From c2cdf97bee188a94c4e2e64608b84cc0f72337d4 Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <firefart@gmail.com>
Date: Mon, 21 Jan 2013 22:00:09 +0100
Subject: [PATCH] added XSD checking for XML files

---
 data/plugin_vulns.xml   |  70 +++++------------
 data/theme_vulns.xml    |  40 +++++-----
 data/vuln.xsd           |  60 +++++++++++++++
 data/wp_vulns.xml       | 167 ++++++++++++++++++++++++++++------------
 lib/common_helper.rb    |   1 +
 spec/xml_checks_spec.rb |  19 ++++-
 6 files changed, 234 insertions(+), 123 deletions(-)
 create mode 100644 data/vuln.xsd

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 371fb334..ed0c334d 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -1,40 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
-WPScan - WordPress Security Scanner
-Copyright (C) 2011  Ryan Dewhurst AKA ethicalhack3r
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-ryandewhurst at gmail
-
-  This file contains vulnerabilities associated with WordPress plugins.
-  TYPE = ["SQLI", "MULTI", "REDIRECT", "RCE", "RFI", "LFI", "UPLOAD", "UNKNOWN", "XSS", "CSRF", "AUTHBYPASS", "FPD"]
-
-  <plugin name="">
-    <vulnerability>
-      <title></title>
-      <reference></reference>
-      <reference></reference>
-      <metasploit></metasploit>
-      <metasploit></metasploit>
-      <type></type>
-    </vulnerability>
-  </plugin>
-
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012-2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 -->
-<vulnerabilities>
+
+<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                 xsi:noNamespaceSchemaLocation="vuln.xsd">
 
   <plugin name="crayon-syntax-highlighter">
     <vulnerability>
@@ -1459,8 +1444,6 @@ File Upload Vulnerability</title>
       <title>AllWebMenus 1.1.3 Remote File Inclusion</title>
       <reference>http://www.exploit-db.com/exploits/17861/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php</uri>
-      <postdata>abspath=XXpathXX</postdata>
     </vulnerability>
   </plugin>
 
@@ -2087,7 +2070,6 @@ File Upload Vulnerability</title>
       <title>DM Albums 1.9.2 Remote File Inclusion Vuln</title>
       <reference>http://www.exploit-db.com/exploits/9043/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
@@ -2286,10 +2268,9 @@ File Upload Vulnerability</title>
 
   <plugin name="backupwordpress">
     <vulnerability>
-      <title>BackUp&lt;= 0.4.2b RFI Vulnerability</title>
+      <title>BackUp &lt;= 0.4.2b RFI Vulnerability</title>
       <reference>http://www.exploit-db.com/exploits/4593/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/BackUp/Archive.php?bkpwp_plugin_path=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
@@ -2298,7 +2279,6 @@ File Upload Vulnerability</title>
       <title>plugin myflash &lt;= 1.00 (wppath) RFI Vulnerability</title>
       <reference>http://www.exploit-db.com/exploits/3828/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/myflash/myflash-button.php?wpPATH=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
@@ -2307,7 +2287,6 @@ File Upload Vulnerability</title>
       <title>plugin wordTube &lt;= 1.43 (wpPATH) RFI Vulnerability</title>
       <reference>http://www.exploit-db.com/exploits/3825/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/wordtube/wordtube-button.php?wpPATH=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
@@ -2316,7 +2295,6 @@ File Upload Vulnerability</title>
       <title>plugin wp-Table &lt;= 1.43 (inc_dir) RFI Vulnerability</title>
       <reference>http://www.exploit-db.com/exploits/3824/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
@@ -2325,7 +2303,6 @@ File Upload Vulnerability</title>
       <title>myGallery &lt;= 1.4b4 Remote File Inclusion Vulnerability</title>
       <reference>http://www.exploit-db.com/exploits/3814/</reference>
       <type>RFI</type>
-      <uri>/mygallery/myfunctions/mygallerybrowser.php?myPath=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
@@ -2684,7 +2661,6 @@ File Upload Vulnerability</title>
       <title>TheCartPress 1.1.1 Remote File Inclusion</title>
       <reference>http://www.exploit-db.com/exploits/17860/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/thecartpress/checkout/CheckoutEditor.php?tcp_save_fields=true&amp;tcp_class_name=asdf&amp;tcp_class_path=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
@@ -2693,7 +2669,6 @@ File Upload Vulnerability</title>
       <title>WPEasyStats 1.8 Remote File Inclusion</title>
       <reference>http://www.exploit-db.com/exploits/17862/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/wpeasystats/export.php?homep=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
@@ -2702,7 +2677,6 @@ File Upload Vulnerability</title>
       <title>Annonces 1.2.0.0 Remote File Inclusion</title>
       <reference>http://www.exploit-db.com/exploits/17863/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php?abspath=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
@@ -2711,8 +2685,6 @@ File Upload Vulnerability</title>
       <title>Livesig 0.4 Remote File Inclusion</title>
       <reference>http://www.exploit-db.com/exploits/17864/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/livesig/livesig-ajax-backend.php</uri>
-      <postdata>wp-root=XXpathXX&amp;action=asdf</postdata>
     </vulnerability>
   </plugin>
 
