From b3cfd0871854a947a247d69199a01bae59af34af Mon Sep 17 00:00:00 2001
From: Gianluca Brindisi <g@brindi.si>
Date: Tue, 16 Oct 2012 15:39:17 +0200
Subject: [PATCH] Added Issue 38

---
 data/plugin_vulns.xml   |   8 ++
 data/wp_theme_vulns.xml | 158 +++++++++++++++++++++++++++++++++++++++-
 2 files changed, 163 insertions(+), 3 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 6b744b18..fa809b60 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -22,6 +22,14 @@ ryandewhurst at gmail
   TYPE = ["SQLI", "MULTI", "REDIRECT", "RCE", "RFI", "LFI", "UPLOAD", "UNKNOWN", "XSS", "CSRF"]
 -->
 <vulnerabilities>
+  <plugin name="bbpress">
+    <vulnerability>
+        <title>ABtest Directory Traversal </title>
+      <reference>http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110</reference>
+      <type>UNKNOWN</type>
+    </vulnerability>
+  </plugin>
+
   <plugin name="bbpress">
     <vulnerability>
       <title>BBPress SQL Injection / Path Disclosure</title>
diff --git a/data/wp_theme_vulns.xml b/data/wp_theme_vulns.xml
index 575527ab..84f4f1c0 100644
--- a/data/wp_theme_vulns.xml
+++ b/data/wp_theme_vulns.xml
@@ -22,10 +22,162 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 -->
 <themes>
-  <theme name="shopperpress">
+  <theme name="ovum">
     <vulnerability>
-      <title>ShopperPress WordPress Theme 2.7 Cross Site Scripting</title>
-      <reference>http://packetstormsecurity.org/files/115630/</reference>
+        <title>XSS vulnerability in Imediapixel premium WordPress themes</title>
+        <reference>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="avanix">
+    <vulnerability>
+        <title>XSS vulnerability in Imediapixel premium WordPress themes</title>
+        <reference>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="ebiz">
+    <vulnerability>
+        <title>XSS vulnerability in Imediapixel premium WordPress themes</title>
+        <reference>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="ecobiz">
+    <vulnerability>
+        <title>XSS vulnerability in Imediapixel premium WordPress themes</title>
+        <reference>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="traject">
+    <vulnerability>
+        <title>XSS vulnerability in Parallelus premium WordPress themes</title>
+        <reference>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="intersect">
+    <vulnerability>
+        <title>XSS vulnerability in Parallelus premium WordPress themes</title>
+        <reference>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="salutation">
+    <vulnerability>
+        <title>XSS vulnerability in Parallelus premium WordPress themes</title>
+        <reference>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="unite">
+    <vulnerability>
+        <title>XSS vulnerability in Parallelus premium WordPress themes</title>
+        <reference>http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-parallelus-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="shapeless">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="brisk">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="blaze">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="eunice">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="explicit">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="essence">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="paramount">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="picturefactory">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="sparky">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="theagency">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="konzept">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="daisho">
+    <vulnerability>
+        <title>XSS vulnerability in multiple premium WordPress themes by Flow/Devatic</title>
+      <reference>http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html</reference>
       <type>XSS</type>
     </vulnerability>
   </theme>