Merge pull request #2 from wpscanteam/master

Update master
2013-11-08 05:36:38 -08:00
parent 942676a493 6ecd538364
commit d7f6389ca8
16 changed files with 1334 additions and 1986 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 cache/*
 coverage
 .bundle
 .DS_Store
 .DS_Store?
 *.sublime-*
--- a/1
+++ b/1
@@ -17,3 +17,4 @@ Callum Pember - Implemented proxy support - callumpember at gmail.com
 g0tmi1k - Additional timthumb checks + bug reports.
 Melvin Lammerts - Reported a couple of fake vulnerabilities - melvin at 12k.nl
 Paolo Perego - @thesp0nge - Basic authentication
 Peter van der Laan - The Vuln Hunter and Code Cleaner
--- a/2
+++ b/2
@@ -7,7 +7,7 @@ gem "json"
 gem "terminal-table"
 gem "ruby-progressbar", ">=1.2.0"
-group :development, :test do
+group :test do
  gem "webmock", ">=1.9.3"
  gem "simplecov"
  gem "rspec", :require => "spec"
--- a/8
+++ b/8
@@ -49,14 +49,14 @@ ryandewhurst at gmail
    sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
-    sudo gem install bundler && bundle install --without test development
+    sudo gem install bundler && bundle install --without test
  -> Installing on Fedora:
    sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
-    sudo gem install bundler && bundle install --without test development
+    sudo gem install bundler && bundle install --without test
  -> Installing on Archlinux:
@@ -65,7 +65,7 @@ ryandewhurst at gmail
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
-    sudo gem install bundler && bundle install --without test development
+    sudo gem install bundler && bundle install --without test
    gem install typhoeus
    gem install nokogiri
@@ -76,7 +76,7 @@ ryandewhurst at gmail
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
-    sudo gem install bundler && bundle install --without test development
+    sudo gem install bundler && bundle install --without test
 ==KNOWN ISSUES==
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ Prerequisites:
 ```cd wpscan```
-```sudo gem install bundler && bundle install --without test development```
+```sudo gem install bundler && bundle install --without test```
 *Installing on Fedora:*
@@ -58,7 +58,7 @@ Prerequisites:
 ```cd wpscan```
-```sudo gem install bundler && bundle install --without test development```
+```sudo gem install bundler && bundle install --without test```
 *Installing on Archlinux:*
@@ -70,7 +70,7 @@ Prerequisites:
 ```cd wpscan```
-```sudo gem install bundler && bundle install --without test development```
+```sudo gem install bundler && bundle install --without test```
 ```gem install typhoeus```
@@ -84,7 +84,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
 ```cd wpscan```
-```sudo gem install bundler && bundle install --without test development```
+```sudo gem install bundler && bundle install --without test```
 #### KNOWN ISSUES
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -5,7 +5,7 @@
  <plugin name="content-slide">
    <vulnerability>
-      <title>Content Slide &lt;=1.4.2 - Cross Site Requst Forgery Vulnerability</title>
+      <title>Content Slide &lt;= 1.4.2 - Cross Site Requst Forgery Vulnerability</title>
      <references>
        <osvdb>93871</osvdb>
        <cve>2013-2708</cve>
@@ -123,8 +123,7 @@
      <title>Crayon Syntax Highlighter - Remote File Inclusion Vulnerability</title>
      <references>
        <secunia>50804</secunia>
-        <url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
+        <url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/</url>
        </url>
      </references>
      <type>RFI</type>
      <fixed_in>1.13</fixed_in>
@@ -152,7 +151,7 @@
  <plugin name="thanks-you-counter-button">
    <vulnerability>
-      <title>Thank You Counter Button &lt;=1.8.2 - XSS</title>
+      <title>Thank You Counter Button &lt;= 1.8.2 - XSS</title>
      <references>
        <secunia>50977</secunia>
      </references>
@@ -163,7 +162,7 @@
  <plugin name="bookings">
    <vulnerability>
-      <title>Bookings &lt;=1.8.2 - XSS</title>
+      <title>Bookings &lt;= 1.8.2 - XSS</title>
      <references>
        <secunia>50975</secunia>
      </references>
@@ -174,7 +173,7 @@
  <plugin name="cimy-user-manager">
    <vulnerability>
-      <title>Cimy User Manager &lt;=1.4.2 - Arbitrary File Disclosure</title>