@@ -2721,7 +2693,6 @@ File Upload Vulnerability</title>
       <title>Disclosure Policy 1.0 Remote File Inclusion</title>
       <reference>http://www.exploit-db.com/exploits/17865/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&amp;blogUrl=asdf&amp;abspath=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
@@ -2730,7 +2701,6 @@ File Upload Vulnerability</title>
       <title>Mailing List 1.3.2 Remote File Inclusion</title>
       <reference>http://www.exploit-db.com/exploits/17866/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/mailz/lists/config/config.php?wpabspath=XXpathXX</uri>
     </vulnerability>
     <vulnerability>
       <title>Mailing List &lt; 1.4.1 Arbitrary file download</title>
@@ -2744,7 +2714,6 @@ File Upload Vulnerability</title>
       <title>Zingiri Web Shop 2.2.0 Remote File Inclusion</title>
       <reference>http://www.exploit-db.com/exploits/17867/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/g-web-shop/fws/ajax/init.inc.php?wpabspath=XXpathXX</uri>
     </vulnerability>
     <vulnerability>
       <title>Zingiri Web Shop &lt;= 2.2.3 Remote Code Execution</title>
@@ -2771,7 +2740,6 @@ File Upload Vulnerability</title>
       <title>Relocate Upload 0.14 Remote File Inclusion</title>
       <reference>http://www.exploit-db.com/exploits/17869/</reference>
       <type>RFI</type>
-      <uri>/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&amp;abspath=XXpathXX</uri>
     </vulnerability>
   </plugin>
 
diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 7c4529cc..88144c58 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1,27 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
-WPScan - WordPress Security Scanner
-Copyright (C) 2011  Ryan Dewhurst AKA ethicalhack3r
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-  This file contains vulnerabilities associated with WordPress themes.
-  TYPE = ["SQLI", "MULTI", "REDIRECT", "RCE", "RFI", "LFI", "UPLOAD", "UNKNOWN", "XSS", "FPD"]
-
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012-2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 -->
-<themes>
+
+<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                 xsi:noNamespaceSchemaLocation="vuln.xsd">
 
   <theme name="onepagewebsite">
     <vulnerability>
@@ -1172,4 +1170,4 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     </vulnerability>
   </theme>
 
