diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index fdffe0f3..22980fcf 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -6,17 +6,21 @@
Content Slide Plugin Cross-Site Requst Forgery Vulnerability
- http://secunia.com/advisories/52949/
- http://osvdb.org/93871
CSRF
+
+ 93871
+ 52949
+
Simple Paypal Shopping Cart Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/52963/
- http://osvdb.org/93953
+
+ 52963
+ 93953
+
CSRF
3.6
@@ -25,14 +29,18 @@
WP-SendSMS Plugin for WordPress Setting Manipulation CSRF
- http://secunia.com/advisories/53796/
- http://osvdb.org/94209
- http://www.exploit-db.com/exploits/26124
+
+ 53796
+ 94209
+ 26124
+
CSRF
WP-SendSMS Plugin for WordPress wp-admin/admin.php Multiple Parameter XSS
- http://osvdb.org/94210
+
+ 94210
+
XSS
@@ -40,8 +48,10 @@
Mail Subscribe List Plugin Script Insertion Vulnerability
- http://secunia.com/advisories/53732/
- http://osvdb.org/94197
+
+ 53732
+ 94197
+
XSS
2.1
@@ -50,8 +60,10 @@
VideoJS Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53437/
- http://seclists.org/fulldisclosure/2013/May/66
+
+ 53437
+ http://seclists.org/fulldisclosure/2013/May/66
+
XSS
0.98
@@ -60,8 +72,10 @@
VideoJS Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53426/
- http://seclists.org/fulldisclosure/2013/May/66
+
+ 53426
+ http://seclists.org/fulldisclosure/2013/May/66
+
XSS
4.1
@@ -70,8 +84,10 @@
VideoJS Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53445/
- http://seclists.org/fulldisclosure/2013/May/66
+
+ 53445
+ http://seclists.org/fulldisclosure/2013/May/66
+
XSS
1.4
@@ -80,8 +96,10 @@
VideoJS Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53396/
- http://seclists.org/fulldisclosure/2013/May/66
+
+ 53396
+ http://seclists.org/fulldisclosure/2013/May/66
+
XSS
2.1
@@ -90,7 +108,9 @@
VideoJS Cross-Site Scripting Vulnerability
- http://seclists.org/fulldisclosure/2013/May/66
+
+ http://seclists.org/fulldisclosure/2013/May/66
+
XSS
@@ -98,10 +118,11 @@
Crayon Syntax Highlighter Remote File Inclusion
- http://secunia.com/advisories/50804/
-
- http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
-
+
+ 50804
+ http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
+
+
RFI
@@ -109,13 +130,17 @@
UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability
- http://www.exploit-db.com/exploits/17704/
+
+ 17704
+
LFI
UnGallery Arbitrary Command Execution
- http://secunia.com/advisories/50875/
- http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/
+
+ 50875
+ http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/
+
RCE
2.1.6
@@ -124,7 +149,9 @@
Thank You Counter Button XSS
- http://secunia.com/advisories/50977/
+
+ 50977
+
XSS
1.8.3
@@ -133,7 +160,9 @@
Bookings XSS
- http://secunia.com/advisories/50975/
+
+ 50975
+
XSS
1.8.3
@@ -142,8 +171,10 @@
Cimy User Manager Arbitrary File Disclosure
- http://secunia.com/advisories/50834/
- http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/
+
+ 50834
+ http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/
+
UNKNOWN
@@ -151,16 +182,20 @@
WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability
- http://secunia.com/advisories/51107/
+
+ 51107
+
SQLI
2.06.04
FireStorm Professional Real Estate Plugin Multiple SQL Injection
- http://secunia.com/advisories/50873/
-
- http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
-
+
+ 50873
+
+ http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
+
+
SQLI
2.06.03
@@ -169,12 +204,16 @@
WP125 Multiple XSS
- http://secunia.com/advisories/50976/
+
+ 50976
+
XSS
WordPress WP125 Plugin CSRF
- http://www.securityfocus.com/bid/58934
+
+ http://www.securityfocus.com/bid/58934
+
CSRF
1.5.0
@@ -183,8 +222,10 @@
Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities
- http://secunia.com/advisories/50874/
- http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/
+
+ 50874
+ http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/
+
SQLI
@@ -192,7 +233,9 @@
BuddyStream XSS
- http://secunia.com/advisories/50972/
+
+ 50972
+
XSS
@@ -200,7 +243,9 @@
post-views XSS
- http://secunia.com/advisories/50982/
+
+ 50982
+
XSS
@@ -208,9 +253,10 @@
Floating Social Media Links Remote File Inclusion
- http://secunia.com/advisories/51346/
- http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/
-
+
+ 51346
+ http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/
+
RFI
@@ -218,8 +264,10 @@
Zingiri Forum Arbitrary File Disclosure
- http://secunia.com/advisories/50833/
- http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/
+
+ 50833
+ http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/
+
UNKNOWN
@@ -227,11 +275,13 @@
Google Document Embedder Arbitrary File Disclosure
- http://www.exploit-db.com/exploits/23970/
- http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
-
- http://secunia.com/advisories/50832/
- exploit/unix/webapp/wp_google_document_embedder_exec
+
+ 23970
+ http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
+
+ 50832
+ exploit/unix/webapp/wp_google_document_embedder_exec
+
UNKNOWN
2.5.4
@@ -240,7 +290,9 @@
extended-user-profile Full Path Disclosure vulnerability
- http://1337day.com/exploit/20118
+
+ http://1337day.com/exploit/20118
+
FPD
@@ -248,7 +300,9 @@
superslider-show Full Path Disclosure vulnerability
- http://1337day.com/exploit/20117
+
+ http://1337day.com/exploit/20117
+
FPD
@@ -256,7 +310,9 @@
multibox plugin Full Path Disclosure vulnerability
- http://1337day.com/exploit/20119
+
+ http://1337day.com/exploit/20119
+
FPD
@@ -264,8 +320,10 @@
OpenInviter Information Disclosure
- http://packetstormsecurity.com/files/119265/WordPress-OpenInviter-Information-Disclosure.html
-
+
+ http://packetstormsecurity.com/files/119265/WordPress-OpenInviter-Information-Disclosure.html
+
+
UNKNOWN
@@ -273,7 +331,9 @@
RokBox Multiple Vulnerabilities
- http://1337day.com/exploit/19981
+
+ http://1337day.com/exploit/19981
+
MULTI
@@ -281,7 +341,9 @@
grou-random-image-widget Full Path Disclosure
- http://1337day.com/exploit/20047
+
+ http://1337day.com/exploit/20047
+
FPD
@@ -289,13 +351,16 @@
sintic_gallery Arbitrary File Upload Vulnerability
- http://1337day.com/exploit/19993
-
+
+ http://1337day.com/exploit/19993
+
UPLOAD
sintic_gallery Path Disclosure Vulnerability
- http://1337day.com/exploit/20020
+
+ http://1337day.com/exploit/20020
+
FPD
@@ -303,12 +368,16 @@
WP-UserOnline Full Path Disclosure
- http://seclists.org/fulldisclosure/2010/Jul/8
+
+ http://seclists.org/fulldisclosure/2010/Jul/8
+
FPD
Wp-UserOnline <= 0.62 Persistent XSS
- http://seclists.org/fulldisclosure/2010/Jul/8
+
+ http://seclists.org/fulldisclosure/2010/Jul/8
+
XSS
@@ -316,8 +385,10 @@
Shopping Cart Shell Upload / SQL Injection
- http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt
- http://secunia.com/advisories/51690/
+
+ http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt
+ 51690
+
MULTI
8.1.15
@@ -326,7 +397,9 @@
ReFlex Gallery Shell Upload
- http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt
+
+ http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt
+
UPLOAD
@@ -334,7 +407,9 @@
Uploader 1.0.4 Shell Upload
- http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt
+
+ http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt
+
UPLOAD
@@ -342,7 +417,9 @@
Xerte Online 0.32 Shell Upload
- http://packetstormsecurity.com/files/119220/wpxerteonline-shell.txt
+
+ http://packetstormsecurity.com/files/119220/wpxerteonline-shell.txt
+
UPLOAD
@@ -350,9 +427,11 @@
Advanced Custom Fields <= 3.5.1 Remote File Inclusion
- http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt
- http://secunia.com/advisories/51037/
- exploit/unix/webapp/wp_advanced_custom_fields_exec
+
+ http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt
+ 51037
+ exploit/unix/webapp/wp_advanced_custom_fields_exec
+
RFI
@@ -360,7 +439,9 @@
Wordpress sitepress-multilingual-cms Full Path Disclosure
- http://1337day.com/exploit/20067
+
+ http://1337day.com/exploit/20067
+
FPD
@@ -368,14 +449,18 @@
Asset Manager 0.2 Arbitrary File Upload
- http://www.exploit-db.com/exploits/18993/
+
+ 18993
+
UPLOAD
WordPress plugin Asset manager upload.php Arbitrary Code Execution
-
- http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
-
+
+
+ http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
+
+
UPLOAD
@@ -383,7 +468,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -391,7 +478,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -399,7 +488,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -407,7 +498,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -415,7 +508,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -423,7 +518,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -431,7 +528,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -439,7 +538,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -447,7 +548,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -455,7 +558,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -463,7 +568,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -471,12 +578,16 @@
powerzoomer Arbitrary File Upload Vulnerability
- http://www.1337day.com/exploit/20253
+
+ http://www.1337day.com/exploit/20253
+
UPLOAD
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -484,7 +595,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -492,7 +605,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -500,7 +615,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -508,7 +625,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -516,8 +635,10 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
- http://secunia.com/advisories/51224/
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+ 51224
+
XSS
@@ -525,7 +646,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -533,12 +656,16 @@
wp-3dflick-slideshow Arbitrary File Upload Vulnerability
- http://www.1337day.com/exploit/20255
+
+ http://www.1337day.com/exploit/20255
+
UPLOAD
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -546,7 +673,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -554,13 +683,17 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
- http://secunia.com/advisories/51250/
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+ 51250
+
XSS
WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities
- http://secunia.com/advisories/50377/
+
+ 50377
+
UNKNOWN
3.10
@@ -569,7 +702,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -577,7 +712,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -585,7 +722,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -593,7 +732,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -601,12 +742,16 @@
wp-homepage-slideshow Arbitrary File Upload Vulnerability
- http://www.1337day.com/exploit/20260
+
+ http://www.1337day.com/exploit/20260
+
UPLOAD
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -614,17 +759,23 @@
wp-image-news-slider Arbitrary File Upload Vulnerability
- http://www.1337day.com/exploit/20259
+
+ http://www.1337day.com/exploit/20259
+
UPLOAD
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
WordPress Image News slider Plugin Unspecified Vulnerabilities
- http://secunia.com/advisories/50390/
+
+ 50390
+
UNKNOWN
3.4
@@ -633,12 +784,16 @@
wp-levoslideshow Arbitrary File Upload Vulnerability
- http://www.1337day.com/exploit/20250
+
+ http://www.1337day.com/exploit/20250
+
UPLOAD
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -646,7 +801,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -654,12 +811,16 @@
wp-powerplaygallery Arbitrary File Upload Vulnerability
- http://www.1337day.com/exploit/20252
+
+ http://www.1337day.com/exploit/20252
+
UPLOAD
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -667,12 +828,16 @@
wp-royal-gallery Arbitrary File Upload Vulnerability
- http://www.1337day.com/exploit/20261
+
+ http://www.1337day.com/exploit/20261
+
UPLOAD
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -680,12 +845,16 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
wp superb Slideshow Full Path Disclosure
- http://1337day.com/exploit/19979
+
+ http://1337day.com/exploit/19979
+
FPD
@@ -693,7 +862,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -701,7 +872,9 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
@@ -709,9 +882,11 @@
Ajax Post Search Sql Injection
- http://seclists.org/bugtraq/2012/Nov/33
- http://secunia.com/advisories/51205/
- http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html
+
+ http://seclists.org/bugtraq/2012/Nov/33
+ 51205
+ http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html
+
SQLI
1.3
@@ -720,8 +895,10 @@
Answer My Question 1.1 Multiple XSS
- http://www.securityfocus.com/archive/1/524625/30/0/threaded
- http://secunia.com/advisories/50655/
+
+ http://www.securityfocus.com/archive/1/524625/30/0/threaded
+ 50655
+
XSS
@@ -729,13 +906,17 @@
Catalog HTML Code Injection and Cross-site scripting
- http://packetstormsecurity.org/files/117820/wpcatalog-xss.txt
- http://secunia.com/advisories/51143/
+
+ http://packetstormsecurity.org/files/117820/wpcatalog-xss.txt
+ 51143
+
MULTI
WordPress Spider Catalog Plugin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
- http://www.securityfocus.com/bid/60079/info
+
+ http://www.securityfocus.com/bid/60079/info
+
MULTI
@@ -743,8 +924,10 @@
Wordfence 3.3.5 XSS and IAA
- http://seclists.org/fulldisclosure/2012/Oct/139
- http://secunia.com/advisories/51055/
+
+ http://seclists.org/fulldisclosure/2012/Oct/139
+ 51055
+
MULTI
@@ -752,12 +935,16 @@
Slideshow jQuery Image Gallery Multiple Vulnerabilities
- http://www.waraxe.us/advisory-92.html
+
+ http://www.waraxe.us/advisory-92.html
+
MULTI
WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities
- http://secunia.com/advisories/51135/
+
+ 51135
+
XSS
@@ -765,7 +952,9 @@
Social Discussions Multiple Vulnerabilities
- http://www.waraxe.us/advisory-93.html
+
+ http://www.waraxe.us/advisory-93.html
+
MULTI
@@ -773,9 +962,11 @@
ABtest Directory Traversal
-
- http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
-
+
+
+ http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
+
+
UNKNOWN
@@ -783,7 +974,9 @@
BBPress SQL Injection / Path Disclosure
- http://packetstormsecurity.org/files/116123
+
+ http://packetstormsecurity.org/files/116123
+
MULTI
@@ -791,7 +984,9 @@
NextGen Cu3er Gallery Information Disclosure
- http://packetstormsecurity.org/files/116150
+
+ http://packetstormsecurity.org/files/116150
+
UNKNOWN
@@ -799,7 +994,9 @@
Rich Widget File Upload
- http://packetstormsecurity.org/files/115787/wprichwidget-shell.txt
+
+ http://packetstormsecurity.org/files/115787/wprichwidget-shell.txt
+
UPLOAD
@@ -807,7 +1004,9 @@
Monsters Editor Shell Upload
- http://packetstormsecurity.org/files/115788/wpmonsters-shell.txt
+
+ http://packetstormsecurity.org/files/115788/wpmonsters-shell.txt
+
UPLOAD
@@ -815,7 +1014,9 @@
Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities
- http://seclists.org/bugtraq/2012/Aug/66
+
+ http://seclists.org/bugtraq/2012/Aug/66
+
XSS
@@ -823,7 +1024,9 @@
ThreeWP Email Reflector 1.13 Stored XSS
- http://www.exploit-db.com/exploits/20365/
+
+ 20365
+
XSS
@@ -831,8 +1034,10 @@
SimpleMail 1.0.6 Stored XSS
- http://www.exploit-db.com/exploits/20361/
- http://secunia.com/advisories/50208/
+
+ 20361
+ 50208
+
XSS
@@ -840,8 +1045,10 @@
Postie 1.4.3 Stored XSS
- http://www.exploit-db.com/exploits/20360/
- http://secunia.com/advisories/50207/
+
+ 20360
+ 50207
+
XSS
@@ -849,8 +1056,10 @@
RSVPMaker v2.5.4 Persistent XSS
- http://www.exploit-db.com/exploits/20474/
- http://secunia.com/advisories/50289/
+
+ 20474
+ 50289
+
XSS
@@ -858,8 +1067,10 @@
Mz-jajak <= 2.1 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/20416/
- http://secunia.com/advisories/50217/
+
+ 20416
+ 50217
+
SQLI
@@ -867,7 +1078,9 @@
Resume Submissions Job Posting v2.5.1 Unrestricted File Upload
- http://www.packetstormsecurity.org/files/114716
+
+ http://www.packetstormsecurity.org/files/114716
+
UPLOAD
@@ -875,7 +1088,10 @@
WP-Predict v1.0 Blind SQL Injection
