From 6fedeffe03ec8e1a95916e291d9c41e75198401b Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Fri, 25 Oct 2013 16:59:35 +0200
Subject: [PATCH 1/7] Added some 'old' OSVDB vulns

---
 data/plugin_vulns.xml | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 106e4793..1cefdadf 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -1162,6 +1162,8 @@
     <vulnerability>
       <title>SimpleMail 1.0.6 - Stored XSS</title>
       <references>
+        <osvdb>84534</osvdb>
+        <cve>2012-2579</cve>
         <exploitdb>20361</exploitdb>
         <secunia>50208</secunia>
       </references>
@@ -1173,10 +1175,13 @@
     <vulnerability>
       <title>Postie 1.4.3 - Stored XSS</title>
       <references>
+        <osvdb>84532</osvdb>
+        <cve>2012-2580</cve>
         <exploitdb>20360</exploitdb>
         <secunia>50207</secunia>
       </references>
       <type>XSS</type>
+      <fixed_in>1.5.15</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -5119,8 +5124,18 @@
 
   <plugin name="vitamin">
     <vulnerability>
-      <title>Vitamin - Two Arbitrary File Disclosure Vulnerabilities</title>
+      <title>Vitamin 1.0 - add_headers.php path Parameter Traversal Arbitrary File Access</title>
       <references>
+        <osvdb>84463</osvdb>
+        <secunia>50176</secunia>
+      </references>
+      <type>LFI</type>
+      <fixed_in>1.1</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access</title>
+      <references>
+        <osvdb>84464</osvdb>
         <secunia>50176</secunia>
       </references>
       <type>LFI</type>
@@ -5130,8 +5145,9 @@
 
   <plugin name="featured-post-with-thumbnail">
     <vulnerability>
-      <title>Featured Post with thumbnail - Unspecified timthumb Vulnerability</title>
+      <title>Featured Post with thumbnail 1.4 - Unspecified timthumb Vulnerability</title>
       <references>
+        <osvdb>84460<osvdb>
         <secunia>50161</secunia>
       </references>
       <type>UNKNOWN</type>
@@ -5141,8 +5157,10 @@
 
   <plugin name="wp-effective-lead-management">
     <vulnerability>
-      <title>WP Lead Management - Script Insertion Vulnerabilities</title>
+      <title>WP Lead Management 3.0.0 - Script Insertion Vulnerabilities</title>
       <references>
+        <osvdb>84462</osvdb>
+        <exploitdb>20270</exploitdb>
         <secunia>50166</secunia>
       </references>
       <type>XSS</type>
@@ -5165,7 +5183,9 @@
     <vulnerability>
       <title>G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities</title>
       <references>
+        <osvdb>84434</osvdb>
         <secunia>50100</secunia>
+        <url>http://packetstormsecurity.org/files/115173/</url>
       </references>
       <type>AUTHBYPASS</type>
     </vulnerability>
@@ -6139,8 +6159,9 @@
 
   <plugin name="syntaxhighlighter">
     <vulnerability>
-      <title>syntaxhighlighter - clipboard.swf XSS</title>
+      <title>SyntaxHighlighter Evolved 3.1.5 - clipboard.swf Unspecified XSS</title>
       <references>
+        <osvdb>92848</osvdb>
         <secunia>53235</secunia>
       </references>
       <type>XSS</type>
@@ -6161,7 +6182,7 @@
 
   <plugin name="easy-adsense-lite">
     <vulnerability>
-      <title>easy-adsense-lite 6.06 - CSRF</title>
+      <title>Easy AdSense Lite 6.06 - Setting Manipulation CSRF</title>
       <references>
         <osvdb>92910</osvdb>
         <cve>2013-2702</cve>

From 803a5a740900f617d41f7f086810f0a0f91ea2e0 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sat, 26 Oct 2013 20:57:48 +0200
Subject: [PATCH 2/7] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 44 +++++++++++++++++++++++++++++++++++++++----
 1 file changed, 40 insertions(+), 4 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 1cefdadf..aad4889d 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -7524,10 +7524,12 @@
   
   <plugin name="wp-realty">
     <vulnerability>
-      <title>wp-realty - MySQL Time Based Injection</title>
+      <title>WP Realty - MySQL Time Based Injection</title>
       <references>
+        <osvdb>98748</osvdb>
         <exploitdb>29021</exploitdb>
-        <url>http://www.exploit-db.com/exploits/29021/</url>
+        <url>http://packetstormsecurity.com/files/123655/</url>
+        <url>http://www.securityfocus.com/bid/63217</url>
       </references>
       <type>SQLI</type>
     </vulnerability>
@@ -7601,11 +7603,22 @@
 