+      <title>Cimy User Manager &lt;= 1.4.2 - Arbitrary File Disclosure</title>
      <references>
        <secunia>50834</secunia>
        <url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
@@ -197,9 +196,7 @@
      <title>FireStorm Professional Real Estate - Multiple SQL Injection</title>
      <references>
        <secunia>50873</secunia>
-        <url>
+        <url>http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/</url>
          http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
        </url>
      </references>
      <type>SQLI</type>
      <fixed_in>2.06.03</fixed_in>
@@ -208,7 +205,7 @@
  <plugin name="wp125">
    <vulnerability>
-      <title>WP125 &lt;=1.4.4 - Multiple XSS</title>
+      <title>WP125 &lt;= 1.4.4 - Multiple XSS</title>
      <references>
        <secunia>50976</secunia>
      </references>
@@ -216,7 +213,7 @@
      <fixed_in>1.4.5</fixed_in>
    </vulnerability>
    <vulnerability>
-      <title>WP125 &lt;=1.4.9 - CSRF</title>
+      <title>WP125 &lt;= 1.4.9 - CSRF</title>
      <references>
        <osvdb>92113</osvdb>
        <cve>2013-2700</cve>
@@ -290,8 +287,7 @@
        <secunia>50832</secunia>
        <url>http://www.securityfocus.com/bid/57133</url>
        <url>http://packetstormsecurity.com/files/119329/</url>
-        <url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
+        <url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</url>
        </url>
        <metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
      </references>
      <type>UNKNOWN</type>
@@ -551,9 +547,7 @@
      <title>Asset Manager - upload.php Arbitrary Code Execution</title>
      <references>
        <osvdb>82653</osvdb>
-        <url>
+        <url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</url>
          http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
        </url>
        <url>http://packetstormsecurity.com/files/113285/</url>
        <url>http://xforce.iss.net/xforce/xfdb/80823</url>
      </references>
@@ -593,11 +587,12 @@
  <plugin name="comment-extra-field">
    <vulnerability>
-      <title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
+      <title>Comment Extra Field 1.7 - CSRF / XSS</title>
      <references>
        <url>http://packetstormsecurity.com/files/122625/</url>
        <url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
      </references>
-      <type>XSS</type>
+      <type>MULTI</type>
    </vulnerability>
  </plugin>
@@ -675,7 +670,7 @@
    <vulnerability>
      <title>powerzoomer - Arbitrary File Upload Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20253</url>
+        <url>http://1337day.com/exploit/20253</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -753,7 +748,7 @@
    <vulnerability>
      <title>wp-3dflick-slideshow - Arbitrary File Upload Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20255</url>
+        <url>http://1337day.com/exploit/20255</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -839,7 +834,7 @@
    <vulnerability>
      <title>wp-homepage-slideshow - Arbitrary File Upload Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20260</url>
+        <url>http://1337day.com/exploit/20260</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -856,7 +851,7 @@
    <vulnerability>
      <title>wp-image-news-slider - Arbitrary File Upload Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20259</url>
+        <url>http://1337day.com/exploit/20259</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -891,7 +886,7 @@
    <vulnerability>
      <title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20250</url>
+        <url>http://1337day.com/exploit/20250</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -918,7 +913,7 @@
    <vulnerability>
      <title>wp-powerplaygallery - Arbitrary File Upload Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20252</url>
+        <url>http://1337day.com/exploit/20252</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -935,7 +930,7 @@
    <vulnerability>
      <title>wp-royal-gallery - Arbitrary File Upload Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20261</url>
+        <url>http://1337day.com/exploit/20261</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -1021,7 +1016,7 @@