- http://www.exploit-db.com/exploits/19715/
+
+ 19715
+
+
SQLI
@@ -883,8 +1099,10 @@
Backup Plugin Information Disclosure
- http://www.exploit-db.com/exploits/19524/
- http://secunia.com/advisories/50038/
+
+ 19524
+ 50038
+
UNKNOWN
2.1
@@ -893,7 +1111,9 @@
MoodThingy Widget v0.8.7 Blind SQL Injection
- http://www.exploit-db.com/exploits/19572/
+
+ 19572
+
SQLI
@@ -901,7 +1121,9 @@
Paid Business Listings v1.0.2 Blind SQL Injection
- http://www.exploit-db.com/exploits/19481/
+
+ 19481
+
SQLI
@@ -909,7 +1131,9 @@
Website FAQ Plugin v1.0 SQL Injection
- http://www.exploit-db.com/exploits/19400/
+
+ 19400
+
SQLI
@@ -917,7 +1141,9 @@
Fancy Gallery 1.2.4 Shell Upload
- http://packetstormsecurity.org/files/114114/
+
+ http://packetstormsecurity.org/files/114114/
+
UPLOAD
@@ -925,7 +1151,9 @@
Flip Book 1.0 Shell Upload
- http://packetstormsecurity.org/files/114112/
+
+ http://packetstormsecurity.org/files/114112/
+
UPLOAD
@@ -933,7 +1161,9 @@
Ajax Multi Upload 1.1 Shell Upload
- http://packetstormsecurity.org/files/114109/
+
+ http://packetstormsecurity.org/files/114109/
+
UPLOAD
@@ -941,7 +1171,9 @@
Schreikasten 0.14.13 XSS
- http://www.exploit-db.com/exploits/19294/
+
+ 19294
+
XSS
@@ -949,7 +1181,9 @@
Wordpress Automatic 2.0.3 CSRF
- http://packetstormsecurity.org/files/113763/
+
+ http://packetstormsecurity.org/files/113763/
+
CSRF
@@ -959,7 +1193,9 @@
VideoWhisper Video Conference
4.51 Arbitrary File Upload Vulnerability
- http://packetstormsecurity.org/files/113580/
+
+ http://packetstormsecurity.org/files/113580/
+
UPLOAD
@@ -969,7 +1205,9 @@
Auctions Plugin 2.0.1.3 Arbitrary
File Upload Vulnerability
- http://packetstormsecurity.org/files/113568/
+
+ http://packetstormsecurity.org/files/113568/
+
UPLOAD
@@ -977,7 +1215,9 @@
LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability
- http://packetstormsecurity.org/files/113844/
+
+ http://packetstormsecurity.org/files/113844/
+
UPLOAD
@@ -985,7 +1225,9 @@
Lim4wp 1.1.1 Arbitrary File Upload Vulnerability
- http://packetstormsecurity.org/files/113846/
+
+ http://packetstormsecurity.org/files/113846/
+
UPLOAD
@@ -993,7 +1235,9 @@
Wp-ImageZoom 1.0.3 Remote File Disclosure
- http://packetstormsecurity.org/files/113845/
+
+ http://packetstormsecurity.org/files/113845/
+
UNKNOWN
@@ -1001,7 +1245,9 @@
Invit0r 0.22 Shell Upload
- http://packetstormsecurity.org/files/113639/
+
+ http://packetstormsecurity.org/files/113639/
+
UPLOAD
@@ -1009,7 +1255,9 @@
Annonces 1.2.0.1 Shell Upload
- http://packetstormsecurity.org/files/113637/
+
+ http://packetstormsecurity.org/files/113637/
+
UPLOAD
@@ -1019,7 +1267,9 @@
Contus Video Gallery 1.3 Arbitrary
File Upload Vulnerability
- http://packetstormsecurity.org/files/113571/
+
+ http://packetstormsecurity.org/files/113571/
+
UPLOAD
@@ -1027,14 +1277,18 @@
Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17678/
+
+ 17678
+
SQLI
Contus HD FLV Player 1.7 Arbitrary
File Upload Vulnerability
- http://packetstormsecurity.org/files/113570/
+
+ http://packetstormsecurity.org/files/113570/
+
UPLOAD
@@ -1043,7 +1297,9 @@
User Meta Version 1.1.1 Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/19052/
+
+ 19052
+
UPLOAD
@@ -1051,7 +1307,9 @@
Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/19053/
+
+ 19053
+
UPLOAD
@@ -1059,7 +1317,9 @@
SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/19054/
+
+ 19054
+
UPLOAD
@@ -1067,17 +1327,23 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/19055/
+
+ 19055
+
UPLOAD
PICA Photo Gallery 1.0 Remote File Disclosure
- http://www.exploit-db.com/exploits/19016/
+
+ 19016
+
UNKNOWN
@@ -1085,23 +1351,31 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues
- http://secunia.com/advisories/49923/
+
+ 49923
+
AUTHBYPASS
WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities
- http://secunia.com/advisories/49836/
+
+ 49836
+
XSS
3.0
Mac Photo Gallery 2.7 Arbitrary File Upload
- http://www.exploit-db.com/exploits/19056/
+
+ 19056
+
UPLOAD
@@ -1109,7 +1383,9 @@
drag and drop file upload 0.1 Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/19057/
+
+ 19057
+
UPLOAD
@@ -1117,7 +1393,9 @@
Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/19058/
+
+ 19058
+
UPLOAD
@@ -1125,7 +1403,9 @@
wp-gpx-max version 1.1.21 Arbitrary File Upload
- http://www.exploit-db.com/exploits/19050/
+
+ 19050
+
UPLOAD
@@ -1133,7 +1413,9 @@
Front File Manager Plugin 0.1 Arbitrary File Upload
- http://www.exploit-db.com/exploits/19012/
+
+ 19012
+
UPLOAD
@@ -1141,12 +1423,16 @@
Front End Upload 0.5.3 Arbitrary File Upload
- http://www.exploit-db.com/exploits/19008/
+
+ 19008
+
UPLOAD
Front End Upload v0.5.4 Arbitrary PHP File Upload
- http://www.exploit-db.com/exploits/20083/
+
+ 20083
+
UPLOAD
@@ -1154,7 +1440,9 @@
Omni Secure Files 0.1.13 Arbitrary File Upload
- http://www.exploit-db.com/exploits/19009/
+
+ 19009
+
UPLOAD
@@ -1162,7 +1450,9 @@
Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability
- http://www.exploit-db.com/exploits/19013/
+
+ 19013
+
UNKNOWN
@@ -1170,7 +1460,9 @@
Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability
- http://www.exploit-db.com/exploits/19018/
+
+ 19018
+
UNKNOWN
@@ -1178,7 +1470,9 @@
RBX Gallery 2.1 Arbitrary File Upload
- http://www.exploit-db.com/exploits/19019/
+
+ 19019
+
UPLOAD
@@ -1186,7 +1480,9 @@
Simple Download Button Shortcode 1.0 Remote File Disclosure
- http://www.exploit-db.com/exploits/19020/
+
+ 19020
+
UNKNOWN
@@ -1194,7 +1490,9 @@
Thinkun Remind 1.1.3 Remote File Disclosure
- http://www.exploit-db.com/exploits/19021/
+
+ 19021
+
UNKNOWN
@@ -1202,7 +1500,9 @@
Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure
- http://www.exploit-db.com/exploits/19022/
+
+ 19022
+
UNKNOWN
@@ -1210,7 +1510,9 @@
wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload
- http://www.exploit-db.com/exploits/19023/
+
+ 19023
+
UPLOAD
@@ -1218,7 +1520,9 @@
Gallery 3.06 Arbitrary File Upload
- http://www.exploit-db.com/exploits/18998/
+
+ 18998
+
UPLOAD
@@ -1226,7 +1530,9 @@
Font Uploader 1.2.4 Arbitrary File Upload
- http://www.exploit-db.com/exploits/18994/
+
+ 18994
+
UPLOAD
@@ -1234,7 +1540,9 @@
WP-Property 1.35.0 Arbitrary File Upload
- http://www.exploit-db.com/exploits/18987/
+
+ 18987
+
UPLOAD
@@ -1242,7 +1550,9 @@
WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload
- http://www.exploit-db.com/exploits/18988/
+
+ 18988
+
UPLOAD
@@ -1250,12 +1560,16 @@
Google Maps via Store Locator Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/18989/
+
+ 18989
+
MULTI
store-locator-le SQL Injection
- http://secunia.com/advisories/51757/
+
+ 51757
+
SQLI
3.8.7
@@ -1264,7 +1578,9 @@
HTML5 AV Manager 0.2.7 Arbitrary File Upload
- http://www.exploit-db.com/exploits/18990/
+
+ 18990
+
UPLOAD
@@ -1272,15 +1588,20 @@
Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload
- http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/,
- http://www.exploit-db.com/exploits/19100/
-
+
+ http://packetstormsecurity.org/files/113576/
+ 18991
+ 19100
+
+
UPLOAD
FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection
- http://packetstormsecurity.org/files/117768
- http://secunia.com/advisories/51109/
+
+ http://packetstormsecurity.org/files/117768
+ 51109
+
MULTI
@@ -1288,7 +1609,9 @@
Track That Stat <= 1.0.8 Cross Site Scripting
- http://packetstormsecurity.org/files/112722/
+
+ http://packetstormsecurity.org/files/112722/
+
XSS
@@ -1296,7 +1619,9 @@
WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting
- http://packetstormsecurity.org/files/112658/
+
+ http://packetstormsecurity.org/files/112658/
+
XSS
@@ -1304,7 +1629,9 @@
Survey And Quiz Tool <= 2.9.2 Cross Site Scripting
- http://packetstormsecurity.org/files/112685/
+
+ http://packetstormsecurity.org/files/112685/
+
XSS
@@ -1312,7 +1639,9 @@
WP Statistics <= 2.2.4 Cross Site Scripting
- http://packetstormsecurity.org/files/112686/
+
+ http://packetstormsecurity.org/files/112686/
+
XSS
@@ -1320,12 +1649,16 @@
WP Easy Gallery <= 1.7 Cross Site Scripting
- http://packetstormsecurity.org/files/112687/
+
+ http://packetstormsecurity.org/files/112687/
+
XSS
WP Easy Gallery <= 2.7 CSRF
- http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery
+
+ http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery
+
CSRF
@@ -1333,7 +1666,9 @@
Subscribe2 <= 8.0 Cross Site Scripting
- http://packetstormsecurity.org/files/112688/
+
+ http://packetstormsecurity.org/files/112688/
+
XSS
@@ -1341,7 +1676,9 @@
Soundcloud Is Gold <= 2.1 Cross Site Scripting
- http://packetstormsecurity.org/files/112689/
+
+ http://packetstormsecurity.org/files/112689/
+
XSS
@@ -1349,12 +1686,16 @@
Sharebar <= 1.2.5 Button Manipulation CSRF
- http://osvdb.org/94843
+
+ 94843
+
CSRF
Sharebar <= 1.2.1 SQL Injection / Cross Site Scripting
- http://packetstormsecurity.org/files/112690/
+
+ http://packetstormsecurity.org/files/112690/
+
MULTI
1.2.2
@@ -1363,7 +1704,9 @@
Share And Follow <= 1.80.3 Cross Site Scripting
- http://packetstormsecurity.org/files/112691/
+
+ http://packetstormsecurity.org/files/112691/
+
XSS
@@ -1371,7 +1714,9 @@
SABRE <= 1.2.0 Cross Site Scripting
- http://packetstormsecurity.org/files/112692/
+
+ http://packetstormsecurity.org/files/112692/
+
XSS
@@ -1379,19 +1724,25 @@
Pretty Link Lite <= 1.5.2 Cross Site Scripting
- http://packetstormsecurity.org/files/112693/
+
+ http://packetstormsecurity.org/files/112693/
+
XSS
Pretty Link Lite <= 1.6.1 Cross Site Scripting
- http://secunia.com/advisories/50980/
+
+ 50980
+
XSS
WordPress pretty-link plugin XSS in SWF
- http://seclists.org/bugtraq/2013/Feb/100
- http://packetstormsecurity.com/files/120433/wpprettylink163-xss.txt
- 2013-1636
+
+ http://seclists.org/bugtraq/2013/Feb/100
+ http://packetstormsecurity.com/files/120433/wpprettylink163-xss.txt
+ 2013-1636
+
XSS
@@ -1399,7 +1750,9 @@
Newsletter Manager <= 1.0 Cross Site Scripting
- http://packetstormsecurity.org/files/112694/
+
+ http://packetstormsecurity.org/files/112694/
+
XSS
@@ -1407,7 +1760,9 @@
Network Publisher <= 5.0.1 Cross Site Scripting
- http://packetstormsecurity.org/files/112695/
+
+ http://packetstormsecurity.org/files/112695/
+
XSS
@@ -1415,13 +1770,17 @@
LeagueManager <= 3.7 Cross Site Scripting
- http://packetstormsecurity.org/files/112698/
- http://secunia.com/advisories/49949/
+
+ http://packetstormsecurity.org/files/112698/
+ 49949
+
XSS
LeagueManager v3.8 SQL Injection
- http://www.exploit-db.com/exploits/24789/
+
+ 24789
+
SQLI
@@ -1429,7 +1788,9 @@
Leaflet <= 0.0.1 Cross Site Scripting
- http://packetstormsecurity.org/files/112699/
+
+ http://packetstormsecurity.org/files/112699/
+
XSS
@@ -1437,7 +1798,9 @@
PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting
- http://packetstormsecurity.org/files/112700/
+
+ http://packetstormsecurity.org/files/112700/
+
XSS
@@ -1445,7 +1808,9 @@
IFrame Admin Pages <= 0.1 Cross Site Scripting
- http://packetstormsecurity.org/files/112701/
+
+ http://packetstormsecurity.org/files/112701/
+
XSS
@@ -1453,7 +1818,9 @@
EZPZ One Click Backup <= 12.03.10 Cross Site Scripting
- http://packetstormsecurity.org/files/112705/
+
+ http://packetstormsecurity.org/files/112705/
+
XSS
@@ -1461,7 +1828,9 @@
Dynamic Widgets <= 1.5.1 Cross Site Scripting
- http://packetstormsecurity.org/files/112706/
+
+ http://packetstormsecurity.org/files/112706/
+
XSS
@@ -1469,22 +1838,28 @@
Download Monitor < 3.3.6.2 Cross Site Scripting
- http://www.securityfocus.com/bid/61407
- http://secunia.com/advisories/53116
- 2013-5098
- 2013-3262
+
+ http://www.securityfocus.com/bid/61407
+ 53116
+ 2013-5098
+ 2013-3262
+
XSS
3.3.6.2
Download Monitor <= 3.3.5.7 Cross Site Scripting
- http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html
- http://secunia.com/advisories/50511/
+
+ http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html
+ 50511
+
XSS
Download Monitor <= 3.3.5.4 Cross Site Scripting
- http://packetstormsecurity.org/files/112707/
+
+ http://packetstormsecurity.org/files/112707/
+
XSS
@@ -1492,7 +1867,9 @@
Download Manager <= 2.2 Cross Site Scripting
- http://packetstormsecurity.org/files/112708/
+
+ http://packetstormsecurity.org/files/112708/
+
XSS
@@ -1500,7 +1877,9 @@
Code Styling Localization <= 1.99.16 Cross Site Scripting
- http://packetstormsecurity.org/files/112709/
+
+ http://packetstormsecurity.org/files/112709/
+
XSS
@@ -1508,7 +1887,9 @@
Catablog <= 1.6 Cross Site Scripting
- http://packetstormsecurity.org/files/112619/
+
+ http://packetstormsecurity.org/files/112619/
+
XSS
@@ -1516,7 +1897,9 @@
Bad Behavior <= 2.24 Cross Site Scripting
- http://packetstormsecurity.org/files/112619/
+
+ http://packetstormsecurity.org/files/112619/
+
XSS
@@ -1524,7 +1907,9 @@
BulletProof Security <= 0.47 Cross Site Scripting
- http://packetstormsecurity.org/files/112618/
+
+ http://packetstormsecurity.org/files/112618/
+
XSS
@@ -1532,21 +1917,27 @@
Better WP Security <= 3.5.3 Stored XSS
- https://github.com/wpscanteam/wpscan/issues/251
- http://www.securityfocus.com/archive/1/527634/30/0/threaded
- http://osvdb.org/95884
+
+ https://github.com/wpscanteam/wpscan/issues/251
+ http://www.securityfocus.com/archive/1/527634/30/0/threaded
+ 95884
+
XSS
3.5.4
Better WP Security v3.4.3 Multiple XSS
- http://seclists.org/bugtraq/2012/Oct/9
+
+ http://seclists.org/bugtraq/2012/Oct/9
+
XSS
3.4.4
Better WP Security <= 3.2.4 Cross Site Scripting
- http://packetstormsecurity.org/files/112617/
+
+ http://packetstormsecurity.org/files/112617/
+
XSS
3.2.5
@@ -1555,7 +1946,9 @@
Custom Contact Forms <= 5.0.0.1 Cross Site Scripting
- http://packetstormsecurity.org/files/112616/
+
+ http://packetstormsecurity.org/files/112616/
+
XSS
@@ -1563,12 +1956,16 @@
2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting
- http://packetstormsecurity.org/files/112615/
+
+ http://packetstormsecurity.org/files/112615/
+
XSS
2-Click-Socialmedia-Buttons <= 0.32.2 Cross Site Scripting
- http://packetstormsecurity.org/files/112711/
+
+ http://packetstormsecurity.org/files/112711/
+
XSS
@@ -1576,13 +1973,17 @@
Login With Ajax plugin Cross Site Scripting
- http://secunia.com/advisories/49013/
+
+ 49013
+
XSS
3.0.4.1
WordPress Login With Ajax Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/52950/
+
+ 52950
+
CSRF
3.1
@@ -1591,12 +1992,16 @@
Media Library Categories plugin <= 1.0.6 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17628/
+
+ 17628
+
SQLI
Media Library Categories plugin <= 1.1.1 Cross Site Scripting
- http://packetstormsecurity.org/files/112697/
+
+ http://packetstormsecurity.org/files/112697/
+
SQLI
@@ -1604,7 +2009,9 @@
FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload
- http://packetstormsecurity.org/files/111319/
+
+ http://packetstormsecurity.org/files/111319/
+
RFI
@@ -1612,24 +2019,32 @@
WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability
- http://secunia.com/advisories/49398/
+
+ 49398
+
SQLI
2.4.8
Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities
- http://www.exploit-db.com/exploits/18787/
- http://secunia.com/advisories/48991/
+
+ 18787
+ 48991
+
XSS
Zingiri Web Shop <= 2.3.5 Cross Site Scripting
- http://packetstormsecurity.org/files/112684/
+
+ http://packetstormsecurity.org/files/112684/
+
XSS
Zingiri Web Shop 2.4.3 Shell Upload
- http://packetstormsecurity.org/files/113668/
+
+ http://packetstormsecurity.org/files/113668/
+
UPLOAD
@@ -1637,7 +2052,10 @@
Organizer 1.2.1 Cross Site Scripting / Path Disclosure
- http://packetstormsecurity.org/files/112086, http://packetstormsecurity.org/files/113800
+
+ http://packetstormsecurity.org/files/112086
+ http://packetstormsecurity.org/files/113800
+
MULTI
@@ -1645,7 +2063,9 @@
Zingiri Tickets plugin File Disclosure
- http://packetstormsecurity.org/files/111904
+
+ http://packetstormsecurity.org/files/111904
+
UNKNOWN
@@ -1653,7 +2073,9 @@
XSS vulnerability in CMS Tree Page View Plugin
- https://www.htbridge.com/advisory/HTB23083
+
+ https://www.htbridge.com/advisory/HTB23083
+
XSS
@@ -1661,7 +2083,9 @@
Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress
- http://seclists.org/bugtraq/2012/Apr/70
+
+ http://seclists.org/bugtraq/2012/Apr/70
+
XSS
@@ -1669,7 +2093,9 @@
Buddypress <= 1.5.5 SQL Injection
- http://www.exploit-db.com/exploits/18690/
+
+ 18690
+
SQLI
@@ -1677,7 +2103,9 @@
Register Plus Redux <= 3.8.3 Cross Site Scripting
- http://packetstormsecurity.org/files/111367
+
+ http://packetstormsecurity.org/files/111367
+
XSS
@@ -1685,7 +2113,9 @@
Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability
- http://packetstormsecurity.org/files/110103
+
+ http://packetstormsecurity.org/files/110103
+
UPLOAD
@@ -1693,7 +2123,9 @@
Kish Guest Posting 1.0 Arbitrary File Upload
- http://www.exploit-db.com/exploits/18412/
+
+ 18412
+
RFI
@@ -1701,12 +2133,16 @@
AllWebMenus Shell Upload <= 1.1.9 Shell Upload
- http://packetstormsecurity.org/files/108946/
+
+ http://packetstormsecurity.org/files/108946/
+
RFI
AllWebMenus 1.1.3 Remote File Inclusion
- http://www.exploit-db.com/exploits/17861/
+
+ 17861
+
RFI
@@ -1714,7 +2150,9 @@
Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting
- http://packetstormsecurity.org/files/108914/
+
+ http://packetstormsecurity.org/files/108914/
+
XSS
@@ -1722,7 +2160,9 @@
uCan Post plugin <= 1.0.09 Stored XSS
- http://www.exploit-db.com/exploits/18390/
+
+ 18390
+
XSS
@@ -1730,7 +2170,9 @@
WP Cycle Playlist plugin Multiple Vulnerabilities
- http://1337day.com/exploits/17396
+
+ http://1337day.com/exploits/17396
+
MULTI
@@ -1738,7 +2180,9 @@
myEASYbackup 1.0.8.1 Directory Traversal
- http://packetstormsecurity.org/files/108711
+
+ http://packetstormsecurity.org/files/108711
+
UNKNOWN
@@ -1746,27 +2190,37 @@
Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability
- http://www.exploit-db.com/exploits/24859/
+
+ 24859
+
XSS
Count Per Day 3.2.3 Cross Site Scripting
- http://packetstormsecurity.org/files/115904
+
+ http://packetstormsecurity.org/files/115904
+
XSS
Count Per Day 3.1.1 Cross Site Scripting
- http://packetstormsecurity.org/files/114787/SSCHADV2012-015.txt
+
+ http://packetstormsecurity.org/files/114787/SSCHADV2012-015.txt
+
XSS
Count Per Day plugin <= 3.1.1 Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/18355/
+
+ 18355
+
MULTI
Count per Day plugin <= 2.17 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17857/
+
+ 17857
+
SQLI
@@ -1774,7 +2228,9 @@
WP-AutoYoutube plugin <= 0.1 Blind SQL Injection Vulnerability
- http://1337day.com/exploits/17368
+
+ http://1337day.com/exploits/17368
+
SQLI
@@ -1782,7 +2238,9 @@
Age Verification plugin <= 0.4 Open Redirect
- http://www.exploit-db.com/exploits/18350
+
+ 18350
+
REDIRECT
@@ -1790,7 +2248,9 @@
Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting
- http://packetstormsecurity.org/files/108470
+
+ http://packetstormsecurity.org/files/108470
+
XSS
@@ -1798,7 +2258,9 @@
Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/18330/
+
+ 18330
+
MULTI
@@ -1806,7 +2268,9 @@
Whois Search <= 1.4.2 Cross Site Scripting
- http://packetstormsecurity.org/files/108271
+
+ http://packetstormsecurity.org/files/108271
+
XSS
@@ -1814,7 +2278,9 @@
BLIND SQL injection UPM-POLLS plugin 1.0.4
- http://www.exploit-db.com/exploits/18231/
+
+ 18231
+
SQLI
@@ -1822,7 +2288,9 @@
Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS)
- http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/
+
+ http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/
+
XSS
@@ -1830,7 +2298,9 @@
Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability
- http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html
+
+ http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html
+
XSS
@@ -1838,7 +2308,9 @@
Link Library plugin <= 5.2.1 SQL Injection
- http://www.exploit-db.com/exploits/17887/
+
+ 17887
+
SQLI
@@ -1846,7 +2318,9 @@
CevherShare 2.0 plugin SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17891/
+
+ 17891
+
SQLI
@@ -1854,7 +2328,9 @@
meenews 5.1 plugin Cross-Site Scripting Vulnerabilities
- http://seclists.org/bugtraq/2011/Nov/151
+
+ http://seclists.org/bugtraq/2011/Nov/151
+
XSS
@@ -1862,7 +2338,9 @@
Click Desk Live Support Chat Cross Site Scripting Vulnerability
- http://seclists.org/bugtraq/2011/Nov/148
+
+ http://seclists.org/bugtraq/2011/Nov/148
+
XSS
2.0
@@ -1871,7 +2349,9 @@
adminimize 1.7.21 Cross-Site Scripting Vulnerabilities
- http://seclists.org/bugtraq/2011/Nov/135
+
+ http://seclists.org/bugtraq/2011/Nov/135
+
XSS
@@ -1879,7 +2359,9 @@
Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability
- http://seclists.org/bugtraq/2011/Nov/133
+
+ http://seclists.org/bugtraq/2011/Nov/133
+
XSS
@@ -1887,7 +2369,9 @@
MM Duplicate plugin <= 1.2 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17707/
+
+ 17707
+
SQLI
@@ -1895,7 +2379,9 @@
Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17689/
+
+ 17689
+
SQLI
@@ -1903,7 +2389,9 @@
Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17688/
+
+ 17688
+
SQLI
@@ -1911,7 +2399,9 @@
Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17687/
+
+ 17687
+
SQLI
@@ -1919,7 +2409,9 @@
Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17686/
+
+ 17686
+
SQLI
@@ -1927,7 +2419,9 @@
WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17683/
+
+ 17683
+
SQLI
@@ -1935,7 +2429,9 @@
OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17681/
+
+ 17681
+
SQLI
@@ -1943,7 +2439,9 @@
Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17680/
+
+ 17680
+
SQLI
@@ -1951,24 +2449,32 @@
WP Symposium plugin <= 0.64 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17679/
+
+ 17679
+
SQLI
WP Symposium plugin <= 12.12 Multiple SQL Injection Vulnerabilities
- http://secunia.com/advisories/50674/
- http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/
+
+ 50674
+ http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/
+
SQLI
WordPress WP Symposium Plugin "u" XSS
- http://secunia.com/advisories/52864/
+
+ 52864
+
XSS
13.04
WordPress WP Symposium Plugin "u" Redirection Weakness
- http://secunia.com/advisories/52925/
+
+ 52925
+
REDIRECT
@@ -1976,7 +2482,9 @@
File Groups plugin <= 1.1.2 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17677/
+
+ 17677
+
SQLI
@@ -1984,7 +2492,9 @@
IP-Logger plugin <= 3.0 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17673/
+
+ 17673
+
SQLI
@@ -1992,7 +2502,9 @@
Beer Recipes v.1.0 XSS
- http://www.exploit-db.com/exploits/17453/
+
+ 17453
+
SQLI
@@ -2000,7 +2512,9 @@
Is-human <=1.4.2 Remote Command Execution Vulnerability
- http://www.exploit-db.com/exploits/17299/
+
+ 17299
+
RCE
@@ -2008,7 +2522,9 @@
EditorMonkey plugin (FCKeditor) Arbitrary File Upload
- http://www.exploit-db.com/exploits/17284/
+
+ 17284
+
UPLOAD
@@ -2016,7 +2532,9 @@
SermonBrowser 0.43 SQL Injection
- http://www.exploit-db.com/exploits/17214/
+
+ 17214
+
SQLI
@@ -2024,7 +2542,9 @@
Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/17207/
+
+ 17207
+
MULTI
@@ -2032,7 +2552,9 @@
WP Custom Pages 0.5.0.1 LFI Vulnerability
- http://www.exploit-db.com/exploits/17119/
+
+ 17119
+
LFI
@@ -2040,46 +2562,62 @@
WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities
- http://secunia.com/advisories/51100/
+
+ 51100
+
MULTI
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities
- http://packetstormsecurity.org/files/117665/
- http://www.waraxe.us/advisory-94.html
- http://secunia.com/advisories/51601/
+
+ http://packetstormsecurity.org/files/117665/
+ http://www.waraxe.us/advisory-94.html
+ 51601
+
MULTI
GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/16947/
+
+ 16947
+
MULTI
GRAND Flash Album Gallery <= 1.56 XSS Vulnerability
- http://seclists.org/bugtraq/2011/Nov/186
+
+ http://seclists.org/bugtraq/2011/Nov/186
+
XSS
GRAND Flash Album Gallery <= 1.71 XSS Vulnerability
- http://packetstormsecurity.org/files/112704
+
+ http://packetstormsecurity.org/files/112704
+
XSS
WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability
- http://secunia.com/advisories/53356/
+
+ 53356
+
SQLI
2.56
GRAND FlAGallery Plugin "s" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53111/
- http://osvdb.org/93714
+
+ 53111
+ 93714
+
XSS
2.72
@@ -2088,7 +2626,9 @@
PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit
- http://www.exploit-db.com/exploits/16273/
+
+ 16273
+
RCE
@@ -2096,7 +2636,9 @@
OPS Old Post Spinner 2.2.1 LFI Vulnerability
- http://www.exploit-db.com/exploits/16251/
+
+ 16251
+
LFI
@@ -2104,7 +2646,9 @@
jQuery Mega Menu 1.0 Local File Inclusion
- http://www.exploit-db.com/exploits/16250/
+
+ 16250
+
LFI
@@ -2112,7 +2656,9 @@
IWantOneButton 3.0.1 Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/16236/
+
+ 16236
+
MULTI
@@ -2120,17 +2666,23 @@
WP Forum Server 1.6.5 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/16235/
+
+ 16235
+
SQLI
WP Forum Server plugin <= 1.7 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17828/
+
+ 17828
+
SQLI
WP Forum Server plugin <= 1.7.3 SQL Injection / XSS Vulnerabilities
- http://www.packetstormsecurity.org/files/112703
+
+ http://www.packetstormsecurity.org/files/112703
+
MULTI
@@ -2138,7 +2690,9 @@
Relevanssi 2.7.2 Stored XSS Vulnerability
- http://www.exploit-db.com/exploits/16233/
+
+ 16233
+
XSS
@@ -2146,7 +2700,9 @@
GigPress 2.1.10 Stored XSS Vulnerability
- http://www.exploit-db.com/exploits/16232/
+
+ 16232
+
XSS
@@ -2154,12 +2710,16 @@
WordPress Comment Rating 2.9.32 SQL Injection / Bypass
- http://packetstormsecurity.com/files/120569/wpcomment2932-sqlbypass.txt
+
+ http://packetstormsecurity.com/files/120569/wpcomment2932-sqlbypass.txt
+
MULTI
Comment Rating 2.9.23 Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/16221/
+
+ 16221
+
MULTI
@@ -2167,7 +2727,9 @@
Z-Vote 1.1 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/16218/
+
+ 16218
+
SQLI
@@ -2175,8 +2737,10 @@
User Photo Component Remote File Upload Vulnerability
- http://www.exploit-db.com/exploits/16181/
- http://osvdb.org/71071
+
+ 16181
+ 71071
+
UPLOAD
0.9.5
@@ -2185,7 +2749,11 @@
Enable Media Replace Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/16144/
+
+ 16144
+
+
+
MULTI
@@ -2193,27 +2761,37 @@
Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection
- http://packetstormsecurity.org/files/108915/
+
+ http://packetstormsecurity.org/files/108915/
+
MULTI
Mingle Forum plugin <= 1.0.31 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17894/
+
+ 17894
+
SQLI
Mingle Forum (Plugin) <= 1.0.26 Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/15943/
+
+ 15943
+
MULTI
Mingle Forum <= 1.0.33 Cross Site Scripting
- http://packetstormsecurity.org/files/112696/
+
+ http://packetstormsecurity.org/files/112696/
+
MULTI
Mingle Forum 1.0.33.3 Multiple Parameter SQL Injection
- http://osvdb.org/90434
+
+ 90434
+
SQLI
@@ -2221,7 +2799,9 @@
Accept Signups 0.1 XSS
- http://www.exploit-db.com/exploits/15808/
+
+ 15808
+
XSS
@@ -2229,7 +2809,9 @@
Events Manager Extended Persistent XSS Vulnerability
- http://www.exploit-db.com/exploits/14923/
+
+ 14923
+
XSS
@@ -2237,7 +2819,9 @@
NextGEN Smooth Gallery Blind SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/14541/
+
+ 14541
+
SQLI
@@ -2245,7 +2829,9 @@
myLDlinker SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/14441/
+
+ 14441
+
SQLI
@@ -2253,7 +2839,9 @@
Firestats Remote Configuration File Download
- http://www.exploit-db.com/exploits/14308/
+
+ 14308
+
UNKNOWN
@@ -2261,7 +2849,9 @@
Simple:Press SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/14198/
+
+ 14198
+
SQLI
@@ -2269,7 +2859,9 @@
Vulnerabilities in Cimy Counter for WordPress
- http://www.exploit-db.com/exploits/14057/
+
+ 14057
+
MULTI
@@ -2277,27 +2869,35 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
- http://secunia.com/advisories/51271/
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+ 51271
+
XSS
1.9.8
XSS in NextGEN Gallery <= 1.5.1
- http://www.exploit-db.com/exploits/12098/
+
+ 12098
+
XSS
1.5.2
swfupload.swf Multiple Cross Site Scripting Vulnerabilities
- http://www.securityfocus.com/bid/60433
+
+ http://www.securityfocus.com/bid/60433
+
MULTI
NextGEN Gallery 1.9.12 Arbitrary File Upload
- http://wordpress.org/plugins/nextgen-gallery/changelog/
- http://osvdb.org/94232
- 2013-3684
+
+ http://wordpress.org/plugins/nextgen-gallery/changelog/
+ 94232
+ 2013-3684
+
UPLOAD
1.9.13
@@ -2306,7 +2906,9 @@
Copperleaf Photolog SQL injection
- http://www.exploit-db.com/exploits/11458/
+
+ 11458
+
SQLI
@@ -2314,14 +2916,18 @@
Events SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/10929/
- http://osvdb.org/95677
+
+ 10929
+ 95677
+
SQLI
6.7.10
WP Events Calendar wp-admin/admin.php EC_id Parameter XSS
- http://osvdb.org/74705
+
+ 74705
+
XSS
6.7.12a
@@ -2330,7 +2936,9 @@
Image Manager Plugins Shell Upload Vulnerability
- http://www.exploit-db.com/exploits/10325/
+
+ 10325
+
UPLOAD
@@ -2338,12 +2946,16 @@
Vulnerabilities in WP-Cumulus <= 1.20 for WordPress
- http://www.exploit-db.com/exploits/10228/
+
+ 10228
+
MULTI
WP-Cumulus Cross Site Scripting Vulnerabily
- http://seclists.org/fulldisclosure/2011/Nov/340
+
+ http://seclists.org/fulldisclosure/2011/Nov/340
+
XSS
1.23
@@ -2352,7 +2964,9 @@
WP-Syntax <= 0.9.1 Remote Command Execution
- http://www.exploit-db.com/exploits/9431/
+
+ 9431
+
RCE
@@ -2360,7 +2974,9 @@
My Category Order <= 2.8 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/9150/
+
+ 9150
+
SQLI
@@ -2368,7 +2984,9 @@
Related Sites 2.1 Blind SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/9054/
+
+ 9054
+
SQLI
@@ -2376,17 +2994,23 @@
SWF Vulnerable to XSS Bundled in Many Wordpress Plugins
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
DM Albums 1.9.2 Remote File Disclosure Vulnerability
- http://www.exploit-db.com/exploits/9048/
+
+ 9048
+
LFI
DM Albums 1.9.2 Remote File Inclusion Vuln
- http://www.exploit-db.com/exploits/9043/
+
+ 9043
+
RFI
@@ -2394,17 +3018,23 @@
Photoracer 1.0 (id) SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/8961/
+
+ 8961
+
SQLI
Photoracer plugin <= 1.0 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17720/
+
+ 17720
+
SQLI
Photoracer plugin <= 1.0 Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/17731/
+
+ 17731
+
MULTI
@@ -2412,7 +3042,9 @@
Lytebox (wp-lytebox) Local File Inclusion Vulnerability
- http://www.exploit-db.com/exploits/8791/
+
+ 8791
+
LFI
@@ -2420,7 +3052,9 @@
fMoblog 2.1 (id) SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/8229/
+
+ 8229
+
SQLI
@@ -2428,7 +3062,9 @@
Page Flip Image Gallery <= 0.2.2 Remote FD Vuln
- http://www.exploit-db.com/exploits/7543/
+
+ 7543
+
LFI
@@ -2436,7 +3072,9 @@
e-Commerce <= 3.4 Arbitrary File Upload Exploit
- http://www.exploit-db.com/exploits/6867/
+
+ 6867
+
UPLOAD
@@ -2444,7 +3082,9 @@
Download Manager 0.2 Arbitrary File Upload Exploit
- http://www.exploit-db.com/exploits/6127/
+
+ 6127
+
UPLOAD
@@ -2452,7 +3092,9 @@
Spreadsheet <= 0.6 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/5486/
+
+ 5486
+
SQLI
@@ -2460,7 +3102,9 @@
Download (dl_id) SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/5326/
+
+ 5326
+
SQLI
@@ -2468,7 +3112,9 @@
Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/5194/
+
+ 5194
+
MULTI
@@ -2476,7 +3122,9 @@
Photo album Remote SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/5135/
+
+ 5135
+
SQLI
@@ -2484,12 +3132,16 @@
Simple Forum 2.0-2.1 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/5126/
+
+ 5126
+
SQLI
Simple Forum 1.10-1.11 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/5127/
+
+ 5127
+
SQLI
@@ -2497,12 +3149,16 @@
st_newsletter Remote SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/5053/
+
+ 5053
+
SQLI
st_newsletter (stnl_iframe.php) SQL Injection Vuln
- http://www.exploit-db.com/exploits/6777/
+
+ 6777
+
SQLI
@@ -2510,7 +3166,9 @@
Wordspew Remote SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/5039/
+
+ 5039
+
SQLI
@@ -2518,7 +3176,9 @@
dmsguestbook 1.7.0 Multiple Remote Vulnerabilities
- http://www.exploit-db.com/exploits/5035/
+
+ 5035
+
MULTI
@@ -2526,7 +3186,9 @@
WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit
- http://www.exploit-db.com/exploits/5017/
+
+ 5017
+
SQLI
@@ -2534,7 +3196,9 @@
Adserve 0.2 adclick.php SQL Injection Exploit
- http://www.exploit-db.com/exploits/5013/
+
+ 5013
+
SQLI
@@ -2542,7 +3206,9 @@
plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/4993/
+
+ 4993
+
SQLI
@@ -2550,7 +3216,9 @@
WP-Cal 0.3 editevent.php SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/4992/
+
+ 4992
+
SQLI
@@ -2558,12 +3226,16 @@
plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/4939/
+
+ 4939
+
SQLI
plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/7738/
+
+ 7738
+
SQLI
@@ -2571,12 +3243,16 @@
Wp-FileManager 1.2 Remote Upload Vulnerability
- http://www.exploit-db.com/exploits/4844/
+
+ 4844
+
UPLOAD
WordPress wp-FileManager File Download Vulnerability
- http://secunia.com/advisories/53421/
+
+ 53421
+
UNKNOWN
1.4.0
@@ -2585,7 +3261,9 @@
PictPress <= 0.91 Remote File Disclosure Vulnerability
- http://www.exploit-db.com/exploits/4695/
+
+ 4695
+
LFI
@@ -2593,7 +3271,9 @@
BackUp <= 0.4.2b RFI Vulnerability
- http://www.exploit-db.com/exploits/4593/
+
+ 4593
+
RFI
@@ -2601,7 +3281,9 @@
plugin myflash <= 1.00 (wppath) RFI Vulnerability
- http://www.exploit-db.com/exploits/3828/
+
+ 3828
+
RFI
@@ -2609,7 +3291,9 @@
plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability
- http://www.exploit-db.com/exploits/3825/
+
+ 3825
+
RFI
@@ -2617,7 +3301,9 @@
plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability
- http://www.exploit-db.com/exploits/3824/
+
+ 3824
+
RFI
@@ -2625,7 +3311,9 @@
myGallery <= 1.4b4 Remote File Inclusion Vulnerability
- http://www.exploit-db.com/exploits/3814/
+
+ 3814
+
RFI
@@ -2633,7 +3321,9 @@
SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17716/
+
+ 17716
+
SQLI
@@ -2641,7 +3331,9 @@
Js-appointment plugin <= 1.5 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17724/
+
+ 17724
+
SQLI
@@ -2649,12 +3341,16 @@
MM Forms Community <= 1.2.3 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17725/
+
+ 17725
+
SQLI
MM Forms Community 2.2.6 Arbitrary File Upload
- http://www.exploit-db.com/exploits/18997/
+
+ 18997
+
UPLOAD
@@ -2662,7 +3358,9 @@
Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17728/
+
+ 17728
+
SQLI
@@ -2670,7 +3368,9 @@
Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17729/
+
+ 17729
+
SQLI
@@ -2678,7 +3378,9 @@
Oqey Headers plugin <= 0.3 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17730/
+
+ 17730
+
SQLI
@@ -2686,7 +3388,9 @@
Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17737/
+
+ 17737
+
SQLI
@@ -2694,12 +3398,16 @@
Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17738/
+
+ 17738
+
SQLI
Evarisk 5.1.5.4 Shell Upload
- http://packetstormsecurity.org/files/113638/
+
+ http://packetstormsecurity.org/files/113638/
+
UPLOAD
@@ -2707,7 +3415,9 @@
Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17739/
+
+ 17739
+
SQLI
@@ -2715,7 +3425,9 @@
mySTAT plugin <= 2.6 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17740/
+
+ 17740
+
SQLI
@@ -2723,7 +3435,9 @@
SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17748/
+
+ 17748
+
SQLI
@@ -2731,7 +3445,9 @@
iCopyright(R) Article Tools plugin <= 1.1.4 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17749/
+
+ 17749
+
SQLI
@@ -2739,7 +3455,9 @@
Advertizer plugin <= 1.0 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17750/
+
+ 17750
+
SQLI
@@ -2747,17 +3465,23 @@
Event Registration plugin <= 5.44 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17814/
+
+ 17814
+
SQLI
Event Registration plugin <= 5.43 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17751/
+
+ 17751
+
SQLI
Event Registration 5.32 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/15513/
+
+ 15513
+
SQLI
@@ -2765,7 +3489,9 @@
Craw Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17755/
+
+ 17755
+
SQLI
@@ -2773,7 +3499,9 @@
wp audio gallery playlist plugin <= 0.12 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17756/
+
+ 17756
+
SQLI
@@ -2781,13 +3509,17 @@
WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/52030/
+
+ 52030
+
XSS
2.6
yolink Search plugin <= 1.1.4 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17757/
+
+ 17757
+
SQLI
@@ -2795,7 +3527,9 @@
PureHTML plugin <= 1.0.0 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17758/
+
+ 17758
+
SQLI
@@ -2803,7 +3537,9 @@
Couponer plugin <= 1.2 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17759/
+
+ 17759
+
SQLI
@@ -2811,7 +3547,9 @@
grapefile plugin <= 1.1 Arbitrary File Upload
- http://www.exploit-db.com/exploits/17760/
+
+ 17760
+
UPLOAD
@@ -2819,7 +3557,9 @@
image-gallery-with-slideshow plugin <= 1.5 Arbitrary File Upload / SQL Injection
- http://www.exploit-db.com/exploits/17761/
+
+ 17761
+
MULTI
@@ -2827,7 +3567,9 @@
Donation plugin <= 1.0 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17763/
+
+ 17763
+
SQLI
@@ -2835,12 +3577,16 @@
WP Bannerize plugin <= 2.8.6 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17764/
+
+ 17764
+
SQLI
WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17906/
+
+ 17906
+
SQLI
@@ -2848,7 +3594,9 @@
SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17767/
+
+ 17767
+
SQLI
@@ -2856,7 +3604,9 @@
VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17771/
+
+ 17771
+
SQLI
@@ -2864,7 +3614,9 @@
Facebook Opengraph Meta plugin <= 1.0 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17773/
+
+ 17773
+
SQLI
@@ -2872,7 +3624,9 @@
Zotpress plugin <= 4.4 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17778/
+
+ 17778
+
SQLI
@@ -2880,7 +3634,9 @@
oQey Gallery plugin <= 0.4.8 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17779/
+
+ 17779
+
SQLI
@@ -2888,7 +3644,9 @@
Tweet Old Post plugin <= 3.2.5 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17789/
+
+ 17789
+
SQLI
@@ -2896,7 +3654,9 @@
post highlights plugin <= 2.2 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17790/
+
+ 17790
+
SQLI
@@ -2904,7 +3664,9 @@
KNR Author List Widget plugin <= 2.0.0 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17791/
+
+ 17791
+
SQLI
@@ -2912,7 +3674,9 @@
SCORM Cloud plugin <= 1.0.6.6 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17793/
+
+ 17793
+
SQLI
@@ -2920,7 +3684,9 @@
Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17794/
+
+ 17794
+
SQLI
@@ -2928,7 +3694,9 @@
Paid Downloads plugin <= 2.01 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17797/
+
+ 17797
+
SQLI
@@ -2936,7 +3704,9 @@
Community Events plugin <= 1.2.1 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17798/
+
+ 17798
+
SQLI
@@ -2944,12 +3714,16 @@
1-flash-gallery <= 1.9.0 XSS in ZeroClipboard.swf
- http://1337day.com/exploit/20396
+
+ http://1337day.com/exploit/20396
+
XSS
1 Flash Gallery Arbiraty File Upload Exploit (MSF)
- http://www.exploit-db.com/exploits/17801/
+
+ 17801
+
UPLOAD
@@ -2957,12 +3731,16 @@
WP-Filebase Download Manager plugin <= 0.2.9 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17808/
+
+ 17808
+
SQLI
WordPress WP-Filebase Plugin Unspecified Vulnerabilities
- http://secunia.com/advisories/51269/
+
+ 51269
+
UNKNOWN
0.2.9.25
@@ -2971,7 +3749,9 @@
A to Z Category Listing plugin <= 1.3 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17809/
+
+ 17809
+
SQLI
@@ -2979,12 +3759,16 @@
WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17832/
+
+ 17832
+
SQLI
WP-e-Commerce plugin v3.8.9.5 Cross Site Scripting Vulnerability
- http://1337day.com/exploit/20517
+
+ http://1337day.com/exploit/20517
+
XSS
@@ -2992,7 +3776,9 @@
Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability
- http://www.exploit-db.com/exploits/17858/
+
+ 17858
+
LFI
@@ -3000,12 +3786,16 @@
TheCartPress <= 1.6 Cross Site Sripting
- http://packetstormsecurity.org/files/108272/
+
+ http://packetstormsecurity.org/files/108272/
+
XSS
TheCartPress 1.1.1 Remote File Inclusion
- http://www.exploit-db.com/exploits/17860/
+
+ 17860
+
RFI
@@ -3013,7 +3803,9 @@
WPEasyStats 1.8 Remote File Inclusion
- http://www.exploit-db.com/exploits/17862/
+
+ 17862
+
RFI
@@ -3021,7 +3813,9 @@
Annonces 1.2.0.0 Remote File Inclusion
- http://www.exploit-db.com/exploits/17863/
+
+ 17863
+
RFI
@@ -3029,7 +3823,9 @@
Livesig 0.4 Remote File Inclusion
- http://www.exploit-db.com/exploits/17864/
+
+ 17864
+
RFI
@@ -3037,7 +3833,9 @@
Disclosure Policy 1.0 Remote File Inclusion
- http://www.exploit-db.com/exploits/17865/
+
+ 17865
+
RFI
@@ -3045,12 +3843,16 @@
Mailing List 1.3.2 Remote File Inclusion
- http://www.exploit-db.com/exploits/17866/
+
+ 17866
+
RFI
Mailing List Arbitrary file download
- http://www.exploit-db.com/exploits/18276/
+
+ 18276
+
UNKNOWN
1.4.1
@@ -3059,12 +3861,16 @@
Zingiri Web Shop 2.2.0 Remote File Inclusion
- http://www.exploit-db.com/exploits/17867/
+
+ 17867
+
RFI
Zingiri Web Shop <= 2.2.3 Remote Code Execution
- http://www.exploit-db.com/exploits/18111/
+
+ 18111
+
RCE
@@ -3072,12 +3878,16 @@
Mini Mail Dashboard Widget 1.36 Remote File Inclusion
- http://www.exploit-db.com/exploits/17868/
+
+ 17868
+
RFI
Mini Mail Dashboard Widget 1.42 Stored XSS
- http://www.exploit-db.com/exploits/20358/
+
+ 20358
+
XSS
@@ -3085,7 +3895,9 @@
Relocate Upload 0.14 Remote File Inclusion
- http://www.exploit-db.com/exploits/17869/
+
+ 17869
+
RFI
@@ -3093,12 +3905,16 @@
Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
- Category Grid View Gallery CatGridPost.php ID Parameter XSS
- http://osvdb.org/94805
+ Category Grid View Gallery CatGridPost.php ID Parameter XSS
+
+ 94805
+
XSS
@@ -3106,7 +3922,9 @@
Auto Attachments plugin 0.2.9 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3114,7 +3932,9 @@
WP Marketplace plugin 1.1.0 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3122,7 +3942,9 @@
DP Thumbnail plugin 1.0 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3130,7 +3952,9 @@
Vk Gallery plugin 1.1.0 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3138,7 +3962,9 @@
Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3146,7 +3972,9 @@
CAC Featured Content plugin 0.8 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3154,7 +3982,9 @@
Rent A Car plugin 1.0 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3162,7 +3992,9 @@
LISL Last Image Slider plugin 1.0 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3170,7 +4002,9 @@
Islidex plugin 2.7 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3178,7 +4012,9 @@
Kino Gallery plugin 1.0 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3186,7 +4022,9 @@
Cms Pack plugin 1.3 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3194,7 +4032,9 @@
A Gallery plugin 0.9 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3202,7 +4042,9 @@
Category List Portfolio Page plugin 0.9 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3210,7 +4052,9 @@
Really Easy Slider plugin 0.1 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3218,7 +4062,9 @@
Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3226,7 +4072,9 @@
User Avatar plugin 1.3.7 shell upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3234,7 +4082,9 @@
Extend plugin 1.3.7 Shell Upload vulnerability
- http://www.exploit-db.com/exploits/17872/
+
+ 17872
+
UPLOAD
@@ -3242,12 +4092,16 @@
AdRotate plugin <= 3.6.5 SQL Injection Vulnerability
- http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html
+
+ http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html
+
SQLI
AdRotate plugin <= 3.6.6 SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/18114/
+
+ 18114
+
SQLI
@@ -3255,7 +4109,9 @@
WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/17970/
+
+ 17970
+
SQLI
@@ -3263,18 +4119,24 @@
WordPress GD Star Rating Plugin Export Security Bypass Security Issue
- http://secunia.com/advisories/49850/
+
+ 49850
+
AUTHBYPASS
1.9.19
GD Star Rating plugin <= 1.9.16 Cross Site Scripting
- http://www.packetstormsecurity.org/files/112702
+
+ http://www.packetstormsecurity.org/files/112702
+
XSS
GD Star Rating plugin <= 1.9.10 SQL Injection
- http://www.exploit-db.com/exploits/17973/
+
+ 17973
+
SQLI
@@ -3282,7 +4144,9 @@
Contact Form plugin <= 2.7.5 SQL Injection
- http://www.exploit-db.com/exploits/17980/
+
+ 17980
+
SQLI
@@ -3290,41 +4154,55 @@
WP Photo Album Plus <= 4.1.1 SQL Injection
- http://www.exploit-db.com/exploits/17983/
+
+ 17983
+
SQLI
WP Photo Album Plus <= 4.8.12 Cross-Site Scripting
- http://secunia.com/advisories/51679/
+
+ 51679
+
XSS
WP Photo Album Plus Full Path Disclosure
- http://1337day.com/exploit/20125
+
+ http://1337day.com/exploit/20125
+
FPD
4.9.1
WP Photo Album Plus XSS
- http://secunia.com/advisories/51829/
+
+ 51829
+
XSS
4.9.3
WP Photo Album Plus XSS
- http://secunia.com/advisories/51669/
+
+ 51669
+
XSS
4.9.3
WordPress WP Photo Album Plus Plugin "commentid" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53105/
+
+ 53105
+
XSS
5.0.3
WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS
- http://osvdb.org/94465
+
+ 94465
+
XSS
5.0.11
@@ -3333,12 +4211,16 @@
BackWPUp 2.1.4 Code Execution
- http://www.exploit-db.com/exploits/17987/
+
+ 17987
+
RCE
plugin BackWPup 1.5.2, 1.6.1, 1.7.1 Remote and Local Code Execution Vulnerability
- http://osvdb.org/71481
+
+ 71481
+
RCE
@@ -3346,8 +4228,10 @@
portable-phpMyAdmin Authentication Bypass
- http://www.exploit-db.com/exploits/23356
- http://secunia.com/advisories/51520/
+
+ 23356
+ 51520
+
AUTHBYPASS
1.3.1
@@ -3356,7 +4240,9 @@
super-refer-a-friend Full Path Disclosure
- http://1337day.com/exploit/20126
+
+ http://1337day.com/exploit/20126
+
FPD
1.0
@@ -3365,18 +4251,24 @@
W3-Total-Cache Username and Hash Extract
- http://seclists.org/fulldisclosure/2012/Dec/242
- https://github.com/FireFart/W3TotalCacheExploit
- auxiliary/gather/wp_w3_total_cache_hash_extract
+
+ http://seclists.org/fulldisclosure/2012/Dec/242
+ https://github.com/FireFart/W3TotalCacheExploit
+ auxiliary/gather/wp_w3_total_cache_hash_extract
+
UNKNOWN
0.9.2.5
W3-Total-Cache Remote Code Execution
- http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
- http://wordpress.org/support/topic/pwn3d
- http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
- exploits/unix/webapp/php_wordpress_total_cache
+
+ http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
+ http://wordpress.org/support/topic/pwn3d
+
+ http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
+
+ exploits/unix/webapp/php_wordpress_total_cache
+
RCE
0.9.2.9
@@ -3385,9 +4277,13 @@
WP-Super-Cache Remote Code Execution
- http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
- http://wordpress.org/support/topic/pwn3d
- http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
+
+ http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
+ http://wordpress.org/support/topic/pwn3d
+
+ http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
+
+
RCE
1.3.1
@@ -3396,12 +4292,16 @@
ripe-hd-player 1.0 SQL Injection
- http://www.exploit-db.com/exploits/24229/
+
+ 24229
+
SQLI
ripe-hd-player 1.0 Full Path Disclosure
- http://www.exploit-db.com/exploits/24229/
+
+ 24229
+
FPD
@@ -3409,14 +4309,18 @@
floating-tweets persistent XSS
- http://packetstormsecurity.com/files/119499/floatingtweets-xsstraversal.txt
- http://websecurity.com.ua/6023/
+
+ http://packetstormsecurity.com/files/119499/floatingtweets-xsstraversal.txt
+ http://websecurity.com.ua/6023/
+
XSS
floating-tweets directory traversal
- http://packetstormsecurity.com/files/119499/floatingtweets-xsstraversal.txt
- http://websecurity.com.ua/6023/
+
+ http://packetstormsecurity.com/files/119499/floatingtweets-xsstraversal.txt
+ http://websecurity.com.ua/6023/
+
UNKNOWN
@@ -3424,8 +4328,10 @@
ipfeuilledechou SQL Injection Vulnerability
- http://www.exploit4arab.com/exploits/377
- http://1337day.com/exploits/20206
+
+ http://www.exploit4arab.com/exploits/377
+ http://1337day.com/exploits/20206
+
SQLI
@@ -3433,13 +4339,17 @@
Simple Login Log Plugin XSS
- http://secunia.com/advisories/51780/
+
+ 51780
+
XSS
0.9.4
Simple Login Log Plugin SQL Injection
