garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #342 from pvdl/master

Browse Source 
Update WordPress Vulnerabilities
This commit is contained in:
Ryan Dewhurst
2013-10-27 16:01:34 -07:00
parent dcc443ac9a fa9f4c0ab7
commit ac1228d97c
1 changed files with 107 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
data/plugin_vulns.xml
View File

@@ -1162,6 +1162,8 @@
<vulnerability>
<title>SimpleMail 1.0.6 - Stored XSS</title>
<references>
<osvdb>84534</osvdb>
<cve>2012-2579</cve>
<exploitdb>20361</exploitdb>
<secunia>50208</secunia>
</references>
@@ -1173,10 +1175,13 @@
<vulnerability>
<title>Postie 1.4.3 - Stored XSS</title>
<references>
<osvdb>84532</osvdb>
<cve>2012-2580</cve>
<exploitdb>20360</exploitdb>
<secunia>50207</secunia>
</references>
<type>XSS</type>
<fixed_in>1.5.15</fixed_in>
</vulnerability>
</plugin>
@@ -1332,6 +1337,20 @@
</vulnerability>
</plugin>
<plugin name="videowhisper-live-streaming-integration">
<vulnerability>
<title>VideoWhisper Live Streaming Integration - ls/htmlchat.php Multiple Parameter XSS</title>
<references>
<osvdb>96593</osvdb>
<cve>2013-5714</cve>
<secunia>54619</secunia>
<url>http://www.securityfocus.com/bid/61977</url>
<url>http://seclists.org/bugtraq/2013/Aug/163</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="auctionplugin">
<vulnerability>
<title>Auctions 2.0.1.3 - Arbitrary
@@ -1991,12 +2010,14 @@
<plugin name="download-monitor">
<vulnerability>
<title>Download Monitor &lt; 3.3.6.2 - Cross Site Scripting</title>
<title>Download Monitor &lt;= 3.3.6.1 - Cross Site Scripting</title>
<references>
<url>http://www.securityfocus.com/bid/61407</url>
<secunia>53116</secunia>
<osvdb>95613</osvdb>
<cve>2013-5098</cve>
<cve>2013-3262</cve>
<secunia>53116</secunia>
<url>http://www.securityfocus.com/bid/61407</url>
</references>
<type>XSS</type>
<fixed_in>3.3.6.2</fixed_in>
@@ -4683,19 +4704,23 @@
<plugin name="cardoza-wordpress-poll">
<vulnerability>
<title>Cardoza WordPress poll - Cross-Site Request Forgery Vulnerability</title>
<title>Cardoza WordPress poll 34.05 - Multiple External Function Remote Poll Manipulation</title>
<references>
<osvdb>89443</osvdb>
<cve>2013-1401</cve>
<secunia>51925</secunia>
<url>http://seclists.org/bugtraq/2013/Jan/86</url>
<url>http://packetstormsecurity.com/files/119736/</url>
</references>
<type>CSRF</type>
<fixed_in>34.06</fixed_in>
</vulnerability>
<vulnerability>
<title>Cardoza WordPress poll - Multiple SQL injection vulnerabilities</title>
<title>Cardoza WordPress poll - CWPPoll.js Multiple Method pollid Parameter SQL Injection</title>
<references>
<secunia>51942</secunia>
<osvdb>89444</osvdb>
<cve>2013-1400</cve>
<url>http://packetstormsecurity.com/files/119736/</url>
<url>http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html</url>
<url>http://seclists.org/bugtraq/2013/Jan/86</url>
</references>
@@ -5119,8 +5144,18 @@
<plugin name="vitamin">
<vulnerability>
<title>Vitamin - Two Arbitrary File Disclosure Vulnerabilities</title>
<title>Vitamin 1.0 - add_headers.php path Parameter Traversal Arbitrary File Access</title>
<references>
<osvdb>84463</osvdb>
<secunia>50176</secunia>
</references>
<type>LFI</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access</title>
<references>
<osvdb>84464</osvdb>
<secunia>50176</secunia>
</references>
<type>LFI</type>
@@ -5130,8 +5165,9 @@
<plugin name="featured-post-with-thumbnail">
<vulnerability>
<title>Featured Post with thumbnail - Unspecified timthumb Vulnerability</title>
<title>Featured Post with thumbnail 1.4 - Unspecified timthumb Vulnerability</title>
<references>
<osvdb>84460</osvdb>
<secunia>50161</secunia>
</references>
<type>UNKNOWN</type>
@@ -5141,8 +5177,10 @@
<plugin name="wp-effective-lead-management">
<vulnerability>
<title>WP Lead Management - Script Insertion Vulnerabilities</title>