    <vulnerability>
      <title>Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities</title>
      <references>
-        <url>http://www.securityfocus.com/bid/60079/info</url>
+        <url>http://www.securityfocus.com/bid/60079</url>
      </references>
      <type>MULTI</type>
    </vulnerability>
@@ -1087,9 +1082,7 @@
    <vulnerability>
      <title>ABtest - Directory Traversal</title>
      <references>
-        <url>
+        <url>http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110</url>
          http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
        </url>
      </references>
      <type>UNKNOWN</type>
    </vulnerability>
@@ -1694,7 +1687,7 @@
  <plugin name="wp-property">
    <vulnerability>
-      <title>WP Property &lt;=1.35.0 - Arbitrary File Upload</title>
+      <title>WP Property &lt;= 1.35.0 - Arbitrary File Upload</title>
      <references>
        <exploitdb>18987</exploitdb>
        <exploitdb>23651</exploitdb>
@@ -1811,16 +1804,20 @@
    <vulnerability>
      <title>WP Easy Gallery &lt;= 1.7 - Cross Site Scripting</title>
      <references>
        <secunia>49190</secunia>
        <url>http://packetstormsecurity.com/files/112687/</url>
      </references>
      <type>XSS</type>
      <fixed_in>2.7.3</fixed_in>
    </vulnerability>
    <vulnerability>
      <title>WP Easy Gallery &lt;= 2.7 - CSRF</title>
      <references>
        <secunia>49190</secunia>
        <url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=669527%40wp-easy-gallery&amp;new=669527%40wp-easy-gallery</url>
      </references>
      <type>CSRF</type>
      <fixed_in>2.7.3</fixed_in>
    </vulnerability>
  </plugin>
@@ -1828,9 +1825,11 @@
    <vulnerability>
      <title>Subscribe2 &lt;= 8.0 - Cross Site Scripting</title>
      <references>
        <secunia>49189</secunia>
        <url>http://packetstormsecurity.com/files/112688/</url>
      </references>
      <type>XSS</type>
      <fixed_in>8.1</fixed_in>
    </vulnerability>
  </plugin>
@@ -1838,6 +1837,7 @@
    <vulnerability>
      <title>Soundcloud Is Gold &lt;= 2.1 - Cross Site Scripting</title>
      <references>
        <secunia>49188</secunia>
        <url>http://packetstormsecurity.com/files/112689/</url>
      </references>
      <type>XSS</type>
@@ -1920,9 +1920,11 @@
    <vulnerability>
      <title>Newsletter Manager &lt;= 1.0 - Cross Site Scripting</title>
      <references>
        <secunia>49183</secunia>
        <url>http://packetstormsecurity.com/files/112694/</url>
      </references>
      <type>XSS</type>
      <fixed_in>1.0.2</fixed_in>
    </vulnerability>
  </plugin>
@@ -2049,11 +2051,13 @@
  <plugin name="codestyling-localization">
    <vulnerability>
-      <title>Code Styling Localization &lt;= 1.99.16 - Cross Site Scripting</title>
+      <title>Code Styling Localization &lt;= 1.99.17 - Cross Site Scripting</title>
      <references>
        <secunia>49037</secunia>
        <url>http://packetstormsecurity.com/files/112709/</url>
      </references>
      <type>XSS</type>
      <fixed_in>1.99.20</fixed_in>
    </vulnerability>
  </plugin>
@@ -2150,9 +2154,11 @@
    <vulnerability>
      <title>2-Click-Socialmedia-Buttons &lt;= 0.32.2 - Cross Site Scripting</title>
      <references>
        <secunia>49181</secunia>
        <url>http://packetstormsecurity.com/files/112711/</url>
      </references>
      <type>XSS</type>
      <fixed_in>0.35</fixed_in>
    </vulnerability>
  </plugin>
@@ -2386,7 +2392,7 @@
    <vulnerability>
      <title>WP Cycle Playlist - Multiple Vulnerabilities</title>
      <references>
-        <url>http://1337day.com/exploits/17396</url>
+        <url>http://1337day.com/exploit/17396</url>
      </references>
      <type>MULTI</type>
    </vulnerability>
@@ -2455,7 +2461,7 @@
    <vulnerability>
      <title>WP-AutoYoutube &lt;= 0.1 - Blind SQL Injection Vulnerability</title>
      <references>
-        <url>http://1337day.com/exploits/17368</url>
+        <url>http://1337day.com/exploit/17368</url>
      </references>
      <type>SQLI</type>
    </vulnerability>
@@ -2738,7 +2744,7 @@
  <plugin name="is-human">
    <vulnerability>
-      <title>Is-human &lt;=1.4.2 - Remote Command Execution Vulnerability</title>