- http://secunia.com/advisories/51780/
+
+ 51780
+
SQLI
0.9.4
@@ -3448,7 +4358,9 @@
wp-slimstat XSS
- http://secunia.com/advisories/51721/
+
+ 51721
+
XSS
2.8.5
@@ -3457,7 +4369,9 @@
browser-rejector Remote and Local File Inclusion
- http://secunia.com/advisories/51739/
+
+ 51739
+
LFI
2.11
@@ -3466,7 +4380,9 @@
WordPress File Uploader Plugin PHP File Upload Vulnerability
- http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/
+
+ http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/
+
UPLOAD
@@ -3474,20 +4390,26 @@
WordPress Poll Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/51925/
+
+ 51925
+
CSRF
34.06
Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin
- http://secunia.com/advisories/51942/
- http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html
- http://seclists.org/bugtraq/2013/Jan/86
+
+ 51942
+ http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html
+ http://seclists.org/bugtraq/2013/Jan/86
+
SQLI
WordPress Poll Plugin Multiple SQL Injection Vulnerabilities
- http://secunia.com/advisories/50910/
+
+ 50910
+
SQLI
33.6
@@ -3496,9 +4418,11 @@
Wordpress Developer Formatter CSRF and XSS Vulnerability
- http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt
- http://1337day.com/exploits/20210
- http://secunia.com/advisories/51912/
+
+ http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt
+ http://1337day.com/exploits/20210
+ 51912
+
MULTI
@@ -3506,7 +4430,9 @@
WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/51531/
+
+ 51531
+
CSRF
1.0.1
@@ -3515,15 +4441,19 @@
WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities
- http://secunia.com/advisories/51869/
+
+ 51869
+
XSS
5.3.4
WordPress Events Manager Multiple Cross Site Scripting Vulnerabilities
- http://www.securityfocus.com/bid/60078
- http://secunia.com/advisories/53478/
- http://osvdb.org/93558
+
+ http://www.securityfocus.com/bid/60078
+ 53478
+ 93558
+
XSS
5.3.9
@@ -3532,8 +4462,10 @@
WordPress SolveMedia CSRF Vulnerability
- http://1337day.com/exploit/20222
- http://secunia.com/advisories/51927/
+
+ http://1337day.com/exploit/20222
+ 51927
+
CSRF
1.1.1
@@ -3542,7 +4474,9 @@
WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities
- http://secunia.com/advisories/51581/
+
+ 51581
+
MULTI
@@ -3550,7 +4484,9 @@
WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/51543/
+
+ 51543
+
CSRF
@@ -3558,7 +4494,9 @@
WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/51419/
+
+ 51419
+
XSS
@@ -3566,15 +4504,19 @@
WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/51385/
+
+ 51385
+
XSS
- WooCommerce index.php calc_shipping_state Parameter XSS
- http://osvdb.org/95480
+ WooCommerce index.php calc_shipping_state Parameter XSS
+
+ 95480
+
XSS
2.0.13
@@ -3583,7 +4525,9 @@
WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/51384/
+
+ 51384
+
XSS
@@ -3591,7 +4535,9 @@
WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability
- http://secunia.com/advisories/51305/
+
+ 51305
+
UNKNOWN
1.1.0
@@ -3600,12 +4546,16 @@
WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/50982/
+
+ 50982
+
XSS
WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/53127/
+
+ 53127
+
CSRF
1.63
@@ -3614,7 +4564,9 @@
WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/51082/
+
+ 51082
+
CSRF
@@ -3622,17 +4574,21 @@
SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin
- https://www.htbridge.com/advisory/HTB23140
- http://packetstormsecurity.com/files/120089/wpwysijanl-sql.txt
- http://seclists.org/bugtraq/2013/Feb/29
- http://cxsecurity.com/issue/WLB-2013020039
+
+ https://www.htbridge.com/advisory/HTB23140
+ http://packetstormsecurity.com/files/120089/wpwysijanl-sql.txt
+ http://seclists.org/bugtraq/2013/Feb/29
+ http://cxsecurity.com/issue/WLB-2013020039
+
SQLI
2.2.1
WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/51249/
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
+ 51249
+ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
+
XSS
2.1.7
@@ -3641,7 +4597,9 @@
WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability
- http://secunia.com/advisories/51179/
+
+ 51179
+
SQLI
@@ -3649,7 +4607,9 @@
WordPress Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/50981/
+
+ 50981
+
XSS
@@ -3657,7 +4617,9 @@
Wordpress Dynamic Font Replacement 1.3 plugin SQL Injection Vulnerability
- http://1337day.com/exploit/20239
+
+ http://1337day.com/exploit/20239
+
SQLI
@@ -3665,7 +4627,9 @@
WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/50983/
+
+ 50983
+
XSS
1.2.1
@@ -3674,7 +4638,9 @@
WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/50487/
+
+ 50487
+
CSRF
1.5.1
@@ -3683,7 +4649,9 @@
Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability
- http://secunia.com/advisories/50924/
+
+ 50924
+
LFI
0.2.1
@@ -3692,7 +4660,9 @@
WordPress Crayon Syntax Highlighter Plugin "wp_load" Remote File Inclusion Vulnerability
- http://secunia.com/advisories/50804/
+
+ 50804
+
RFI
1.13
@@ -3701,7 +4671,9 @@
WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability
- http://secunia.com/advisories/50933/
+
+ 50933
+
LFI
0.2
@@ -3710,7 +4682,9 @@
WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities
- http://secunia.com/advisories/50868/
+
+ 50868
+
MULTI
1.4.0
@@ -3719,7 +4693,9 @@
WordPress CSS Plus Plugin Unspecified Vulnerabilities
- http://secunia.com/advisories/50793/
+
+ 50793
+
UNKNOWN
1.3.2
@@ -3728,7 +4704,9 @@
WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities
- http://secunia.com/advisories/50762/
+
+ 50762
+
XSS
3.1.2
@@ -3737,7 +4715,9 @@
WordPress ABC Test Plugin "id" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/50608/
+
+ 50608
+
XSS
@@ -3745,7 +4725,9 @@
Wordpress Token Manager Plugin "tid" Cross-Site Scripting Vulnerabilities
- http://secunia.com/advisories/50722/
+
+ 50722
+
XSS
@@ -3753,7 +4735,9 @@
WordPress Sexy Add Template Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/50709/
+
+ 50709
+
CSRF
@@ -3761,7 +4745,9 @@
WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/50717/
+
+ 50717
+
CSRF
@@ -3769,7 +4755,9 @@
WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/50571/
+
+ 50571
+
XSS
@@ -3777,12 +4765,16 @@
wp-topbar <= 3.04 XSS in ZeroClipboard.swf
- http://1337day.com/exploit/20396
+
+ http://1337day.com/exploit/20396
+
XSS
WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/50693/
+
+ 50693
+
CSRF
4.0.3
@@ -3791,7 +4783,9 @@
WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities
- http://secunia.com/advisories/50466/
+
+ 50466
+
SQLI
@@ -3799,7 +4793,9 @@
WordPress Cloudsafe365 Plugin Multiple Vulnerabilities
- http://secunia.com/advisories/50392/
+
+ 50392
+
MULTI
1.47
@@ -3808,7 +4804,9 @@
WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities
- http://secunia.com/advisories/50176/
+
+ 50176
+
LFI
1.1
@@ -3817,7 +4815,9 @@
WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability
- http://secunia.com/advisories/50161/
+
+ 50161
+
UNKNOWN
1.5
@@ -3826,7 +4826,9 @@
WordPress WP Lead Management Plugin Script Insertion Vulnerabilities
- http://secunia.com/advisories/50166/
+
+ 50166
+
XSS
@@ -3835,7 +4837,9 @@
WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities
- http://secunia.com/advisories/50173/
+
+ 50173
+
XSS
1.0.4
@@ -3844,7 +4848,9 @@
WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities
- http://secunia.com/advisories/50100/
+
+ 50100
+
AUTHBYPASS
@@ -3852,7 +4858,9 @@
WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities
- http://secunia.com/advisories/50099/
+
+ 50099
+
XSS
2.0
@@ -3861,7 +4869,9 @@
WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities
- http://secunia.com/advisories/49910/
+
+ 49910
+
MULTI
0.9.2
@@ -3870,7 +4880,9 @@
WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/50030/
+
+ 50030
+
XSS
1.2.07.20
@@ -3879,7 +4891,9 @@
WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability
- http://secunia.com/advisories/49975/
+
+ 49975
+
UPLOAD
2.3.9
@@ -3888,7 +4902,9 @@
WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability
- http://secunia.com/advisories/49996/
+
+ 49996
+
UPLOAD
2.0
@@ -3897,7 +4913,9 @@
wp-explorer-gallery Arbitrary File Upload Vulnerability
- http://www.1337day.com/exploit/20251
+
+ http://www.1337day.com/exploit/20251
+
UPLOAD
@@ -3905,7 +4923,9 @@
accordion Arbitrary File Upload Vulnerability
- http://www.1337day.com/exploit/20254
+
+ http://www.1337day.com/exploit/20254
+
UPLOAD
@@ -3913,7 +4933,9 @@
wp-catpro Arbitrary File Upload Vulnerability
- http://www.1337day.com/exploit/20256
+
+ http://www.1337day.com/exploit/20256
+
UPLOAD
@@ -3921,7 +4943,9 @@
Wordpress RLSWordPressSearch plugin SQL Injection
- http://www.exploit-db.com/exploits/24440/
+
+ 24440
+
SQLI
@@ -3929,15 +4953,19 @@
wordpress-simple-shout-box Plugin SQL Injection
- http://cxsecurity.com/issue/WLB-2013010235
+
+ http://cxsecurity.com/issue/WLB-2013010235
+
SQLI
- Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection
- http://cxsecurity.com/issue/WLB-2013010236
+ Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection
+
+ http://cxsecurity.com/issue/WLB-2013010236
+
SQLI
@@ -3945,7 +4973,9 @@
WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness
- http://secunia.com/advisories/51998/
+
+ 51998
+
UNKNOWN
1.0.8
@@ -3954,7 +4984,9 @@
WordPress p1m media manager plugin SQL Injection Vulnerability
- http://www.1337day.com/exploit/20270
+
+ http://www.1337day.com/exploit/20270
+
SQLI
@@ -3962,14 +4994,18 @@
wp-table-reloaded <= 1.9.3 XSS in ZeroClipboard.swf
- http://1337day.com/exploit/20396
+
+ http://1337day.com/exploit/20396
+
XSS
Wordpress wp-table-reloaded plugin cross-site scripting in SWF
- http://packetstormsecurity.com/files/119968/wptablereloaded-xss.txt
- http://secunia.com/advisories/52027/
- http://seclists.org/bugtraq/2013/Feb/28
+
+ http://packetstormsecurity.com/files/119968/wptablereloaded-xss.txt
+ 52027
+ http://seclists.org/bugtraq/2013/Feb/28
+
XSS
1.9.4
@@ -3978,7 +5014,9 @@
WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability
- http://secunia.com/advisories/51347/
+
+ 51347
+
RFI
@@ -3986,7 +5024,9 @@
Wordpress plugins ForumConverter SQL Injection Vulnerability
- http://www.1337day.com/exploit/20275
+
+ http://www.1337day.com/exploit/20275
+
SQLI
@@ -3994,13 +5034,17 @@
WordPress plugins Newsletter SQL Injection Vulnerability
- http://www.1337day.com/exploit/20287
+
+ http://www.1337day.com/exploit/20287
+
SQLI
WordPress Newsletter Plugin "alert" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53398/
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php
+
+ 53398
+ http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php
+
XSS
3.2.7
@@ -4009,11 +5053,13 @@
Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin
- https://www.htbridge.com/advisory/HTB23138
- http://packetstormsecurity.com/files/120090/wpcommentluv-xss.txt
- http://seclists.org/bugtraq/2013/Feb/30
- http://cxsecurity.com/issue/WLB-2013020040
- http://secunia.com/advisories/52092/
+
+ https://www.htbridge.com/advisory/HTB23138
+ http://packetstormsecurity.com/files/120090/wpcommentluv-xss.txt
+ http://seclists.org/bugtraq/2013/Feb/30
+ http://cxsecurity.com/issue/WLB-2013020040
+ 52092
+
XSS
2.92.4
@@ -4022,7 +5068,9 @@
Wordpress wp-forum plugin SQL Injection
- http://cxsecurity.com/issue/WLB-2013020035
+
+ http://cxsecurity.com/issue/WLB-2013020035
+
SQLI
@@ -4030,7 +5078,9 @@
WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability
- http://secunia.com/advisories/51707/
+
+ 51707
+
RFI
1.8
@@ -4039,8 +5089,10 @@
Wordpress Audio Player Plugin XSS in SWF
- http://seclists.org/bugtraq/2013/Feb/35
- http://secunia.com/advisories/52083/
+
+ http://seclists.org/bugtraq/2013/Feb/35
+ 52083
+
XSS
2.0.4.6
@@ -4049,7 +5101,9 @@
Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit
- http://1337day.com/exploit/20318
+
+ http://1337day.com/exploit/20318
+
UPLOAD
@@ -4057,17 +5111,23 @@
wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection
- http://cxsecurity.com/issue/WLB-2013020061
+
+ http://cxsecurity.com/issue/WLB-2013020061
+
SQLI
- WordPress WP Online Store Plugin 1.3.1 downloaded before 2013-01-17 File Disclosure and File Inclusion Vulnerabilities
- http://secunia.com/advisories/50836/
- http://ceriksen.com/2013/02/18/wordpress-online-store-arbitrary-file-disclosure/
- http://ceriksen.com/2013/02/18/wordpress-online-store-local-file-inclusion-vulnerability/
+ WordPress WP Online Store Plugin 1.3.1 downloaded before 2013-01-17 File Disclosure and File Inclusion
+ Vulnerabilities
+
+
+ 50836
+ http://ceriksen.com/2013/02/18/wordpress-online-store-arbitrary-file-disclosure/
+ http://ceriksen.com/2013/02/18/wordpress-online-store-local-file-inclusion-vulnerability/
+
MULTI
@@ -4075,7 +5135,9 @@
Password Protected 1.4 Login Process redirect_to Parameter Arbitrary Site Redirect
- http://osvdb.org/90559
+
+ 90559
+
REDIRECT
@@ -4083,7 +5145,9 @@
Contact Form Plugin XSS
- http://osvdb.org/90503
+
+ 90503
+
XSS
@@ -4091,9 +5155,11 @@
smart-flv jwplayer.swf XSS
- http://www.openwall.com/lists/oss-security/2013/02/24/7
- http://packetstormsecurity.com/files/115100/jwplayer-xss.txt
- http://osvdb.org/90606
+
+ http://www.openwall.com/lists/oss-security/2013/02/24/7
+ http://packetstormsecurity.com/files/115100/jwplayer-xss.txt
+ 90606
+
XSS
@@ -4101,7 +5167,9 @@
Google Alert And Twitter v.3.1.5 XSS Exploit, SQL Injection
- http://1337day.com/exploits/20433
+
+ http://1337day.com/exploits/20433
+
MULTI
@@ -4109,8 +5177,11 @@
PHP Shell Plugin
- https://github.com/wpscanteam/wpscan/issues/138
- http://plugins.svn.wordpress.org/php-shell/trunk/shell.php
+
+
+ https://github.com/wpscanteam/wpscan/issues/138
+ http://plugins.svn.wordpress.org/php-shell/trunk/shell.php
+
RCE
@@ -4118,7 +5189,9 @@
Marekkis Watermark Cross Site Scripting
- http://packetstormsecurity.com/files/120378/wpmarekkiswatermark-xss.txt
+
+ http://packetstormsecurity.com/files/120378/wpmarekkiswatermark-xss.txt
+
XSS
@@ -4126,7 +5199,9 @@
Responsive Logo Slideshow Cross Site Scripting
- http://packetstormsecurity.com/files/120379/wpresponsivelogo-xss.txt
+
+ http://packetstormsecurity.com/files/120379/wpresponsivelogo-xss.txt
+
XSS
@@ -4134,9 +5209,11 @@
zopim-live-chat <= 1.2.5 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4144,8 +5221,10 @@
ed2k-link-selector <= 1.1.7 XSS in ZeroClipboard
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4153,9 +5232,11 @@
wppygments <= 0.3.2 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4163,8 +5244,10 @@
copy-in-clipboard <= 0.8 XSS in ZeroClipboard
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4172,8 +5255,10 @@
search-and-share <= 0.9.3 XSS in ZeroClipboard
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4181,8 +5266,10 @@
placester <= 0.3.12 XSS in ZeroClipboard
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4190,8 +5277,10 @@
drp-coupon <= 2.1 XSS in ZeroClipboard
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4199,8 +5288,10 @@
coupon-code-plugin <= 2.1 XSS in ZeroClipboard
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4208,8 +5299,10 @@
q2w3-inc-manager <= 2.3.1 XSS in ZeroClipboard
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4217,8 +5310,10 @@
scorerender <= 0.3.4 XSS in ZeroClipboard
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4226,9 +5321,11 @@
wp-link-to-us <= 2.0 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4236,9 +5333,11 @@
buckets <= 0.1.9.2 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4246,8 +5345,10 @@
java-trackback <= 0.2 XSS in ZeroClipboard
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4255,9 +5356,11 @@
slidedeck2 <= 2.1.20130228 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4265,9 +5368,11 @@
wp-clone-by-wp-academy <= 2.1.1 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4275,9 +5380,11 @@
tiny-url <= 1.3.2 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4285,9 +5392,11 @@
thethe-layout-grid <= 1.0.0 XSS in ZeroClipboard.
