From 7288c82994da28a216351f0d6d9e59fad58bb258 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 23 Oct 2013 09:36:17 +0200
Subject: [PATCH 1/4] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 45 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 43 insertions(+), 2 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 8ee9ef4b..e1813d90 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -4462,7 +4462,7 @@
 
   <plugin name="portable-phpmyadmin">
     <vulnerability>
-      <title>portable-phpMyAdmin - Authentication Bypass</title>
+      <title>Portable-phpMyAdmin - Authentication Bypass</title>
       <references>
         <osvdb>88391</osvdb>
         <cve>2012-5469</cve>
@@ -4472,6 +4472,23 @@
       <type>AUTHBYPASS</type>
       <fixed_in>1.3.1</fixed_in>
     </vulnerability>
+    <vulnerability>
+      <title>Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure</title>
+      <references>
+        <osvdb>98766</osvdb>
+        <url>http://seclists.org/oss-sec/2013/q4/138</url>
+      </references>
+    </vulnerability>
+    <vulnerability>
+      <title>Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass</title>
+      <references>
+        <osvdb>98767</osvdb>
+        <cve>2013-4454</cve>
+        <secunia>55270</secunia>
+        <url>http://seclists.org/oss-sec/2013/q4/138</url>
+      </references>
+      <type>AUTHBYPASS</type>
+    </vulnerability>
   </plugin>
 
   <plugin name="super-refer-a-friend">
@@ -4793,8 +4810,9 @@
       <fixed_in>2.0.13</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>WooCommerce 2.0.17 - Cross Site Scripting</title>
+      <title>WooCommerce 2.0.17 - hide-wc-extensions-message Parameter Reflected XSS</title>
       <references>
+        <osvdb>98754</osvdb>
         <url>http://packetstormsecurity.com/files/123684/</url>
       </references>
       <type>XSS</type>
@@ -7456,4 +7474,27 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="wp-reality">
+    <vulnerability>
+      <title>WP Realty - wp-content/plugins/wp-realty/index_ext.php listing_id Parameter SQL Injection</title>
+      <references>
+        <osvdb>98748</osvdb>
+        <exploitdb>29021</exploitdb>
+      </references>
+      <type>SQLI</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="videowall">
+    <vulnerability>
+      <title>Videowall - index.php page_id Parameter Reflected XSS</title>
+      <references>
+        <osvdb>98765</osvdb>
+        <url>http://packetstormsecurity.com/files/123693/</url>
+        <url>http://seclists.org/bugtraq/2013/Oct/98</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

From 19f9bda237e33d631a4339d468e2a2e53a4f2669 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 23 Oct 2013 09:40:28 +0200
Subject: [PATCH 2/4] Fixed small typo

---
 data/plugin_vulns.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index e1813d90..e8a4baed 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7474,7 +7474,7 @@
     </vulnerability>
   </plugin>
 
-  <plugin name="wp-reality">
+  <plugin name="wp-realty">
     <vulnerability>
       <title>WP Realty - wp-content/plugins/wp-realty/index_ext.php listing_id Parameter SQL Injection</title>
       <references>

From a57340059d4c4f0a112739223a170f5943dcf1f7 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 23 Oct 2013 09:50:01 +0200
Subject: [PATCH 3/4] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index e8a4baed..f19f9279 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7474,17 +7474,6 @@
     </vulnerability>
   </plugin>
 
-  <plugin name="wp-realty">
-    <vulnerability>
-      <title>WP Realty - wp-content/plugins/wp-realty/index_ext.php listing_id Parameter SQL Injection</title>
-      <references>
-        <osvdb>98748</osvdb>
-        <exploitdb>29021</exploitdb>
-      </references>
-      <type>SQLI</type>
-    </vulnerability>
-  </plugin>
-
   <plugin name="videowall">
     <vulnerability>
       <title>Videowall - index.php page_id Parameter Reflected XSS</title>

From 10cb883904b907628042f0239b7b0fbba2ceccf6 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Wed, 23 Oct 2013 13:37:00 +0200
Subject: [PATCH 4/4] Update output.rb

---
 lib/common/models/wp_version/output.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/common/models/wp_version/output.rb b/lib/common/models/wp_version/output.rb
index 229eee06..e9965a32 100644
--- a/lib/common/models/wp_version/output.rb
+++ b/lib/common/models/wp_version/output.rb
@@ -10,7 +10,7 @@ class WpVersion < WpItem
 
       unless vulnerabilities.empty?
         puts
-        puts red('[!]') + " We have identified #{vulnerabilities.size} vulnerabilities from the version number :"
+        puts red('[!]') + " We have identified #{vulnerabilities.size} vulnerabilities from the version number:"
 
         vulnerabilities.output
       end