<title>WP Lead Management 3.0.0 - Script Insertion Vulnerabilities</title>
<references>
<osvdb>84462</osvdb>
<exploitdb>20270</exploitdb>
<secunia>50166</secunia>
</references>
<type>XSS</type>
@@ -5165,7 +5203,9 @@
<vulnerability>
<title>G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities</title>
<references>
<osvdb>84434</osvdb>
<secunia>50100</secunia>
<url>http://packetstormsecurity.org/files/115173/</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
@@ -6139,8 +6179,9 @@
<plugin name="syntaxhighlighter">
<vulnerability>
<title>syntaxhighlighter - clipboard.swf XSS</title>
<title>SyntaxHighlighter Evolved 3.1.5 - clipboard.swf Unspecified XSS</title>
<references>
<osvdb>92848</osvdb>
<secunia>53235</secunia>
</references>
<type>XSS</type>
@@ -6161,7 +6202,7 @@
<plugin name="easy-adsense-lite">
<vulnerability>
<title>easy-adsense-lite 6.06 - CSRF</title>
<title>Easy AdSense Lite 6.06 - Setting Manipulation CSRF</title>
<references>
<osvdb>92910</osvdb>
<cve>2013-2702</cve>
@@ -7084,7 +7125,9 @@
<vulnerability>
<title>Comment Attachment 1.0 - XSS Vulnerability</title>
<references>
<osvdb>97600</osvdb>
<url>http://packetstormsecurity.com/files/123327/</url>
<url>http://www.securityfocus.com/bid/62438</url>
</references>
<type>XSS</type>
</vulnerability>
@@ -7094,6 +7137,7 @@
<vulnerability>
<title>Mukioplayer 1.6 - SQL Injection</title>
<references>
<osvdb>97609</osvdb>
<url>http://packetstormsecurity.com/files/123231/</url>
</references>
<type>SQLI</type>
@@ -7299,7 +7343,7 @@
<plugin name="a-forms">
<vulnerability>
<title>A Forms 1.4.0 Multiple Parameters SQL Injection</title>
<title>A Forms 1.4.0 - Multiple Parameters SQL Injection</title>
<references>
<osvdb>96404</osvdb>
</references>
@@ -7503,10 +7547,12 @@
<plugin name="wp-realty">
<vulnerability>
<title>wp-realty - MySQL Time Based Injection</title>
<title>WP Realty - MySQL Time Based Injection</title>
<references>
<osvdb>98748</osvdb>
<exploitdb>29021</exploitdb>
<url>http://www.exploit-db.com/exploits/29021/</url>
<url>http://packetstormsecurity.com/files/123655/</url>
<url>http://www.securityfocus.com/bid/63217</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -7580,11 +7626,22 @@
<plugin name="blue-wrench-videos-widget">
<vulnerability>
<title>Blue Wrench Video-Widget CSRF and Persistent XSS 0day Disclosure</title>
<title>Blue Wrench Video Widget 1.0.2 - admin.php bw-videos Page Multiple Action CSRF</title>
<references>
<osvdb>98922</osvdb>
<secunia>55456</secunia>
<url>http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/</url>
</references>
<type>MULTI</type>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>Blue-Wrench-Video-Widget 1.0.2 - admin.php bw-videos Page Multiple Parameter Stored XSS</title>
<references>
<osvdb>98923</osvdb>
<secunia>55456</secunia>
<url>http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -7620,4 +7677,39 @@
</vulnerability>
</plugin>
<plugin name="payment-gateways-caller-for-wp-e-commerce">
<vulnerability>
<title>Payment Gateways Caller for WP e-Commerce 0.1.0 - load_merchant Parameter Traversal Local file Inclusion</title>
<references>
<osvdb>98916</osvdb>
<url>http://packetstormsecurity.com/files/123744/</url>
</references>
<type>LFI</type>
<fixed_in>0.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="easy-photo-album">
<vulnerability>
<title>Easy Photo Album 1.1.5 - Album Information Disclosure</title>
<references>
<osvdb>98802</osvdb>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="hungred-post-thumbnail">
<vulnerability>
<title>Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution</title>
<references>
<osvdb>82830</osvdb>
<url>http://packetstormsecurity.com/files/113402/</url>
<url>http://www.securityfocus.com/bid/53898</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
</vulnerabilities>