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4295,9 +5404,11 @@
paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4305,9 +5416,11 @@
mobileview <= 1.0.7 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4315,9 +5428,11 @@
jaspreetchahals-coupons-lite <= 2.1 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4325,9 +5440,11 @@
geshi-source-colorer <= 0.13 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4335,9 +5452,11 @@
click-to-copy-grab-box <= 0.1.1 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4345,9 +5464,11 @@
cleeng <= 2.3.2 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4355,9 +5476,11 @@
bp-code-snippets <= 2.0 XSS in ZeroClipboard
- http://www.openwall.com/lists/oss-security/2013/03/10/2
- http://1337day.com/exploit/20396
- 2013-1808
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/2
+ http://1337day.com/exploit/20396
+ 2013-1808
+
XSS
@@ -4365,8 +5488,10 @@
snazzy-archives <= 1.7.1 XSS vulnerability
- http://www.openwall.com/lists/oss-security/2013/03/10/3
- 2009-4168
+
+ http://www.openwall.com/lists/oss-security/2013/03/10/3
+ 2009-4168
+
XSS
@@ -4374,8 +5499,10 @@
vkontakte-api XSS vulnerability
- http://www.openwall.com/lists/oss-security/2013/03/11/1
- 2009-4168
+
+ http://www.openwall.com/lists/oss-security/2013/03/11/1
+ 2009-4168
+
XSS
@@ -4383,7 +5510,9 @@
Terillion Reviews Cross Site Scripting
- http://packetstormsecurity.com/files/120730/wpterillionreviews-xss.txt
+
+ http://packetstormsecurity.com/files/120730/wpterillionreviews-xss.txt
+
XSS
@@ -4391,7 +5520,9 @@
o2s-gallery plugin Cross Site Scripting Vulnerability
- http://1337day.com/exploit/20516
+
+ http://1337day.com/exploit/20516
+
XSS
@@ -4399,7 +5530,9 @@
bp-gallery plugin v1.2.5 Cross Site Scripting Vulnerability
- http://1337day.com/exploit/20518
+
+ http://1337day.com/exploit/20518
+
XSS
@@ -4407,7 +5540,9 @@
Simply Poll Plugin 1.4.1 - Multiple Vulnerabilities
- http://www.exploit-db.com/exploits/24850/
+
+ 24850
+
MULTI
@@ -4415,7 +5550,9 @@
Occasions Plugin 1.0.4 - CSRF Vulnerability
- http://www.exploit-db.com/exploits/24858/
+
+ 24858
+
CSRF
@@ -4423,7 +5560,9 @@
Mathjax Latex 1.1 CSRF Vulnerability
- http://1337day.com/exploit/20566
+
+ http://1337day.com/exploit/20566
+
CSRF
@@ -4431,8 +5570,11 @@
XSS vulnerability on WP-Banners-Lite
- http://seclists.org/fulldisclosure/2013/Mar/209
- http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
+
+ http://seclists.org/fulldisclosure/2013/Mar/209
+ http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
+
+
XSS
@@ -4440,8 +5582,10 @@
Backupbuddy - sensitive data exposure in importbuddy.php
- http://seclists.org/fulldisclosure/2013/Mar/206
- http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html
+
+ http://seclists.org/fulldisclosure/2013/Mar/206
+ http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html
+
UNKNOWN
@@ -4449,7 +5593,9 @@
WP FuneralPress - Stored XSS in Guestbook
- http://seclists.org/fulldisclosure/2013/Mar/282
+
+ http://seclists.org/fulldisclosure/2013/Mar/282
+
XSS
@@ -4457,7 +5603,9 @@
ofc_upload_image.php Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/24492/
+
+ 24492
+
UPLOAD
@@ -4465,9 +5613,11 @@
ofc_upload_image.php Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/24492/
- http://secunia.com/advisories/37903
- 2009-4140
+
+ 24492
+ 37903
+ 2009-4140
+
UPLOAD
0.5
@@ -4476,7 +5626,9 @@
ofc_upload_image.php Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/24492/
+
+ 24492
+
UPLOAD
@@ -4484,7 +5636,9 @@
ofc_upload_image.php Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/24492/
+
+ 24492
+
UPLOAD
@@ -4492,7 +5646,9 @@
ofc_upload_image.php Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/24492/
+
+ 24492
+
UPLOAD
@@ -4500,7 +5656,9 @@
ofc_upload_image.php Arbitrary File Upload Vulnerability
- http://www.exploit-db.com/exploits/24492/
+
+ 24492
+
UPLOAD
@@ -4508,7 +5666,10 @@
podPress 8.8.10.13 Cross Site Scripting
- http://packetstormsecurity.com/files/121011/WordPress-podPress-8.8.10.13-Cross-Site-Scripting.html
+
+ http://packetstormsecurity.com/files/121011/WordPress-podPress-8.8.10.13-Cross-Site-Scripting.html
+
+
XSS
@@ -4516,7 +5677,9 @@
fbsurveypro XSS Vulnerability
- http://1337day.com/exploit/20623
+
+ http://1337day.com/exploit/20623
+
XSS
@@ -4524,7 +5687,9 @@
timelineoptinpro XSS Vulnerability
- http://1337day.com/exploit/20620
+
+ http://1337day.com/exploit/20620
+
XSS
@@ -4532,7 +5697,9 @@
kioskprox XSS Vulnerability
- http://1337day.com/exploit/20624
+
+ http://1337day.com/exploit/20624
+
XSS
@@ -4540,7 +5707,9 @@
bigcontact SQLI
- http://plugins.trac.wordpress.org/changeset/689798
+
+ http://plugins.trac.wordpress.org/changeset/689798
+
SQLI
1.4.7
@@ -4549,7 +5718,9 @@
drawblog CSRF
- http://plugins.trac.wordpress.org/changeset/691178
+
+ http://plugins.trac.wordpress.org/changeset/691178
+
CSRF
0.81
@@ -4558,8 +5729,11 @@
social-media-widget malicious code
- http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk
- http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
+
+ http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk
+ http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
+
+
UNKNOWN
4.0.2
@@ -4568,8 +5742,10 @@
facebook-members CSRF
- https://secunia.com/advisories/52962/
- 2013-2703
+
+ 52962
+ 2013-2703
+
CSRF
5.0.5
@@ -4578,8 +5754,10 @@
foursquare-checkins CSRF
- https://secunia.com/advisories/53151/
- 2013-2709
+
+ 53151
+ 2013-2709
+
CSRF
1.3
@@ -4588,7 +5766,9 @@
formidable Pro Unspecified Vulnerabilities
- https://secunia.com/advisories/53121/
+
+ 53121
+
UNKNOWN
1.06.09
@@ -4597,8 +5777,10 @@
all-in-one-webmaster CSRF
- https://secunia.com/advisories/52877/
- 2013-2696
+
+ 52877
+ 2013-2696
+
CSRF
8.2.4
@@ -4607,7 +5789,9 @@
background-music 1.0 jPlayer.swf XSS
- https://secunia.com/advisories/53057/
+
+ 53057
+
XSS
@@ -4615,7 +5799,9 @@
haiku-minimalist-audio-player <= 1.0.0 jPlayer.swf XSS
- https://secunia.com/advisories/51336/
+
+ 51336
+
XSS
@@ -4623,7 +5809,9 @@
jammer <= 0.2 jPlayer.swf XSS
- https://secunia.com/advisories/53106/
+
+ 53106
+
XSS
@@ -4631,7 +5819,9 @@
syntaxhighlighter clipboard.swf XSS
- https://secunia.com/advisories/53235/
+
+ 53235
+
XSS
3.1.6
@@ -4640,7 +5830,9 @@
top-10 CSRF
- https://secunia.com/advisories/53205/
+
+ 53205
+
CSRF
1.9.3
@@ -4649,8 +5841,10 @@
easy-adsense-lite CSRF
- https://secunia.com/advisories/52953/
- 2013-2702
+
+ 52953
+ 2013-2702
+
CSRF
6.10
@@ -4659,16 +5853,20 @@
uk-cookie plugin XSS
- http://osvdb.org/87561
- http://seclists.org/bugtraq/2012/Nov/50
- 2012-5856
+
+ 87561
+ http://seclists.org/bugtraq/2012/Nov/50
+ 2012-5856
+
XSS
uk-cookie CSRF
- http://www.openwall.com/lists/oss-security/2013/06/06/10
- http://osvdb.org/94032
- 2013-2180
+
+ http://www.openwall.com/lists/oss-security/2013/06/06/10
+ 94032
+ 2013-2180
+
CSRF
@@ -4676,13 +5874,15 @@
wp-cleanfix Remote Command Execution, CSRF and XSS
- https://github.com/wpscanteam/wpscan/issues/186
- http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning
- http://osvdb.org/93450
- http://secunia.com/advisories/53395/
- http://osvdb.org/93468
- 2013-2108
- 2013-2109
+
+ https://github.com/wpscanteam/wpscan/issues/186
+ http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning
+ 93450
+ 53395
+ 93468
+ 2013-2108
+ 2013-2109
+
MULTI
3.0.2
@@ -4691,17 +5891,22 @@
mail-on-update plugin CSRF
- http://secunia.com/advisories/53449/
- http://www.openwall.com/lists/oss-security/2013/05/16/8
+
+ 53449
+ http://www.openwall.com/lists/oss-security/2013/05/16/8
+
CSRF
- Advanced XML Reader Plugin for WordPress XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
- http://seclists.org/bugtraq/2013/May/5
- http://osvdb.org/92904
+ Advanced XML Reader Plugin for WordPress XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
+
+
+ http://seclists.org/bugtraq/2013/May/5
+ 92904
+
XXE
@@ -4709,7 +5914,9 @@
WordPress Related Posts by Zemanta Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/53321/
+
+ 53321
+
CSRF
1.3.2
@@ -4718,7 +5925,9 @@
WordPress WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/53279/
+
+ 53279
+
CSRF
2.6.2
@@ -4727,7 +5936,9 @@
WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/53122/
+
+ 53122
+
CSRF
2.7.2
@@ -4736,7 +5947,9 @@
WordPress WP Print Friendly Plugin Security Bypass Vulnerability
- http://secunia.com/advisories/53371/
+
+ 53371
+
UNKNOWN
0.5.3
@@ -4745,7 +5958,9 @@
WordPress Contextual Related Posts Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/52960/
+
+ 52960
+
CSRF
1.8.7
@@ -4754,7 +5969,9 @@
WordPress Calendar Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/52841/
+
+ 52841
+
CSRF
1.3.3
@@ -4763,7 +5980,9 @@
WordPress Feedweb Plugin 'wp_post_id' Parameter XSS
- http://www.securityfocus.com/bid/58771
+
+ http://www.securityfocus.com/bid/58771
+
XSS
1.9
@@ -4772,7 +5991,9 @@
WordPress WP-Print Plugin CSRF
- http://www.securityfocus.com/bid/58900
+
+ http://www.securityfocus.com/bid/58900
+
CSRF
2.52
@@ -4781,7 +6002,9 @@
WordPress WP-Print Plugin CSRF
- http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt
+
+ http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt
+
XSS
@@ -4789,7 +6012,9 @@
WordPress WP-DownloadManager Plugin CSRF
- http://www.securityfocus.com/bid/58937
+
+ http://www.securityfocus.com/bid/58937
+
CSRF
1.61
@@ -4798,9 +6023,11 @@
Digg Digg CSRF
- http://wordpress.org/plugins/digg-digg/changelog/
- http://secunia.com/advisories/53120/
- http://osvdb.org/93544
+
+ http://wordpress.org/plugins/digg-digg/changelog/
+ 53120
+ 93544
+
CSRF
5.3.5
@@ -4809,9 +6036,11 @@
SS Quiz Plugin Multiple Unspecified Vulnerabilities
- http://wordpress.org/plugins/ssquiz/changelog/
- http://secunia.com/advisories/53378/
- http://osvdb.org/93531
+
+ http://wordpress.org/plugins/ssquiz/changelog/
+ 53378
+ 93531
+
UNKNOWN
2.0
@@ -4820,7 +6049,9 @@
FunCaptcha CSRF
- http://wordpress.org/extend/plugins/funcaptcha/changelog/
+
+ http://wordpress.org/extend/plugins/funcaptcha/changelog/
+
UNKNOWN
0.33
@@ -4829,7 +6060,9 @@
xili-language XSS
- http://wordpress.org/plugins/xili-language/changelog/
+
+ http://wordpress.org/plugins/xili-language/changelog/
+
XSS
2.8.6
@@ -4838,7 +6071,9 @@
Security issue which allowed any user to reset settings
- http://wordpress.org/plugins/wordpress-seo/changelog/
+
+ http://wordpress.org/plugins/wordpress-seo/changelog/
+
UNKNOWN
1.4.5
@@ -4847,10 +6082,12 @@
CSRF in WordPress underConstruction plugin
- http://wordpress.org/plugins/underconstruction/changelog/
- http://secunia.com/advisories/52881/
- http://osvdb.org/93857
- 2013-2699
+
+ http://wordpress.org/plugins/underconstruction/changelog/
+ 52881
+ 93857
+ 2013-2699
+
CSRF
1.09
@@ -4859,9 +6096,12 @@
ADIF Log Search Widget XSS Arbitrary Vulnerability
- http://packetstormsecurity.com/files/121777/ADIF-Log-Search-Widget-1.0e-Cross-Site-Scripting.html
- http://secunia.com/advisories/53599/
- http://osvdb.org/93721
+
+ http://packetstormsecurity.com/files/121777/ADIF-Log-Search-Widget-1.0e-Cross-Site-Scripting.html
+
+ 53599
+ 93721
+
XSS
@@ -4869,8 +6109,10 @@
FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress
- http://seclists.org/fulldisclosure/2013/May/216
- http://osvdb.org/93799
+
+ http://seclists.org/fulldisclosure/2013/May/216
+ 93799
+
MULTI
@@ -4878,7 +6120,9 @@
FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress
- http://wordpress.org/plugins/ga-universal/changelog/
+
+ http://wordpress.org/plugins/ga-universal/changelog/
+
XSS
1.0.1
@@ -4887,8 +6131,10 @@
Remote File Inclusion Vulnerability
- http://secunia.com/advisories/51348/
- http://osvdb.org/93715
+
+ 51348
+ 93715
+
RFI
2.3
@@ -4897,8 +6143,10 @@
WordPress qTranslate Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/53126/
- http://osvdb.org/93873
+
+ 53126
+ 93873
+
CSRF
@@ -4906,8 +6154,10 @@
Image slider with description Plugin Unspecified Vulnerability
- http://secunia.com/advisories/53588/
- http://osvdb.org/93691
+
+ 53588
+ 93691
+
UNKNOWN
7.0
@@ -4916,9 +6166,11 @@
User Role Editor Plugin Cross-Site Request Forgery Vulnerability
- http://secunia.com/advisories/53593/
- http://osvdb.org/93699
- http://www.exploit-db.com/exploits/25721
+
+ 53593
+ 93699
+ 25721
+
CSRF
3.14
@@ -4927,18 +6179,22 @@
EELV Newsletter Plugin Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53546/
- http://osvdb.org/93685
+
+ 53546
+ 93685
+
XSS
3.3.1
-
+
Frontier Post Plugin Publishing Posts Security Bypass
- http://secunia.com/advisories/53474/
- http://osvdb.org/93639
+
+ 53474
+ 93639
+
UNKNOWN
@@ -4946,14 +6202,16 @@
Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities
- http://secunia.com/advisories/53491/
- http://osvdb.org/93591
- http://osvdb.org/93593
- http://osvdb.org/93594
- http://osvdb.org/93595
- http://osvdb.org/93596
- http://osvdb.org/93597
- http://osvdb.org/93598
+
+ 53491
+ 93591
+ 93593
+ 93594
+ 93595
+ 93596
+ 93597
+ 93598
+
MULTI
@@ -4961,13 +6219,15 @@
Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities
- http://secunia.com/advisories/53481/
- http://osvdb.org/93584
- http://osvdb.org/93585
- http://osvdb.org/93586
- http://osvdb.org/93587
- http://osvdb.org/93588
- http://osvdb.org/93582
+
+ 53481
+ 93584
+ 93585
+ 93586
+ 93587
+ 93588
+ 93582
+
MULTI
@@ -4975,7 +6235,9 @@
FPD and Security bypass vulnerabilities in AntiVirus for WordPress
- http://seclists.org/fulldisclosure/2013/Jun/0
+
+ http://seclists.org/fulldisclosure/2013/Jun/0
+
MULTI
@@ -4983,7 +6245,9 @@
WP Maintenance Mode Setting Manipulation CSRF
- http://osvdb.org/94450
+
+ 94450
+
CSRF
@@ -4991,7 +6255,9 @@
ultimate Auction Auction Creation CSRF
- http://osvdb.org/94407
+
+ 94407
+
CSRF
@@ -4999,17 +6265,21 @@
Leaflet Maps Marker Tag Multiple Parameter SQL Injection
- http://osvdb.org/94388
+
+ 94388
+
SQLI
3.5.4
-
+
Xorbin Analog Flash Clock 1.0 Flash-based XSS
- http://advisory.prakharprasad.com/xorbin_afc_wp.txt
- 2013-4692
+
+ http://advisory.prakharprasad.com/xorbin_afc_wp.txt
+ 2013-4692
+
XSS
@@ -5017,8 +6287,10 @@
Xorbin Digital Flash Clock 1.0 Flash-based XSS
- http://advisory.prakharprasad.com/xorbin_dfc_wp.txt
- 2013-4693
+
+ http://advisory.prakharprasad.com/xorbin_dfc_wp.txt
+ 2013-4693
+
XSS
@@ -5026,15 +6298,20 @@
Dropdown Menu Widget Script Insertion CSRF
- http://osvdb.org/94771
+
+ 94771
+
CSRF
- BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS
- http://osvdb.org/94807
+ BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS
+
+
+ 94807
+
XSS
1.0.2
@@ -5043,7 +6320,9 @@
wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection
- http://osvdb.org/94702
+
+ 94702
+
SQLI
@@ -5051,7 +6330,9 @@
Stream Video Player Plugin for WordPress Setting Manipulation CSRF
- http://osvdb.org/94466
+
+ 94466
+
CSRF
@@ -5059,8 +6340,10 @@
Duplicator installer.cleanup.php package Parameter XSS
- http://osvdb.org/95627
- 2013-4625
+
+ 95627
+ 2013-4625
+
XSS
0.4.5
@@ -5069,17 +6352,21 @@
Citizen Space Script Insertion CSRF
- http://osvdb.org/95570
+
+ 95570
+
CSRF
1.1
-
+
Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion
- http://osvdb.org/95557
- www.exploit-db.com/exploits/26804
+
+ 95557
+ 26804
+
RFI
@@ -5087,7 +6374,9 @@
Pie Register wp-login.php Multiple Parameter XSS
- http://osvdb.org/95160
+
+ 95160
+
XSS
1.31
@@ -5096,8 +6385,10 @@
CSRF in admin/setting.php in Xhanch
- http://secunia.com/advisories/53133
- 2013-3253
+
+ 53133
+ 2013-3253
+
CSRF
2.7.7
@@ -5106,8 +6397,10 @@
CSRF in sexybookmarks
- http://wordpress.org/plugins/sexybookmarks/changelog/
- 2013-3256
+
+ http://wordpress.org/plugins/sexybookmarks/changelog/
+ 2013-3256
+
CSRF
6.1.5.0
diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 38bcee97..7923a981 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -6,60 +6,74 @@
VideoJS Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53427/
- http://seclists.org/fulldisclosure/2013/May/77
+
+ 53427
+ http://seclists.org/fulldisclosure/2013/May/77
+
XSS
-
+
VideoJS Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53457/
- http://seclists.org/fulldisclosure/2013/May/77
+
+ 53457
+ http://seclists.org/fulldisclosure/2013/May/77
+
XSS
-
+
VideoJS Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53548/
- http://seclists.org/fulldisclosure/2013/May/77
+
+ 53548
+ http://seclists.org/fulldisclosure/2013/May/77
+
XSS
-
+
VideoJS Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53460/
- http://seclists.org/fulldisclosure/2013/May/77
+
+ 53460
+ http://seclists.org/fulldisclosure/2013/May/77
+
XSS
-
+
VideoJS Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/53494/
- http://seclists.org/fulldisclosure/2013/May/77
+
+ 53494
+ http://seclists.org/fulldisclosure/2013/May/77
+
XSS
-
+
VideoJS Cross-Site Scripting Vulnerability
- http://seclists.org/fulldisclosure/2013/May/77
+
+ http://seclists.org/fulldisclosure/2013/May/77
+
XSS
-
+
onepagewebsite Full Path Disclosure vulnerability
- http://1337day.com/exploit/20027
+
+ http://1337day.com/exploit/20027
+
FPD
@@ -67,7 +81,9 @@
vithy Full Path Disclosure vulnerability
- http://1337day.com/exploit/20040
+
+ http://1337day.com/exploit/20040
+
FPD
@@ -75,7 +91,9 @@
appius Full Path Disclosure vulnerability
- http://1337day.com/exploit/20039
+
+ http://1337day.com/exploit/20039
+
FPD
@@ -83,7 +101,9 @@
yvora Full Path Disclosure vulnerability
- http://1337day.com/exploit/20038
+
+ http://1337day.com/exploit/20038
+
FPD
@@ -91,7 +111,9 @@
shotzz Full Path Disclosure vulnerability
- http://1337day.com/exploit/20041
+
+ http://1337day.com/exploit/20041
+
FPD
@@ -99,12 +121,16 @@
moneymasters Full Path Disclosure vulnerability
- http://1337day.com/exploit/20077
+
+ http://1337day.com/exploit/20077
+
FPD
moneymasters File Upload Vulnerability (metasploit)
- http://1337day.com/exploit/20076
+
+ http://1337day.com/exploit/20076
+
UPLOAD
@@ -112,7 +138,9 @@
XSS vulnerability in Imediapixel premium WordPress themes
- http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html
+
+ http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html
+
XSS
@@ -120,7 +148,9 @@
XSS vulnerability in Imediapixel premium WordPress themes
- http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html
+
+ http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html
+
XSS
@@ -128,7 +158,9 @@
XSS vulnerability in Imediapixel premium WordPress themes
- http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html
+
+ http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html
+
XSS
@@ -136,7 +168,9 @@
XSS vulnerability in Imediapixel premium WordPress themes
- http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html
+
+ http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html
+
XSS
@@ -144,7 +178,9 @@
XSS vulnerability in Parallelus premium WordPress themes
- http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html
+
+ http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html
+
XSS
@@ -152,7 +188,9 @@
XSS vulnerability in Parallelus premium WordPress themes
- http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html
+
+ http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html
+
XSS
@@ -160,7 +198,9 @@
XSS vulnerability in Parallelus premium WordPress themes
- http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html
+
+ http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html
+
XSS
@@ -168,7 +208,9 @@
XSS vulnerability in Parallelus premium WordPress themes
- http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html
+
+ http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html
+
XSS
@@ -176,7 +218,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -184,7 +228,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -192,7 +238,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -200,7 +248,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -208,7 +258,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -216,7 +268,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -224,7 +278,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -232,7 +288,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -240,7 +298,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -248,7 +308,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -256,7 +318,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -264,7 +328,9 @@
XSS vulnerability in multiple premium WordPress themes by Flow/Devatic
- http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