   <plugin name="blue-wrench-videos-widget">
     <vulnerability>
-      <title>Blue Wrench Video-Widget CSRF and Persistent XSS 0day Disclosure</title>
+      <title>Blue Wrench Video Widget 1.0.2 - admin.php bw-videos Page Multiple Action CSRF</title>
       <references>
+        <osvdb>98922</osvdb>
+        <secunia>55456</secunia>
         <url>http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/</url>
       </references>
-      <type>MULTI</type>
+      <type>CSRF</type>
+    </vulnerability>
+    <vulnerability>
+      <title>Blue-Wrench-Video-Widget 1.0.2 - admin.php bw-videos Page Multiple Parameter Stored XSS</title>
+      <references>
+        <osvdb>98923</osvdb>
+        <secunia>55456</secunia>
+        <url>http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/</url>
+      </references>
+      <type>XSS</type>
     </vulnerability>
   </plugin>
 
@@ -7641,4 +7654,27 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="payment-gateways-caller-for-wp-e-commerce">
+    <vulnerability>
+      <title>Payment Gateways Caller for WP e-Commerce 0.1.0 - load_merchant Parameter Traversal Local file Inclusion</title>
+      <references>
+        <osvdb>98916</osvdb>
+        <url>http://packetstormsecurity.com/files/123744/</url>
+      </references>
+      <type>LFI</type>
+      <fixed_in>0.1.1</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="easy-photo-album">
+    <vulnerability>
+      <title>Easy Photo Album 1.1.5 - Album Information Disclosure</title>
+      <references>
+        <osvdb>98802</osvdb>
+      </references>
+      <type>AUTHBYPASS</type>
+      <fixed_in>1.1.6</fixed_in>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

From bc14c6d040069761415f85563ad9460eba18bb61 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sat, 26 Oct 2013 21:09:00 +0200
Subject: [PATCH 3/7] Fixed tag error

---
 data/plugin_vulns.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index aad4889d..8c7268ed 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -5147,7 +5147,7 @@
     <vulnerability>
       <title>Featured Post with thumbnail 1.4 - Unspecified timthumb Vulnerability</title>
       <references>
-        <osvdb>84460<osvdb>
+        <osvdb>84460</osvdb>
         <secunia>50161</secunia>
       </references>
       <type>UNKNOWN</type>

From 5f2edac86a61ed0471c45a0b65e117faea80f68f Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sat, 26 Oct 2013 22:00:43 +0200
Subject: [PATCH 4/7] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 8c7268ed..fe63acd5 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -4688,19 +4688,23 @@
 
   <plugin name="cardoza-wordpress-poll">
     <vulnerability>
-      <title>Cardoza WordPress poll - Cross-Site Request Forgery Vulnerability</title>
+      <title>Cardoza WordPress poll 34.05 - Multiple External Function Remote Poll Manipulation</title>
       <references>
         <osvdb>89443</osvdb>
         <cve>2013-1401</cve>
         <secunia>51925</secunia>
+        <url>http://seclists.org/bugtraq/2013/Jan/86</url>
+        <url>http://packetstormsecurity.com/files/119736/</url>
       </references>
       <type>CSRF</type>
       <fixed_in>34.06</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>Cardoza WordPress poll - Multiple SQL injection vulnerabilities</title>
+      <title>Cardoza WordPress poll - CWPPoll.js Multiple Method pollid Parameter SQL Injection</title>
       <references>
-        <secunia>51942</secunia>
+        <osvdb>89444</osvdb>
+        <cve>2013-1400</cve>
+        <url>http://packetstormsecurity.com/files/119736/</url>
         <url>http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html</url>
         <url>http://seclists.org/bugtraq/2013/Jan/86</url>
       </references>
@@ -7677,4 +7681,16 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="hungred-post-thumbnail">
+    <vulnerability>
+      <title>Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution</title>
+      <references>
+        <osvdb>82830</osvdb>
+        <url>http://packetstormsecurity.com/files/113402/</url>
+        <url>http://www.securityfocus.com/bid/53898</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