+      <title>Is-human &lt;= 1.4.2 - Remote Command Execution Vulnerability</title>
      <references>
        <exploitdb>17299</exploitdb>
      </references>
@@ -3015,16 +3021,41 @@
    <vulnerability>
      <title>Mingle Forum &lt;= 1.0.33 - Cross Site Scripting</title>
      <references>
        <secunia>49171</secunia>
        <url>http://packetstormsecurity.com/files/112696/</url>
      </references>
-      <type>MULTI</type>
+      <type>XSS</type>
      <fixed_in>1.0.33.2</fixed_in>
    </vulnerability>
    <vulnerability>
-      <title>Mingle Forum 1.0.33.3 - Multiple Parameter SQL Injection</title>
+      <title>Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Parameter XSS</title>
      <references>
        <osvdb>90432</osvdb>
        <cve>2013-0734</cve>
        <secunia>52167</secunia>
      </references>
      <type>XSS</type>
      <fixed_in>1.0.34</fixed_in>
    </vulnerability>
    <vulnerability>
      <title>Mingle Forum 1.0.33.3 - wpf.class.php search_words Parameter XSS</title>
      <references>
        <osvdb>90433</osvdb>
        <cve>2013-0734</cve>
        <secunia>52167</secunia>
      </references>
      <type>XSS</type>
      <fixed_in>1.0.34</fixed_in>
    </vulnerability>
    <vulnerability>
      <title>Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter SQL Injection</title>
      <references>
        <osvdb>90434</osvdb>
        <cve>2013-0735</cve>
        <secunia>52167</secunia>
      </references>
      <type>SQLI</type>
      <fixed_in>1.0.34</fixed_in>
    </vulnerability>
    <vulnerability>
      <title>Mingle Forum 1.0.35 - Privilege Escalation CSRF</title>
@@ -4567,9 +4598,7 @@
      <references>
        <url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
        <url>http://wordpress.org/support/topic/pwn3d</url>
-        <url>
+        <url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
          http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
        </url>
        <metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
      </references>
      <type>RCE</type>
@@ -4588,13 +4617,11 @@
  <plugin name="wp-super-cache">
    <vulnerability>
-      <title>WP-Super-Cache - Remote Code Execution</title>
+      <title>WP-Super-Cache 1.3 - Remote Code Execution</title>
      <references>
        <url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
        <url>http://wordpress.org/support/topic/pwn3d</url>
-        <url>
+        <url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
          http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
        </url>
      </references>
      <type>RCE</type>
      <fixed_in>1.3.1</fixed_in>
@@ -4642,7 +4669,7 @@
      <title>ipfeuilledechou - SQL Injection Vulnerability</title>
      <references>
        <url>http://www.exploit4arab.com/exploits/377</url>
-        <url>http://1337day.com/exploits/20206</url>
+        <url>http://1337day.com/exploit/20206</url>
      </references>
      <type>SQLI</type>
    </vulnerability>
@@ -4749,7 +4776,7 @@
      <title>Developer Formatter - CSRF and XSS Vulnerability</title>
      <references>
        <url>http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt</url>
-        <url>http://1337day.com/exploits/20210</url>
+        <url>http://1337day.com/exploit/20210</url>
        <secunia>51912</secunia>
      </references>
      <type>MULTI</type>
@@ -5277,7 +5304,7 @@
    <vulnerability>
      <title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20251</url>
+        <url>http://1337day.com/exploit/20251</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -5287,7 +5314,7 @@
    <vulnerability>
      <title>accordion - Arbitrary File Upload Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20254</url>
+        <url>http://1337day.com/exploit/20254</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -5297,7 +5324,7 @@
    <vulnerability>
      <title>wp-catpro - Arbitrary File Upload Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20256</url>
+        <url>http://1337day.com/exploit/20256</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -5350,7 +5377,7 @@
    <vulnerability>
      <title>p1m media manager - SQL Injection Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20270</url>