+ http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html
+
XSS
@@ -272,7 +338,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -280,7 +348,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -288,7 +358,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -296,7 +368,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -304,7 +378,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -312,7 +388,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -320,7 +398,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -328,7 +408,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -336,7 +418,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -344,7 +428,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -352,7 +438,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -360,7 +448,9 @@
Site5 Wordpress Themes Email Spoofing
- http://packetstormsecurity.org/files/114750/
+
+ http://packetstormsecurity.org/files/114750/
+
UNKNOWN
@@ -368,7 +458,9 @@
WordPress Famous Theme 2.0.5 Shell Upload
- http://packetstormsecurity.org/files/113842/
+
+ http://packetstormsecurity.org/files/113842/
+
UPLOAD
@@ -376,7 +468,9 @@
WordPress Deep-Blue Theme 1.9.2 Arbitrary File Upload Vulnerability
- http://packetstormsecurity.org/files/113843/
+
+ http://packetstormsecurity.org/files/113843/
+
UPLOAD
@@ -384,8 +478,10 @@
WordPress Classipress Theme <= 3.1.4 Stored XSS
- http://www.exploit-db.com/exploits/18053/
- http://cxsecurity.com/issue/WLB-2011110001
+
+ 18053
+ http://cxsecurity.com/issue/WLB-2011110001
+
XSS
@@ -393,7 +489,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -401,7 +499,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -409,7 +509,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -417,7 +519,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -425,7 +529,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -433,7 +539,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -441,7 +549,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -449,7 +559,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -457,7 +569,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -465,7 +579,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -473,7 +589,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -481,7 +599,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -489,7 +609,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -497,7 +619,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -505,7 +629,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -513,7 +639,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -521,7 +649,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -529,7 +659,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -537,7 +669,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -545,7 +679,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -553,7 +689,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -561,7 +699,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -569,7 +709,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -577,7 +719,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -585,7 +729,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -593,7 +739,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -601,7 +749,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -609,7 +759,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -617,7 +769,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -625,7 +779,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -633,7 +789,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -641,7 +799,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -649,7 +809,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -657,7 +819,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -665,7 +829,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -673,7 +839,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -681,7 +849,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -689,7 +859,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -697,7 +869,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -705,7 +879,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -713,7 +889,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -721,7 +899,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -729,7 +909,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -737,7 +919,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -745,7 +929,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -753,7 +939,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -761,7 +949,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -769,7 +959,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -777,7 +969,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -785,7 +979,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -793,7 +989,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -801,7 +999,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -809,7 +1009,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -817,7 +1019,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -825,7 +1029,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -833,7 +1039,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -841,7 +1049,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -849,7 +1059,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -857,7 +1069,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -865,7 +1079,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -873,7 +1089,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -881,7 +1099,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -889,7 +1109,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -897,7 +1119,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -905,7 +1129,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -913,7 +1139,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -921,7 +1149,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -929,7 +1159,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -937,7 +1169,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -945,7 +1179,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -953,7 +1189,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -961,7 +1199,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -969,7 +1209,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -977,7 +1219,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -985,7 +1229,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -993,7 +1239,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1001,7 +1249,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1009,7 +1259,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1017,7 +1269,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1025,7 +1279,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1033,7 +1289,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1041,7 +1299,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1049,7 +1309,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1057,7 +1319,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1065,7 +1329,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1073,7 +1339,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1081,7 +1349,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1089,7 +1359,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1097,7 +1369,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1105,7 +1379,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1113,7 +1389,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1121,7 +1399,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1129,7 +1409,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1137,7 +1419,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1145,7 +1429,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1153,7 +1439,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1161,7 +1449,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1169,7 +1459,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1177,7 +1469,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1185,13 +1479,17 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
Multiple vulnerabilities in Flash News theme for WordPress
- http://seclists.org/fulldisclosure/2013/Feb/8
- http://cxsecurity.com/issue/WLB-2013020010
+
+ http://seclists.org/fulldisclosure/2013/Feb/8
+ http://cxsecurity.com/issue/WLB-2013020010
+
MULTI
@@ -1199,7 +1497,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1207,7 +1507,9 @@
WooThemes WooFramework Remote Unauthenticated Shortcode Execution
- https://gist.github.com/2523147
+
+ https://gist.github.com/2523147
+
RCE
@@ -1215,12 +1517,16 @@
Wordpress dt-chocolate Theme Image Open redirect
- http://cxsecurity.com/issue/WLB-2013020011
+
+ http://cxsecurity.com/issue/WLB-2013020011
+
UNKNOWN
Multiple vulnerabilities in Chocolate WP theme for WordPress
- http://seclists.org/fulldisclosure/2013/Jan/215
+
+ http://seclists.org/fulldisclosure/2013/Jan/215
+
MULTI
@@ -1228,7 +1534,9 @@
Wordpress theme sandbox Arbitrary File Upload/FD Vulnerability
- http://1337day.com/exploit/20228
+
+ http://1337day.com/exploit/20228
+
MULTI
@@ -1236,7 +1544,9 @@
WordPress Clockstone Theme upload.php Arbitrary File Upload Vulnerability
- http://secunia.com/advisories/51619/
+
+ 51619
+
UPLOAD
@@ -1244,7 +1554,9 @@
WordPress Archin Theme Cross-Site Scripting and Arbitrary File Upload Vulnerabilities
- http://secunia.com/advisories/50711/
+
+ 50711
+
MULTI
@@ -1252,7 +1564,9 @@
WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities
- http://secunia.com/advisories/50627/
+
+ 50627
+
XSS
@@ -1260,9 +1574,11 @@
Wordpress theme pinboard 1.0.6 XSS
- http://secunia.com/advisories/52079/
- http://seclists.org/oss-sec/2013/q1/274
- http://cxsecurity.com/issue/WLB-2013020062
+
+ 52079
+ http://seclists.org/oss-sec/2013/q1/274
+ http://cxsecurity.com/issue/WLB-2013020062
+
XSS
@@ -1270,7 +1586,9 @@
montezuma <= 1.1.3 XSS in ZeroClipboard.swf
- http://1337day.com/exploit/20396
+
+ http://1337day.com/exploit/20396
+
XSS
@@ -1278,7 +1596,9 @@
scarlet <= 1.1.3 XSS in ZeroClipboard.swf
- http://1337day.com/exploit/20396
+
+ http://1337day.com/exploit/20396
+
XSS
@@ -1286,7 +1606,9 @@
allure-real-estate-theme-for-placester <= 0.1.1 XSS in ZeroClipboard.swf
- http://1337day.com/exploit/20396
+
+ http://1337day.com/exploit/20396
+
XSS
@@ -1294,7 +1616,9 @@
allure-real-estate-theme-for-real-estate <= 0.1.1 XSS in ZeroClipboard.swf
- http://1337day.com/exploit/20396
+
+ http://1337day.com/exploit/20396
+
XSS
@@ -1302,7 +1626,9 @@
felici XSS Vulnerability
- http://1337day.com/exploit/20560
+
+ http://1337day.com/exploit/20560
+
XSS
@@ -1310,8 +1636,10 @@
Classic v1.5 Theme PHP_SELF XSS
- http://osvdb.org/38450
- 2007-4483
+
+ http://osvdb.org/38450
+ 2007-4483
+
XSS
@@ -1319,15 +1647,19 @@
brilliant File Upload Vulnerability
- http://ruinedsec.wordpress.com/2013/04/03/wordpress-themes-exploits-are-in-action-wpscan/
+
+ http://ruinedsec.wordpress.com/2013/04/03/wordpress-themes-exploits-are-in-action-wpscan/
+
UPLOAD
-
+
Multiple vulnerabilities in Colormix theme
- http://seclists.org/fulldisclosure/2013/Apr/172
+
+ http://seclists.org/fulldisclosure/2013/Apr/172
+
MULTI
@@ -1335,15 +1667,19 @@
XSS in jobroller theme
- http://cxsecurity.com/issue/WLB-2013060089
+
+ http://cxsecurity.com/issue/WLB-2013060089
+
XSS
-
+
Xss In wordpress ambience theme
- http://packetstorm.igor.onlinedirect.bg/1306-exploits/wpambience-xss.txt
+
+ http://packetstorm.igor.onlinedirect.bg/1306-exploits/wpambience-xss.txt
+
XSS
@@ -1351,7 +1687,9 @@
FPD, XSS and CS vulnerabilities in Slash WP theme
- http://seclists.org/fulldisclosure/2013/Jun/166
+
+ http://seclists.org/fulldisclosure/2013/Jun/166
+
MULTI
@@ -1359,7 +1697,9 @@
Persuasion Theme: WP-Pretty Photo DOM XSS
- http://www.rafayhackingarticles.net/2013/05/kali-linux-dom-based-xss-writeup.html
+
+ http://www.rafayhackingarticles.net/2013/05/kali-linux-dom-based-xss-writeup.html
+
XSS
diff --git a/data/vuln.xsd b/data/vuln.xsd
index 8b2404a9..69814126 100644
--- a/data/vuln.xsd
+++ b/data/vuln.xsd
@@ -8,12 +8,22 @@
+
+
+
+
+
+
+
+
+
+
@@ -34,37 +44,50 @@
-
-
+
+
-
-
+
+
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
-
+
diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index 03c91ef7..b05c0139 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -6,8 +6,10 @@
SWFUpload Content Spoofing
- http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html
- https://github.com/wpscanteam/wpscan/issues/243
+
+ http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html
+ https://github.com/wpscanteam/wpscan/issues/243
+
UNKNOWN
@@ -15,50 +17,66 @@
Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
- http://osvdb.org/95060
- http://seclists.org/fulldisclosure/2013/Jul/70
+
+ 95060
+ http://seclists.org/fulldisclosure/2013/Jul/70
+
FPD
3.5.2
WordPress 3.4-3.5.1 DoS in class-phpass.php
- http://seclists.org/fulldisclosure/2013/Jun/65
- http://secunia.com/advisories/53676/
- http://osvdb.org/94235
- 2013-2173
+
+ http://seclists.org/fulldisclosure/2013/Jun/65
+ 53676
+ 94235
+ 2013-2173
+
UNKNOWN
WordPress Multiple XSS
- http://osvdb.org/94791
- http://osvdb.org/94785
- http://osvdb.org/94786
- http://osvdb.org/94790
+
+ 94791
+ 94785
+ 94786
+ 94790
+
XSS
WordPress TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness
- http://osvdb.org/94787
+
+ 94787
+
UNKNOWN
WordPress File Upload Unspecified Path Disclosure
- http://osvdb.org/94788
+
+ 94788
+
UNKNOWN
WordPress oEmbed Unspecified XML External Entity (XXE) Arbitrary File Disclosure
- http://osvdb.org/94789
+
+ 94789
+
XXE
WordPress Multiple Role Remote Privilege Escalation
- http://osvdb.org/94783
+
+ 94783
+
UNKNOWN
WordPress HTTP API Unspecified Server Side Request Forgery (SSRF)
- http://osvdb.org/94784
+
+ 94784
+
SSRF
@@ -66,32 +84,42 @@
Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
- http://osvdb.org/95060
- http://seclists.org/fulldisclosure/2013/Jul/70
+
+ 95060
+ http://seclists.org/fulldisclosure/2013/Jul/70
+
FPD
3.5.2
WordPress 3.4-3.5.1 DoS in class-phpass.php
- http://seclists.org/fulldisclosure/2013/Jun/65
- http://secunia.com/advisories/53676/
- http://osvdb.org/94235
- 2013-2173
+
+ http://seclists.org/fulldisclosure/2013/Jun/65
+ 53676
+ 94235
+ 2013-2173
+
UNKNOWN
WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)
- https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
+ https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -99,37 +127,49 @@
Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
- http://osvdb.org/95060
- http://seclists.org/fulldisclosure/2013/Jul/70
+
+ 95060
+ http://seclists.org/fulldisclosure/2013/Jul/70
+
FPD
3.5.2
WordPress 3.4-3.5.1 DoS in class-phpass.php
- http://seclists.org/fulldisclosure/2013/Jun/65
- http://secunia.com/advisories/53676/
- http://osvdb.org/94235
- 2013-2173
+
+ http://seclists.org/fulldisclosure/2013/Jun/65
+ 53676
+ 94235
+ 2013-2173
+
UNKNOWN
WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)
- https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
+ https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
XSS
WordPress 3.4.2 Cross Site Request Forgery
- http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html
+
+ http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html
+
CSRF
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -137,32 +177,42 @@
Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
- http://osvdb.org/95060
- http://seclists.org/fulldisclosure/2013/Jul/70
+
+ 95060
+ http://seclists.org/fulldisclosure/2013/Jul/70
+
FPD
3.5.2
WordPress 3.4-3.5.1 DoS in class-phpass.php
- http://seclists.org/fulldisclosure/2013/Jun/65
- http://secunia.com/advisories/53676/
- http://osvdb.org/94235
- 2013-2173
+
+ http://seclists.org/fulldisclosure/2013/Jun/65
+ 53676
+ 94235
+ 2013-2173
+
UNKNOWN
WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)
- https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
+ https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -170,32 +220,42 @@
Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
- http://osvdb.org/95060
- http://seclists.org/fulldisclosure/2013/Jul/70
+
+ 95060
+ http://seclists.org/fulldisclosure/2013/Jul/70
+
FPD
3.5.2
WordPress 3.4-3.5.1 DoS in class-phpass.php
- http://seclists.org/fulldisclosure/2013/Jun/65
- http://secunia.com/advisories/53676/
- http://osvdb.org/94235
- 2013-2173
+
+ http://seclists.org/fulldisclosure/2013/Jun/65
+ 53676
+ 94235
+ 2013-2173
+
UNKNOWN
WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)
- https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
+ https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -203,22 +263,30 @@
WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)
- https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
+ https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
XSS
Wordpress 3.3.1 Multiple CSRF Vulnerabilities
- http://www.exploit-db.com/exploits/18791/
+
+ 18791
+
CSRF
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -226,17 +294,23 @@
WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)
- https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
+ https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -244,27 +318,37 @@
WordPress 3.5 to 3.3.2 Cross-Site Scripting (XSS) (Issue 3)
- https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
+ https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
+
XSS
Wordpress 3.3.1 Multiple CSRF Vulnerabilities
- http://www.exploit-db.com/exploits/18791/
+
+ 18791
+
CSRF
WordPress 3.3.2 Cross Site Scripting
- http://packetstormsecurity.org/files/113254
+
+ http://packetstormsecurity.org/files/113254
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -272,27 +356,37 @@
Multiple vulnerabilities including XSS and Privilege Escalation
- http://wordpress.org/news/2012/04/wordpress-3-3-2/
+
+ http://wordpress.org/news/2012/04/wordpress-3-3-2/
+
MULTI
Wordpress 3.3.1 Multiple CSRF Vulnerabilities
- http://www.exploit-db.com/exploits/18791/
+
+ 18791
+
CSRF
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -300,22 +394,30 @@
Reflected Cross-Site Scripting in WordPress 3.3
- http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html
+
+ http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html
+
XSS
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -323,17 +425,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -341,17 +449,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -359,17 +473,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -377,22 +497,30 @@
Multiple SQL Injection Vulnerabilities
- http://www.exploit-db.com/exploits/17465/
+
+ 17465
+
SQLI
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -400,22 +528,30 @@
Wordpress <= 3.1.2 Clickjacking Vulnerability
- http://seclists.org/fulldisclosure/2011/Sep/219
+
+ http://seclists.org/fulldisclosure/2011/Sep/219
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -423,22 +559,30 @@
WordPress wp-includes/formatting.php make_clickable() PCRE Library Remote DoS
- http://osvdb.org/72142
+
+ 72142
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -446,17 +590,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -464,17 +614,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -482,17 +638,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -500,17 +662,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -518,27 +686,37 @@
SQL injection vulnerability in do_trackbacks() Wordpress function
- http://www.exploit-db.com/exploits/15684/
+
+ 15684
+
SQLI
Wordpress 3.0.3 stored XSS IE7,6 NS8.1
- http://www.exploit-db.com/exploits/15858/
+
+ 15858
+
XSS
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -546,22 +724,30 @@
WordPress XML-RPC Interface Access Restriction Bypass
- http://osvdb.org/69761
+
+ 69761
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -569,22 +755,30 @@
WordPress: Information Disclosure via SQL Injection Attack
- http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/
+
+ http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/
+
SQLI
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -592,17 +786,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -610,17 +810,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -628,17 +834,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -646,27 +858,37 @@