-</themes>
+</vulnerabilities>
diff --git a/data/vuln.xsd b/data/vuln.xsd
new file mode 100644
index 00000000..8178dcc1
--- /dev/null
+++ b/data/vuln.xsd
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+  <xs:simpleType name="stringtype">
+    <xs:restriction base="xs:string"/>
+  </xs:simpleType>
+
+  <xs:simpleType name="typetype">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="SQLI"/>
+      <xs:enumeration value="MULTI"/>
+      <xs:enumeration value="REDIRECT"/>
+      <xs:enumeration value="RCE"/>
+      <xs:enumeration value="RFI"/>
+      <xs:enumeration value="LFI"/>
+      <xs:enumeration value="UPLOAD"/>
+      <xs:enumeration value="UNKNOWN"/>
+      <xs:enumeration value="XSS"/>
+      <xs:enumeration value="CSRF"/>
+      <xs:enumeration value="AUTHBYPASS"/>
+      <xs:enumeration value="FPD"/>
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:complexType name="itemtype">
+    <xs:sequence>
+      <xs:element name="vulnerability" type="vulntype" maxOccurs="unbounded" minOccurs="1" />
+    </xs:sequence>
+    <xs:attribute type="stringtype" name="name" use="required"/>
+  </xs:complexType>
+
+  <xs:complexType name="wordpresstype">
+    <xs:sequence>
+      <xs:element name="vulnerability" type="vulntype" maxOccurs="unbounded" minOccurs="1" />
+    </xs:sequence>
+    <xs:attribute type="stringtype" name="version" use="required"/>
+  </xs:complexType>
+
+  <xs:complexType name="vulntype">
+    <xs:sequence minOccurs="1" maxOccurs="1">
+      <xs:element name="title" type="stringtype"/>
+      <xs:element name="reference" type="stringtype" maxOccurs="unbounded" minOccurs="1"/>
+      <xs:element name="metasploit" type="stringtype" maxOccurs="unbounded" minOccurs="0"/>
+      <xs:element name="type" type="typetype"/>
+    </xs:sequence>
+  </xs:complexType>
+
+  <xs:element name="vulnerabilities">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="plugin" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
+        <xs:element name="theme" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
+        <xs:element name="wordpress" type="wordpresstype" maxOccurs="unbounded" minOccurs="0"/>
+      </xs:sequence>
+    </xs:complexType>
+  </xs:element>
+
+
+</xs:schema>
\ No newline at end of file
diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index 244f0c5a..13408bda 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -1,37 +1,36 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
+
 <!--
-WPScan - WordPress Security Scanner
-Copyright (C) 2011  Ryan Dewhurst AKA ethicalhack3r
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-ryandewhurst at gmail
-
-
-This file contains vulnerabilities associated with WordPress verions.
-
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012-2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 -->
-<vulnerabilities>
+
+<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                 xsi:noNamespaceSchemaLocation="vuln.xsd">
 
   <wordpress version="3.5">
     <vulnerability>
       <title>XMLRPC Pingback API Internal/External Port Scanning</title>
       <reference>https://github.com/FireFart/WordpressPingbackPortScanner</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>WordPress XMLRPC pingback additional issues</title>
       <reference>http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
   </wordpress>
 
@@ -39,6 +38,7 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>WordPress 3.4.2 Cross Site Request Forgery</title>
       <reference>http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html</reference>
+      <type>CSRF</type>
     </vulnerability>
   </wordpress>
 
@@ -46,6 +46,7 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
       <reference>http://www.exploit-db.com/exploits/18791/</reference>
+      <type>CSRF</type>
     </vulnerability>
   </wordpress>
 