+        <url>http://1337day.com/exploit/20270</url>
      </references>
      <type>SQLI</type>
    </vulnerability>
@@ -5390,7 +5417,7 @@
    <vulnerability>
      <title>ForumConverter - SQL Injection Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20275</url>
+        <url>http://1337day.com/exploit/20275</url>
      </references>
      <type>SQLI</type>
    </vulnerability>
@@ -5400,7 +5427,7 @@
    <vulnerability>
      <title>Newsletter - SQL Injection Vulnerability</title>
      <references>
-        <url>http://www.1337day.com/exploit/20287</url>
+        <url>http://1337day.com/exploit/20287</url>
      </references>
      <type>SQLI</type>
    </vulnerability>
@@ -5520,7 +5547,7 @@
    <vulnerability>
      <title>Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection</title>
      <references>
-        <url>http://1337day.com/exploits/20433</url>
+        <url>http://1337day.com/exploit/20433</url>
      </references>
      <type>MULTI</type>
    </vulnerability>
@@ -5860,8 +5887,10 @@
  <plugin name="terillion-reviews">
    <vulnerability>
-      <title>Terillion Reviews - Cross Site Scripting</title>
+      <title>Terillion Reviews - Profile Id Field XSS</title>
      <references>
        <osvdb>91123</osvdb>
        <cve>2013-1201</cve>
        <url>http://packetstormsecurity.com/files/120730/</url>
      </references>
      <type>XSS</type>
@@ -5938,8 +5967,7 @@
      <title>WP-Banners-Lite - XSS vulnerability</title>
      <references>
        <url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
-        <url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
+        <url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513</url>
        </url>
      </references>
      <type>XSS</type>
    </vulnerability>
@@ -5974,6 +6002,7 @@
      <title>chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
      <references>
        <exploitdb>24492</exploitdb>
        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -5986,6 +6015,7 @@
        <exploitdb>24492</exploitdb>
        <secunia>37903</secunia>
        <cve>2009-4140</cve>
        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
      </references>
      <type>UPLOAD</type>
      <fixed_in>0.5</fixed_in>
@@ -5997,6 +6027,7 @@
      <title>spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
      <references>
        <exploitdb>24492</exploitdb>
        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -6007,6 +6038,7 @@
      <title>php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
      <references>
        <exploitdb>24492</exploitdb>
        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -6017,6 +6049,7 @@
      <title>seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
      <references>
        <exploitdb>24492</exploitdb>
        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -6027,6 +6060,7 @@
      <title>wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
      <references>
        <exploitdb>24492</exploitdb>
        <metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
@@ -6282,8 +6316,10 @@
  <plugin name="related-posts-by-zemanta">
    <vulnerability>
-      <title>Related Posts by Zemanta - Cross-Site Request Forgery Vulnerability</title>
+      <title>Related Posts by Zemanta 1.3.1 - Cross-Site Request Forgery Vulnerability</title>
      <references>
        <osvdb>93364</osvdb>
        <cve>2013-3477</cve>
        <secunia>53321</secunia>
      </references>
      <type>CSRF</type>
@@ -6293,19 +6329,22 @@
  <plugin name="wordpress-23-related-posts-plugin">
    <vulnerability>
-      <title>WordPress Related Posts - Cross-Site Request Forgery Vulnerability</title>
+      <title>WordPress Related Posts 2.6.1 - Cross-Site Request Forgery Vulnerability</title>
      <references>
        <osvdb>93362</osvdb>
        <cve>2013-3476</cve>
        <secunia>53279</secunia>
      </references>
      <type>CSRF</type>
-      <fixed_in>2.6.2</fixed_in>
+      <fixed_in>2.7.2</fixed_in>
    </vulnerability>
  </plugin>
  <plugin name="related-posts">
    <vulnerability>
-      <title>Related Posts - Cross-Site Request Forgery Vulnerability</title>
+      <title>Related Posts 2.7.1 - Cross-Site Request Forgery Vulnerability</title>
