatter CSRF and XSS Vulnerability</title>
<title>Developer Formatter - CSRF and XSS Vulnerability</title>
<references>
<url>http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt</url>
<url>http://1337day.com/exploits/20210</url>
@@ -4641,7 +4639,7 @@
<plugin name="dvs-custom-notification">
<vulnerability>
<title>DVS Custom Notification Cross-Site Request Forgery Vulnerability</title>
<title>DVS Custom Notification - Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51531</secunia>
</references>
@@ -4696,7 +4694,7 @@
<plugin name="usc-e-shop">
<vulnerability>
<title>Welcart e-Commerce Cross-Site Scripting and Request Forgery Vulnerabilities</title>
<title>Welcart e-Commerce - Cross-Site Scripting and Request Forgery Vulnerabilities</title>
<references>
<secunia>51581</secunia>
</references>
@@ -4706,7 +4704,7 @@
<plugin name="knews">
<vulnerability>
<title>Knews Multilingual Newsletters Cross-Site Request Forgery Vulnerability</title>
<title>Knews - Multilingual Newsletters Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51543</secunia>
</references>
@@ -4716,7 +4714,7 @@
<plugin name="video-lead-form">
<vulnerability>
<title>Video Lead Form "errMsg" Cross-Site Scripting Vulnerability</title>
<title>Video Lead Form - "errMsg" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51419</secunia>
</references>
@@ -4726,7 +4724,7 @@
<plugin name="woocommerce-predictive-search">
<vulnerability>
<title>WooCommerce Predictive Search "rs" Cross-Site Scripting Vulnerability</title>
<title>WooCommerce Predictive Search - "rs" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51385</secunia>
</references>
@@ -4736,7 +4734,7 @@
<plugin name="woocommerce">
<vulnerability>
<title>WooCommerce index.php calc_shipping_state Parameter XSS</title>
<title>WooCommerce - index.php calc_shipping_state Parameter XSS</title>
<references>
<osvdb>95480</osvdb>
</references>
@@ -4747,7 +4745,7 @@
<plugin name="wp-e-commerce-predictive-search">
<vulnerability>
<title>WP e-Commerce Predictive Search "rs" Cross-Site Scripting Vulnerability</title>
<title>WP e-Commerce Predictive Search - "rs" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51384</secunia>
</references>
@@ -4757,7 +4755,7 @@
<plugin name="wp-tiger">
<vulnerability>
<title>vTiger CRM Lead Capture Unspecified Vulnerability</title>
<title>vTiger - CRM Lead Capture Unspecified Vulnerability</title>
<references>
<secunia>51305</secunia>
</references>
@@ -4768,14 +4766,14 @@
<plugin name="wp-postviews">
<vulnerability>
<title>WP-PostViews "search_input" Cross-Site Scripting Vulnerability</title>
<title>WP-PostViews - "search_input" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50982</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP-PostViews Cross-Site Request Forgery Vulnerability</title>
<title>WP-PostViews - Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53127</secunia>
</references>
@@ -4786,7 +4784,7 @@
<plugin name="dx-contribute">
<vulnerability>
<title>DX-Contribute Cross-Site Request Forgery Vulnerability</title>
<title>DX-Contribute - Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51082</secunia>
</references>
@@ -4796,7 +4794,7 @@
<plugin name="wysija-newsletters">
<vulnerability>
<title>SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin</title>
<title>Wysija Newsletters - SQL Injection Vulnerability</title>
<references>
<url>https://www.htbridge.com/advisory/HTB23140</url>
<url>http://packetstormsecurity.com/files/120089/</url>
@@ -4807,7 +4805,7 @@
<fixed_in>2.2.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Wysija Newsletters swfupload Cross-Site Scripting Vulnerability</title>
<title>Wysija Newsletters - swfupload Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51249</secunia>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
@@ -6782,7 +6780,7 @@
<plugin name="simple-flickr-display">
<vulnerability>
<title>Simple Flickr Display Username Field Stored XSS</title>
<title>Simple Flickr Display - Username Field Stored XSS</title>
<references>
<osvdb>97991</osvdb>
</references>
@@ -7038,6 +7036,7 @@
<vulnerability>
<title>Quick Contact Form 6.0 - Persistent XSS</title>
<references>
<osvdb>98279</osvdb>
<exploitdb>28808</exploitdb>
<url>http://packetstormsecurity.com/files/123549/</url>
<url>http://quick-plugins.com/quick-contact-form/</url>
@@ -7169,6 +7168,7 @@
<vulnerability>
<title>Simple Flash Video 1.7 - Cross Site Scripting</title>
<references>
<osvdb>98371</osvdb>
<url>http://packetstormsecurity.com/files/123562/</url>
</references>
<type>XSS</type>
@@ -7188,4 +7188,25 @@
</vulnerability>
</plugin>
<plugin name="cart66-lite">
<vulnerability>
<title>Cart66 1.5.1.14 - admin.php cart66-products Page Product Manipulation CSRF</title>
<references>
<osvdb>98352</osvdb>
<cve>2013-5977</cve>
</references>
<type>CSRF</type>
<fixed_in>1.5.1.15</fixed_in>
</vulnerability>
<vulnerability>
<title>Cart66 - admin.php cart66-products Page Multiple Field Stored XSS</title>
<references>
<osvdb>98353</osvdb>
<cve>2013-5978</cve>
</references>
<type>XSS</type>
<fixed_in>1.5.1.15</fixed_in>
</vulnerability>
</plugin>
</vulnerabilities>