@@ -53,10 +54,12 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
       <reference>http://www.exploit-db.com/exploits/18791/</reference>
-  </vulnerability>
-  <vulnerability>
+      <type>CSRF</type>
+    </vulnerability>
+    <vulnerability>
       <title>WordPress 3.3.2 Cross Site Scripting</title>
       <reference>http://packetstormsecurity.org/files/113254</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -64,14 +67,17 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Multiple vulnerabilities including XSS and Privilege Escalation</title>
       <reference>http://wordpress.org/news/2012/04/wordpress-3-3-2/</reference>
+      <type>MULTI</type>
     </vulnerability>
     <vulnerability>
       <title>Wordpress 3.3.1 Multiple CSRF Vulnerabilities</title>
       <reference>http://www.exploit-db.com/exploits/18791/</reference>
+      <type>CSRF</type>
     </vulnerability>
-     <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -79,31 +85,36 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Reflected Cross-Site Scripting in WordPress 3.3</title>
       <reference>http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html</reference>
+      <type>XSS</type>
     </vulnerability>
-     <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="3.2.1">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="3.2">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="3.1.4">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -111,10 +122,12 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Multiple SQL Injection Vulnerabilities</title>
       <reference>http://www.exploit-db.com/exploits/17465/</reference>
+      <type>SQLI</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -122,10 +135,12 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress &lt;= 3.1.2 Clickjacking Vulnerability</title>
       <reference>http://seclists.org/fulldisclosure/2011/Sep/219</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -133,38 +148,44 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>WordPress wp-includes/formatting.php make_clickable() PCRE Library Remote DoS</title>
       <reference>http://osvdb.org/show/osvdb/72142</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="3.1">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.6">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.5">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="3.0.4">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -172,14 +193,17 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>SQL injection vulnerability in do_trackbacks() Wordpress function</title>
       <reference>http://www.exploit-db.com/exploits/15684/</reference>
+      <type>SQLI</type>
     </vulnerability>
     <vulnerability>
       <title>Wordpress 3.0.3 stored XSS IE7,6 NS8.1</title>
       <reference>http://www.exploit-db.com/exploits/15858/</reference>
+      <type>XSS</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -187,42 +211,49 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>WordPress XML-RPC Interface Access Restriction Bypass</title>
       <reference>http://osvdb.org/69761</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
-   <wordpress version="3.0.1">
+  <wordpress version="3.0.1">
     <vulnerability>
       <title>WordPress: Information Disclosure via SQL Injection Attack</title>
       <reference>http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/</reference>
+      <type>SQLI</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="3.0">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.9.2">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.9.1">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -230,21 +261,25 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>WordPress 2.9 Failure to Restrict URL Access</title>
       <reference>http://www.exploit-db.com/exploits/11441/</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>Wordpress DOS &lt;= 2.9</title>
       <reference>http://www.exploit-db.com/exploits/11441/</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.6">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -252,17 +287,20 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>WordPress &lt;= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution</title>
       <reference>http://www.exploit-db.com/exploits/10089/</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.8.4">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -270,10 +308,12 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress &lt;= 2.8.3 Remote Admin Reset Password Vulnerability</title>
       <reference>http://www.exploit-db.com/exploits/9410/</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -281,17 +321,20 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit</title>
       <reference>http://www.exploit-db.com/exploits/9250/</reference>
+      <type>XSS</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
-   <wordpress version="2.8">
-   <vulnerability>
+  <wordpress version="2.8">
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -299,24 +342,28 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability</title>
       <reference>http://www.exploit-db.com/exploits/10088/</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.7">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.5">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -324,20 +371,23 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.3">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.6.2">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -345,31 +395,36 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit</title>
       <reference>http://www.exploit-db.com/exploits/6421/</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.6">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.5.1">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
   <wordpress version="2.5">
-   <vulnerability>
+    <vulnerability>
       <title>XSS vulnerability in swfupload in WordPress</title>
       <reference>http://seclists.org/fulldisclosure/2012/Nov/51</reference>
+      <type>XSS</type>
     </vulnerability>
   </wordpress>
 
@@ -377,6 +432,7 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress &lt;= 2.3.1 Charset Remote SQL Injection Vulnerability</title>
       <reference>http://www.exploit-db.com/exploits/4721/</reference>
+      <type>SQLI</type>
     </vulnerability>
   </wordpress>
 
@@ -384,10 +440,12 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit</title>
       <reference>http://www.exploit-db.com/exploits/4113/</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
     <vulnerability>
       <title>Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit</title>
       <reference>http://www.exploit-db.com/exploits/4039/</reference>
+      <type>SQLI</type>
     </vulnerability>
   </wordpress>
 
@@ -395,6 +453,7 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit</title>
       <reference>http://www.exploit-db.com/exploits/3960/</reference>
+      <type>SQLI</type>
     </vulnerability>
   </wordpress>
 
@@ -402,6 +461,7 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit</title>
       <reference>http://www.exploit-db.com/exploits/3656/</reference>
+      <type>SQLI</type>
     </vulnerability>
   </wordpress>
 
@@ -409,6 +469,7 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress &lt;= 2.0.6 wp-trackback.php Remote SQL Injection Exploit</title>
       <reference>http://www.exploit-db.com/exploits/3109/</reference>
+      <type>SQLI</type>
     </vulnerability>
   </wordpress>
 