      <references>
        <osvdb>93363</osvdb>
        <secunia>53122</secunia>
      </references>
      <type>CSRF</type>
@@ -6315,7 +6354,7 @@
  <plugin name="wp-print-friendly">
    <vulnerability>
-      <title>WP Print Friendly &lt;=0.5.2 - Security Bypass Vulnerability</title>
+      <title>WP Print Friendly &lt;= 0.5.2 - Security Bypass Vulnerability</title>
      <references>
        <osvdb>93243</osvdb>
        <secunia>53371</secunia>
@@ -6418,12 +6457,14 @@
  <plugin name="funcaptcha">
    <vulnerability>
-      <title>FunCaptcha - CSRF</title>
+      <title>FunCaptcha 0.3.2- Setting Manipulation CSRF</title>
      <references>
        <osvdb>92272</osvdb>
        <secunia>53021</secunia>
        <url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
      </references>
-      <type>UNKNOWN</type>
+      <type>CSRF</type>
-      <fixed_in>0.33</fixed_in>
+      <fixed_in>0.3.3</fixed_in>
    </vulnerability>
  </plugin>
@@ -6679,6 +6720,7 @@
    <vulnerability>
      <title>Xorbin Digital Flash Clock 1.0 - Flash-based XSS</title>
      <references>
        <url>http://packetstormsecurity.com/files/122223/</url>
        <url>http://advisory.prakharprasad.com/xorbin_dfc_wp.txt</url>
        <cve>2013-4693</cve>
      </references>
@@ -6756,6 +6798,7 @@
      <references>
        <osvdb>95557</osvdb>
        <exploitdb>26804</exploitdb>
        <url>http://packetstormsecurity.com/files/122396/</url>
      </references>
      <type>RFI</type>
    </vulnerability>
@@ -7080,7 +7123,7 @@
  <plugin name="lbg_zoominoutslider">
    <vulnerability>
-      <title>LBG Zoominoutslider - XSS Vulnerability</title>
+      <title>LBG Zoominoutslider - add_banner.php name Parameter Stored XSS</title>
      <references>
        <osvdb>97887</osvdb>
        <secunia>54983</secunia>
@@ -7088,6 +7131,32 @@
      </references>
      <type>XSS</type>
    </vulnerability>
    <vulnerability>
      <title>LBG Zoominoutslider - settings_form.php Multiple Parameter Stored XSS</title>
      <references>
        <osvdb>99339</osvdb>
        <url>http://packetstormsecurity.com/files/123914/</url>
        <url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
      </references>
      <type>XSS</type>
    </vulnerability>
    <vulnerability>
      <title>LBG Zoominoutslider - add_playlist_record.php Multiple Parameter Stored XSS</title>
      <references>
        <osvdb>99340</osvdb>
        <url>http://packetstormsecurity.com/files/123914/</url>
        <url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
      </references>
      <type>XSS</type>
    </vulnerability>
    <vulnerability>
      <title>LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure</title>
      <references>
        <osvdb>99341</osvdb>
        <url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
      </references>
      <type>FPD</type>
    </vulnerability>
  </plugin>
  <plugin name="woopra">
@@ -7206,8 +7275,10 @@
    <vulnerability>
      <title>Booking Calendar 4.1.4 - CSRF Vulnerability</title>
      <references>
        <exploitdb>27399</exploitdb>
        <osvdb>96088</osvdb>
        <exploitdb>27399</exploitdb>
        <secunia>54461</secunia>
        <url>http://packetstormsecurity.com/files/122691/</url>
        <url>http://wpbookingcalendar.com/</url>
      </references>
      <type>CSRF</type>
@@ -7233,10 +7304,12 @@
      <references>
        <osvdb>98279</osvdb>
        <exploitdb>28808</exploitdb>
        <secunia>55172</secunia>
        <url>http://packetstormsecurity.com/files/123549/</url>
        <url>http://quick-plugins.com/quick-contact-form/</url>
      </references>
      <type>XSS</type>
      <fixed_in>6.1</fixed_in>
    </vulnerability>
  </plugin>
@@ -7531,6 +7604,7 @@
        <osvdb>98668</osvdb>
        <secunia>55296</secunia>
        <exploitdb>28970</exploitdb>
        <url>http://packetstormsecurity.com/files/123597/</url>
        <url>http://www.securityfocus.com/bid/63021</url>
      </references>
      <type>XSS</type>
@@ -7569,6 +7643,7 @@
      <title>Feed - news_dt.php nid Parameter SQL Injection</title>
      <references>
        <osvdb>94804</osvdb>
        <url>http://packetstormsecurity.com/files/122260/</url>
      </references>
      <type>SQLI</type>