From 30e4fe2671d201de6e3197c346c7212bcf225905 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sat, 26 Oct 2013 22:28:46 +0200
Subject: [PATCH 5/7] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index fe63acd5..daac5c61 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -1337,6 +1337,20 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="videowhisper-live-streaming-integration/">
+    <vulnerability>
+      <title>VideoWhisper Live Streaming Integration - ls/htmlchat.php Multiple Parameter XSS</title>
+      <references>
+        <osvdb>96593</osvdb>
+        <cve>2013-5714</cve>
+        <secunia>54619</secunia>
+        <url>http://www.securityfocus.com/bid/61977</url>
+        <url>http://seclists.org/bugtraq/2013/Aug/163</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
   <plugin name="auctionplugin">
     <vulnerability>
       <title>Auctions 2.0.1.3 - Arbitrary
@@ -7109,7 +7123,9 @@
     <vulnerability>
       <title>Comment Attachment 1.0 - XSS Vulnerability</title>
       <references>
+        <osvdb>97600</osvdb>
         <url>http://packetstormsecurity.com/files/123327/</url>
+        <url>http://www.securityfocus.com/bid/62438</url>
       </references>
       <type>XSS</type>
     </vulnerability>
@@ -7119,6 +7135,7 @@
     <vulnerability>
       <title>Mukioplayer 1.6 - SQL Injection</title>
       <references>
+        <osvdb>97609</osvdb>
         <url>http://packetstormsecurity.com/files/123231/</url>
       </references>
       <type>SQLI</type>
@@ -7324,7 +7341,7 @@
 
   <plugin name="a-forms">
     <vulnerability>
-      <title>A Forms 1.4.0 Multiple Parameters SQL Injection</title>
+      <title>A Forms 1.4.0 - Multiple Parameters SQL Injection</title>
       <references>
         <osvdb>96404</osvdb>
       </references>

From 77ee2494f04b9234004c8461e55025781b21c21a Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sat, 26 Oct 2013 23:09:42 +0200
Subject: [PATCH 6/7] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index daac5c61..b967b334 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -1337,7 +1337,7 @@
     </vulnerability>
   </plugin>
 
-  <plugin name="videowhisper-live-streaming-integration/">
+  <plugin name="videowhisper-live-streaming-integration">
     <vulnerability>
       <title>VideoWhisper Live Streaming Integration - ls/htmlchat.php Multiple Parameter XSS</title>
       <references>
@@ -7710,4 +7710,19 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="download-monitor">
+    <vulnerability>
+      <title>Download Monitor 3.3.6.1 - wp-admin/admin.php Multiple Parameter XSS</title>
+      <references>
+        <osvdb>95613</osvdb>
+        <cve>2013-3262</cve>
+        <cve>2013-5098</cve>
+        <secunia>53116</secunia>
+        <url>http://www.securityfocus.com/bid/61407</url>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.3.6.2</fixed_in>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

From fa9f4c0ab78e213731dbc08803b9ab674755f2ba Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sun, 27 Oct 2013 00:09:33 +0200
Subject: [PATCH 7/7] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 21 ++++-----------------
 1 file changed, 4 insertions(+), 17 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index b967b334..b3a91b51 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -2010,12 +2010,14 @@
 
   <plugin name="download-monitor">
     <vulnerability>
-      <title>Download Monitor &lt; 3.3.6.2 - Cross Site Scripting</title>
+      <title>Download Monitor &lt;= 3.3.6.1 - Cross Site Scripting</title>
       <references>
         <url>http://www.securityfocus.com/bid/61407</url>
-        <secunia>53116</secunia>
+        <osvdb>95613</osvdb>
         <cve>2013-5098</cve>
         <cve>2013-3262</cve>
+        <secunia>53116</secunia>
+        <url>http://www.securityfocus.com/bid/61407</url>
       </references>
       <type>XSS</type>
       <fixed_in>3.3.6.2</fixed_in>
@@ -7710,19 +7712,4 @@
     </vulnerability>
   </plugin>
 
-  <plugin name="download-monitor">
-    <vulnerability>
-      <title>Download Monitor 3.3.6.1 - wp-admin/admin.php Multiple Parameter XSS</title>
-      <references>
-        <osvdb>95613</osvdb>
-        <cve>2013-3262</cve>
-        <cve>2013-5098</cve>
-        <secunia>53116</secunia>
-        <url>http://www.securityfocus.com/bid/61407</url>
-      </references>
-      <type>XSS</type>
-      <fixed_in>3.3.6.2</fixed_in>
-    </vulnerability>
-  </plugin>
-
 </vulnerabilities>