WordPress 2.9 Failure to Restrict URL Access
- http://www.exploit-db.com/exploits/11441/
+
+ 11441
+
UNKNOWN
Wordpress DOS <= 2.9
- http://www.exploit-db.com/exploits/11441/
+
+ 11441
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -674,17 +896,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -692,22 +920,30 @@
WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
- http://www.exploit-db.com/exploits/10089/
+
+ 10089
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -715,17 +951,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -733,22 +975,30 @@
Wordpress <= 2.8.3 Remote Admin Reset Password Vulnerability
- http://www.exploit-db.com/exploits/9410/
+
+ 9410
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -756,17 +1006,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -774,22 +1030,30 @@
Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit
- http://www.exploit-db.com/exploits/9250/
+
+ 9250
+
XSS
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -797,17 +1061,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -815,22 +1085,30 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -838,22 +1116,30 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -861,22 +1147,30 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -884,17 +1178,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -902,17 +1202,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -920,22 +1226,30 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -943,27 +1257,37 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
- http://www.exploit-db.com/exploits/6421/
+
+ 6421
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -971,17 +1295,23 @@
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -989,22 +1319,30 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1012,23 +1350,31 @@
Wordpress 2.5 Cookie Integrity Protection Vulnerability
- http://www.securityfocus.com/archive/1/archive/1/491356/100/0/threaded
- 2008-1930
+
+ http://www.securityfocus.com/archive/1/archive/1/491356/100/0/threaded
+ 2008-1930
+
UNKNOWN
XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ http://seclists.org/fulldisclosure/2012/Nov/51
+
XSS
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1036,17 +1382,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1054,17 +1406,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1072,22 +1430,30 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
Wordpress <= 2.3.1 Charset Remote SQL Injection Vulnerability
- http://www.exploit-db.com/exploits/4721/
+
+ 4721
+
SQLI
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1095,12 +1461,16 @@
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1108,17 +1478,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1126,17 +1502,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1144,17 +1526,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1162,27 +1550,37 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit
- http://www.exploit-db.com/exploits/4113/
+
+ 4113
+
UNKNOWN
Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit
- http://www.exploit-db.com/exploits/4039/
+
+ 4039
+
SQLI
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1190,22 +1588,30 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit
- http://www.exploit-db.com/exploits/3960/
+
+ 3960
+
SQLI
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1213,28 +1619,38 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
-
+
WordPress "year" Cross-Site Scripting Vulnerability
- http://secunia.com/advisories/24485/
- http://www.securityfocus.com/archive/1/archive/1/462374/100/0/threaded
+
+ 24485
+ http://www.securityfocus.com/archive/1/archive/1/462374/100/0/threaded
+
XSS
Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit
- http://www.exploit-db.com/exploits/3656/
+
+ 3656
+
SQLI
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1242,17 +1658,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1260,12 +1682,16 @@
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1273,17 +1699,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1291,17 +1723,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1309,12 +1747,16 @@
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1322,12 +1764,16 @@
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1335,17 +1781,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1353,22 +1805,30 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit
- http://www.exploit-db.com/exploits/3109/
+
+ 3109
+
SQLI
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1376,22 +1836,30 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit
- http://www.exploit-db.com/exploits/3095/
+
+ 3095
+
SQLI
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1399,17 +1867,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1417,17 +1891,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1435,22 +1915,30 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit
- http://www.exploit-db.com/exploits/6/
+
+ 6
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1458,17 +1946,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1476,17 +1970,23 @@
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
- http://www.securityfocus.com/bid/35584/
+
+ http://www.securityfocus.com/bid/35584/
+
UNKNOWN
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1494,12 +1994,16 @@
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1507,17 +2011,23 @@
Wordpress <= 1.5.1.3 Remote Code Execution eXploit (metasploit)
- http://www.exploit-db.com/exploits/1145/
+
+ 1145
+
SQLI
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1525,17 +2035,23 @@
Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit
- http://www.exploit-db.com/exploits/1077/
+
+ 1077
+
SQLI
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1543,22 +2059,30 @@
WordPress <= 1.5.1.1 "add new admin" SQL Injection Exploit
- http://www.exploit-db.com/exploits/1059/
+
+ 1059
+
SQLI
WordPress <= 1.5.1.1 SQL Injection Exploit
- http://www.exploit-db.com/exploits/1033/
+
+ 1033
+
SQLI
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
@@ -1566,12 +2090,16 @@
XMLRPC Pingback API Internal/External Port Scanning
- https://github.com/FireFart/WordpressPingbackPortScanner
+
+ https://github.com/FireFart/WordpressPingbackPortScanner
+
UNKNOWN
WordPress XMLRPC pingback additional issues
- http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
+ http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
+
UNKNOWN
diff --git a/lib/common/models/vulnerability.rb b/lib/common/models/vulnerability.rb
index 7ca7cf1e..35149ec8 100755
--- a/lib/common/models/vulnerability.rb
+++ b/lib/common/models/vulnerability.rb
@@ -5,24 +5,20 @@ require 'vulnerability/output'
class Vulnerability
include Vulnerability::Output
- attr_accessor :title, :references, :type, :fixed_in, :metasploit_modules, :cve
+ attr_accessor :title, :references, :type, :fixed_in
#
# @param [ String ] title The title of the vulnerability
# @param [ String ] type The type of the vulnerability
- # @param [ Array ] references References urls
- # @param [ Array ] metasploit_modules Metasploit modules for the vulnerability
+ # @param [ Hash ] references References
# @param [ String ] fixed_in Vuln fixed in Version X
- # @param [ Array ] cve CVE numbers for the vulnerability
#
# @return [ Vulnerability ]
- def initialize(title, type, references, metasploit_modules = [], fixed_in = '', cve = [])
+ def initialize(title, type, references = {}, fixed_in = '')
@title = title
@type = type
@references = references
- @metasploit_modules = metasploit_modules
@fixed_in = fixed_in
- @cve = cve
end
# @param [ Vulnerability ] other
@@ -33,9 +29,7 @@ class Vulnerability
title == other.title &&
type == other.type &&
references == other.references &&
- fixed_in == other.fixed_in &&
- cve == other.cve &&
- metasploit_modules == other.metasploit_modules
+ fixed_in == other.fixed_in
end
# :nocov:
@@ -45,13 +39,21 @@ class Vulnerability
#
# @return [ Vulnerability ]
def self.load_from_xml_node(xml_node)
+ references = {}
+ refs = xml_node.search('references')
+ if refs
+ references[:url] = refs.search('url').map(&:text)
+ references[:cve] = refs.search('cve').map(&:text)
+ references[:secunia] = refs.search('secunia').map(&:text)
+ references[:osvdb] = refs.search('osvdb').map(&:text)
+ references[:metasploit] = refs.search('metasploit').map(&:text)
+ references[:exploitdb] = refs.search('exploitdb').map(&:text)
+ end
new(
xml_node.search('title').text,
xml_node.search('type').text,
- xml_node.search('reference').map(&:text),
- xml_node.search('metasploit').map(&:text),
+ references,
xml_node.search('fixed_in').text,
- xml_node.search('cve').map(&:text)
)
end
diff --git a/lib/common/models/vulnerability/output.rb b/lib/common/models/vulnerability/output.rb
index 00ac2000..aa5e5960 100644
--- a/lib/common/models/vulnerability/output.rb
+++ b/lib/common/models/vulnerability/output.rb
@@ -7,16 +7,28 @@ class Vulnerability
def output
puts ' |'
puts ' | ' + red("* Title: #{title}")
- references.each do |r|
- puts ' | ' + red("* Reference: #{r}")
- end
- cve.each do |c|
- puts ' | ' + red("* CVE-#{c} - #{Output.cve_url(c)}")
- end
- metasploit_modules.each do |m|
- puts ' | ' + red("* Metasploit module: #{Output.metasploit_module_url(m)}")
- end
- end
+ references.each do |key, urls|
+ urls.each do |u|
+ case(key)
+ when :url
+ url = u
+ when :metasploit
+ url = Output.metasploit_module_url(u)
+ when :secunia
+ url = Output.secunia_url(u)
+ when :osvdb
+ url = Output.osvdb_url(u)
+ when :cve
+ url = Output.cve_url(u)
+ when :exploitdb
+ url = Output.exploitdb_url(u)
+ else
+ url = u
+ end
+ puts ' | ' + red("* Reference: #{url}") if url
+ end
+ end
+ end
# @return [ String ] The url to the metasploit module page
def self.metasploit_module_url(module_path)
@@ -27,7 +39,19 @@ class Vulnerability
def self.cve_url(cve)
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-#{cve}"
- end
+ end
+
+ def self.osvdb_url(id)
+ "http://osvdb.org/#{id}"
+ end
+
+ def self.secunia_url(id)
+ "http://secunia.com/advisories/#{id}"
+ end
+
+ def self.exploitdb_url(id)
+ "http://www.exploit-db.com/exploits/#{id}/"
+ end
end
end
diff --git a/spec/lib/common/models/vulnerability_spec.rb b/spec/lib/common/models/vulnerability_spec.rb
index 391a9028..3002c692 100644
--- a/spec/lib/common/models/vulnerability_spec.rb
+++ b/spec/lib/common/models/vulnerability_spec.rb
@@ -5,10 +5,10 @@ require 'spec_helper'
describe Vulnerability do
describe '#new' do
- subject(:vulnerability) { Vulnerability.new(title, type, references, modules, fixed_version) }
+ subject(:vulnerability) { Vulnerability.new(title, type, references, fixed_version) }
let(:title) { 'A vulnerability title' }
let(:type) { 'XSS' }
- let(:references) { %w{http://ref1.com http://ref2.com} }
+ let(:references) { {:url => 'example.com', :metasploit => 'm', :exploitdb => 'e'} }
context 'w/o metasploit and fixed version modules argument' do
subject(:vulnerability) { Vulnerability.new(title, type, references) }
@@ -16,36 +16,15 @@ describe Vulnerability do
its(:title) { should be title }
its(:references) { should be references }
its(:type) { should be type }
- its(:metasploit_modules) { should be_empty }
its(:fixed_in) { should be_empty }
- its(:cve) { should be_empty }
end
- context 'with metasploit modules argument' do
- subject(:vulnerability) { Vulnerability.new(title, type, references, modules) }
- let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
-
- its(:metasploit_modules) { should be modules }
- its(:fixed_in) { should be_empty }
- its(:cve) { should be_empty }
- end
-
- context 'with metasploit modules and fixed version argument' do
- let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
+ context 'with fixed version argument' do
let(:fixed_version) { '1.0' }
-
- its(:metasploit_modules) { should be modules }
- its(:fixed_in) { should == '1.0' }
- its(:cve) { should be_empty }
- end
-
- context 'with cve argument' do
- subject(:vulnerability) { Vulnerability.new(title, type, references, [], '', cve) }
- let(:cve) { %w{2011-001 2011-002} }
-
- its(:metasploit_modules) { should be_empty }
- its(:fixed_in) { should be_empty }
- its(:cve) { should be cve }
+ its(:title) { should be title }
+ its(:references) { should be references }
+ its(:type) { should be type }
+ its(:fixed_in) { should be fixed_version }
end
end
@@ -56,11 +35,18 @@ describe Vulnerability do
xml(MODELS_FIXTURES + '/vulnerability/xml_node.xml').xpath('//vulnerability')
}
+ expected_refs = {
+ :url=>['Ref 1', 'Ref 2'],
+ :cve=>['2011-001'],
+ :secunia=>['secunia'],
+ :osvdb=>['osvdb'],
+ :metasploit=>['exploit/ex1'],
+ :exploitdb=>['exploitdb']
+ }
+
its(:title) { should == 'Vuln Title' }
its(:type) { should == 'CSRF' }
- its(:references) { should == ['Ref 1', 'Ref 2'] }
- its(:metasploit_modules) { should == %w{exploit/ex1} }
- its(:cve) { should == %w{2011-001} }
+ its(:references) { should == expected_refs}
its(:fixed_in) { should == '1.0'}
end
diff --git a/spec/lib/common/models/wp_item_spec.rb b/spec/lib/common/models/wp_item_spec.rb
index 84df9c32..bf0a9875 100644
--- a/spec/lib/common/models/wp_item_spec.rb
+++ b/spec/lib/common/models/wp_item_spec.rb
@@ -13,7 +13,15 @@ describe WpItem do
it_behaves_like 'WpItem::Vulnerable' do
let(:vulns_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.xml' }
let(:vulns_xpath) { "//item[@name='neo']/vulnerability" }
- let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', ['http://ref1.com']) }
+ let(:expected_refs) { {
+ :url => ['Ref 1', 'Ref 2'],
+ :cve => ['2011-001'],
+ :secunia => ['secunia'],
+ :osvdb => ['osvdb'],
+ :metasploit => ['exploit/ex1'],
+ :exploitdb => ['exploitdb']
+ } }
+ let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', expected_refs) }
end
subject(:wp_item) { WpItem.new(uri, options) }
diff --git a/spec/lib/common/models/wp_plugin_spec.rb b/spec/lib/common/models/wp_plugin_spec.rb
index f67165d9..8a89879e 100644
--- a/spec/lib/common/models/wp_plugin_spec.rb
+++ b/spec/lib/common/models/wp_plugin_spec.rb
@@ -7,7 +7,15 @@ describe WpPlugin do
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'white-rabbit' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.xml' }
- let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', ['http://ref2.com']) }
+ let(:expected_refs) { {
+ :url => ['Ref 1', 'Ref 2'],
+ :cve => ['2011-001'],
+ :secunia => ['secunia'],
+ :osvdb => ['osvdb'],
+ :metasploit => ['exploit/ex1'],
+ :exploitdb => ['exploitdb']
+ } }
+ let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', expected_refs) }
end
subject(:wp_plugin) { WpPlugin.new(uri, options) }
diff --git a/spec/lib/common/models/wp_theme_spec.rb b/spec/lib/common/models/wp_theme_spec.rb
index 54b3c03c..19cd1536 100644
--- a/spec/lib/common/models/wp_theme_spec.rb
+++ b/spec/lib/common/models/wp_theme_spec.rb
@@ -8,7 +8,15 @@ describe WpTheme do
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'the-oracle' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.xml' }
- let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('I see you', 'FPD', ['http://ref.com']) }
+ let(:expected_refs) { {
+ :url => ['Ref 1', 'Ref 2'],
+ :cve => ['2011-001'],
+ :secunia => ['secunia'],
+ :osvdb => ['osvdb'],
+ :metasploit => ['exploit/ex1'],
+ :exploitdb => ['exploitdb']
+ } }
+ let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('I see you', 'FPD', expected_refs) }
end
subject(:wp_theme) { WpTheme.new(uri, options) }
diff --git a/spec/lib/common/models/wp_version_spec.rb b/spec/lib/common/models/wp_version_spec.rb
index d3e1518b..6e43a24f 100644
--- a/spec/lib/common/models/wp_version_spec.rb
+++ b/spec/lib/common/models/wp_version_spec.rb
@@ -7,7 +7,15 @@ describe WpVersion do
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { number: '3.2' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.xml' }
- let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', ['http://ref1.com']) }
+ let(:expected_refs) { {
+ :url => ['Ref 1', 'Ref 2'],
+ :cve => ['2011-001'],
+ :secunia => ['secunia'],
+ :osvdb => ['osvdb'],
+ :metasploit => ['exploit/ex1'],
+ :exploitdb => ['exploitdb']
+ } }
+ let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', expected_refs) }
end
subject(:wp_version) { WpVersion.new(uri, options) }
diff --git a/spec/samples/common/models/vulnerability/xml_node.xml b/spec/samples/common/models/vulnerability/xml_node.xml
index 24a1fb2e..e409046b 100644
--- a/spec/samples/common/models/vulnerability/xml_node.xml
+++ b/spec/samples/common/models/vulnerability/xml_node.xml
@@ -1,9 +1,14 @@
Vuln Title
- Ref 1
- Ref 2
- 2011-001
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
CSRF
- exploit/ex1
1.0
diff --git a/spec/samples/common/models/wp_item/vulnerable/items_vulns.xml b/spec/samples/common/models/wp_item/vulnerable/items_vulns.xml
index 514a4a3a..33c853b5 100644
--- a/spec/samples/common/models/wp_item/vulnerable/items_vulns.xml
+++ b/spec/samples/common/models/wp_item/vulnerable/items_vulns.xml
@@ -5,7 +5,15 @@
-
I should not appear in the results
- http://ref1.com
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
RFI
@@ -13,7 +21,15 @@
-
I'm the one
- http://ref1.com
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
XSS
diff --git a/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.xml b/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.xml
index 45ffea40..f710c3a6 100644
--- a/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.xml
+++ b/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.xml
@@ -4,12 +4,28 @@
I should not appear in the results
- http://ref1.com
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
RCE
Neither do I
- http://ref3.com
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
FPD
@@ -17,7 +33,15 @@
Follow me!
- http://ref2.com
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
REDIRECT
diff --git a/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.xml b/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.xml
index 5d4121b2..da0e09f4 100644
--- a/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.xml
+++ b/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.xml
@@ -4,12 +4,28 @@
I should not appear in the results
- http://some-ref.com
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
SQLI
Neither do I
- http://some-other-ref.com
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
XSS
@@ -17,7 +33,15 @@
I see you
- http://ref.com
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
FPD
diff --git a/spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml b/spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml
index 78b37b65..2f4c4237 100644
--- a/spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml
+++ b/spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml
@@ -4,7 +4,15 @@
I should not appear in the results
- http://ref2.com
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
XSS
@@ -12,7 +20,15 @@
Here I Am
- http://ref1.com
+
+ exploit/ex1
+ Ref 1
+ Ref 2
+ 2011-001
+ secunia
+ osvdb
+ exploitdb
+
SQLI
diff --git a/spec/shared_examples/wp_item_vulnerable.rb b/spec/shared_examples/wp_item_vulnerable.rb
index b08708b4..00c37fd5 100644
--- a/spec/shared_examples/wp_item_vulnerable.rb
+++ b/spec/shared_examples/wp_item_vulnerable.rb
@@ -60,10 +60,10 @@ shared_examples 'WpItem::Vulnerable' do
let(:version_orig) { '1.5.6' }
let(:version_newer) { '1.6' }
let(:version_older) { '1.0' }
- let(:newer) { Vulnerability.new('Newer', 'XSS', ['ref'], nil, version_newer) }
- let(:older) { Vulnerability.new('Older', 'XSS', ['ref'], nil, version_older) }
- let(:same) { Vulnerability.new('Same', 'XSS', ['ref'], nil, version_orig) }
- let(:no_fixed_info) { Vulnerability.new('Same', 'XSS', ['ref'], nil, nil) }
+ let(:newer) { Vulnerability.new('Newer', 'XSS', { :url => ['http://ref.com'] }, version_newer) }
+ let(:older) { Vulnerability.new('Older', 'XSS', { :url => ['http://ref.com'] }, version_older) }
+ let(:same) { Vulnerability.new('Same', 'XSS', { :url => ['http://ref.com'] }, version_orig) }
+ let(:no_fixed_info) { Vulnerability.new('Same', 'XSS', { :url => ['http://ref.com'] }, nil) }
before do
stub_request(:get, /.*\/readme\.txt/i).to_return(status: 200, body: "Stable Tag: #{version_orig}")