@@ -416,6 +477,7 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit</title>
       <reference>http://www.exploit-db.com/exploits/3095/</reference>
+      <type>SQLI</type>
     </vulnerability>
   </wordpress>
 
@@ -423,6 +485,7 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>WordPress &lt;= 2.0.2 (cache) Remote Shell Injection Exploit</title>
       <reference>http://www.exploit-db.com/exploits/6/</reference>
+      <type>UNKNOWN</type>
     </vulnerability>
   </wordpress>
 
@@ -430,6 +493,7 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress &lt;= 1.5.1.3 Remote Code Execution eXploit (metasploit)</title>
       <reference>http://www.exploit-db.com/exploits/1145/</reference>
+      <type>SQLI</type>
     </vulnerability>
   </wordpress>
 
@@ -437,6 +501,7 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>Wordpress &lt;= 1.5.1.2 xmlrpc Interface SQL Injection Exploit</title>
       <reference>http://www.exploit-db.com/exploits/1077/</reference>
+      <type>SQLI</type>
     </vulnerability>
   </wordpress>
 
@@ -444,10 +509,12 @@ This file contains vulnerabilities associated with WordPress verions.
     <vulnerability>
       <title>WordPress &lt;= 1.5.1.1 &quot;add new admin&quot; SQL Injection Exploit</title>
       <reference>http://www.exploit-db.com/exploits/1059/</reference>
+      <type>SQLI</type>
     </vulnerability>
     <vulnerability>
-      <title>WordPress &lt;= 1.5.1.1 SQL Injection Exploit </title>
+      <title>WordPress &lt;= 1.5.1.1 SQL Injection Exploit</title>
       <reference>http://www.exploit-db.com/exploits/1033/</reference>
+      <type>SQLI</type>
     </vulnerability>
   </wordpress>
 
diff --git a/lib/common_helper.rb b/lib/common_helper.rb
index 5bd547c7..5849f4d8 100644
--- a/lib/common_helper.rb
+++ b/lib/common_helper.rb
@@ -39,6 +39,7 @@ THEMES_FILE         = DATA_DIR + "/themes.txt"
 THEMES_FULL_FILE    = DATA_DIR + "/themes_full.txt"
 THEMES_VULNS_FILE   = DATA_DIR + "/theme_vulns.xml"
 WP_VULNS_FILE       = DATA_DIR + "/wp_vulns.xml"
+VULNS_XSD           = DATA_DIR + "/vuln.xsd"
 
 WPSCAN_VERSION       = "2.0"
 
diff --git a/spec/xml_checks_spec.rb b/spec/xml_checks_spec.rb
index ed5c25d7..59d3612a 100644
--- a/spec/xml_checks_spec.rb
+++ b/spec/xml_checks_spec.rb
@@ -25,27 +25,44 @@ describe "XML checks" do
 
     FileTest.exists?(full_path).should be_true
 
-    expect { Nokogiri::XML(File.read(full_path)) { |config| config.strict } }.to_not raise_error
+    if @xsd
+      xsd = Nokogiri::XML::Schema(File.read(@xsd))
+      doc = Nokogiri::XML(File.read(full_path))
+
+      errors = []
+      xsd.validate(doc).each do |error|
+        errors << error.message
+      end
+
+      errors.should === []
+    else
+      expect { Nokogiri::XML(File.read(full_path)) { |config| config.strict } }.to_not raise_error
+    end
 
   end
 
   it "check plugin_vulns.xml for syntax errors" do
     @file = "plugin_vulns.xml"
+    @xsd = VULNS_XSD
   end
 
   it "check theme_vulns.xml for syntax errors" do
     @file = "theme_vulns.xml"
+    @xsd = VULNS_XSD
   end
 
   it "check wp_versions.xml for syntax errors" do
     @file = "wp_versions.xml"
+    @xsd = nil
   end
 
   it "check wp_vulns.xml for syntax errors" do
     @file = "wp_vulns.xml"
+    @xsd = VULNS_XSD
   end
 
   it "check local_vulnerable_files.xml for syntax errors" do
     @file = "local_vulnerable_files.xml"
+    @xsd = nil
   end
 end
\ No newline at end of file