    </vulnerability>
@@ -7725,6 +7800,7 @@
        <osvdb>98831</osvdb>
        <cve>2013-6281</cve>
        <secunia>55396</secunia>
        <url>http://packetstormsecurity.com/files/123699/</url>
        <url>http://www.securityfocus.com/bid/63256</url>
      </references>
      <type>XSS</type>
@@ -7765,10 +7841,11 @@
  <plugin name="gallery-bank">
    <vulnerability>
-      <title>Gallery Bank 2.0.19 - Multiple Unspecified XSS</title>
+      <title>Gallery Bank 2.0.19 - edit-album.php album_id Parameter Reflected XSS</title>
      <references>
        <osvdb>99045</osvdb>
        <secunia>55443</secunia>
        <url>http://packetstormsecurity.com/files/123924/</url>
        <url>http://www.securityfocus.com/bid/63382</url>
      </references>
      <type>XSS</type>
@@ -7784,6 +7861,17 @@
      <type>UNKNOWN</type>
      <fixed_in>2.0.20</fixed_in>
    </vulnerability>
    <vulnerability>
      <title>Gallery Bank 2.0.19 - album-gallery-bank-class.php recordsArray Parameter Reflected XSS</title>
      <references>
        <osvdb>99345</osvdb>
        <secunia>55443</secunia>
        <url>http://www.securityfocus.com/bid/63385</url>
        <url>http://seclists.org/fulldisclosure/2013/Nov/38</url>
      </references>
      <type>XSS</type>
      <fixed_in>2.0.20</fixed_in>
    </vulnerability>
  </plugin>
  <plugin name="rockhoist-ratings">
@@ -7798,4 +7886,61 @@
    </vulnerability>
  </plugin>
  <plugin name="wordpress-checkout">
    <vulnerability>
      <title>Checkout Plugin - File Upload Remote Code Execution</title>
      <references>
        <osvdb>99225</osvdb>
        <url>http://packetstormsecurity.com/files/123866/</url>
      </references>
      <type>RCE</type>
    </vulnerability>
  </plugin>
  <plugin name="mobilechief-mobile-site-creator">
    <vulnerability>
      <title>MobileChief - jQuery Validation Cross-Site Scripting Vulnerability</title>
      <references>
        <secunia>55501</secunia>
        <url>http://packetstormsecurity.com/files/123809/</url>
      </references>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="timeline">
    <vulnerability>
      <title>Facebook Survey Pro - timeline/index.php id Parameter SQL Injection</title>
      <references>
        <secunia>87817</secunia>
        <exploitdb>22853</exploitdb>
        <url>http://packetstormsecurity.com/files/118238/</url>
        <url>http://www.securityfocus.com/bid/56595</url>
        <url>http://xforce.iss.net/xforce/xfdb/80141</url>
      </references>
      <type>SQLI</type>
    </vulnerability>
  </plugin>
  <plugin name="live-comment-preview">
    <vulnerability>
      <title>Live Comment Preview 2.0.2 - Comment Field Preview XSS</title>
      <references>
        <osvdb>92944</osvdb>
      </references>
      <type>XSS</type>
    </vulnerability>
  </plugin>
  <plugin name="polldaddy">
    <vulnerability>
      <title>Polldaddy Polls and Ratings 2.0.20 - Cross-Site Request Forgery Vulnerability</title>
      <references>
        <secunia>55464</secunia>
      </references>
      <type>CSRF</type>
      <fixed_in>2.0.21</fixed_in>
    </vulnerability>
  </plugin>
 </vulnerabilities>
--- a/data/plugins.txt
+++ b/data/plugins.txt
--- a/data/plugins_full.txt
+++ b/data/plugins_full.txt
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1827,6 +1827,7 @@
        <osvdb>98927</osvdb>
        <exploitdb>29068</exploitdb>
        <url>http://www.securityfocus.com/bid/63306</url>
        <url>http://1337day.com/exploit/21442</url>
        <url>http://themeforest.net/item/area53-a-responsive-html5-wordpress-theme/2538737</url>
      </references>
      <type>RCE</type>
@@ -1880,7 +1881,9 @@
      <title>Curvo - wp-content/themes/curvo/functions/upload-handler.php File Upload CSRF</title>
      <references>
        <osvdb>99043</osvdb>
        <exploitdb>29211</exploitdb>
        <url>http://packetstormsecurity.com/files/123799/</url>
        <url>http://packetstormsecurity.com/files/123820/</url>
      </references>
      <type>CSRF</type>
    </vulnerability>
@@ -1897,4 +1900,118 @@
    </vulnerability>
  </theme>
  <theme name="saico">
    <vulnerability>
      <title>Saico - Arbitrary File Upload Vulnerability</title>
      <references>
        <exploitdb>29150</exploitdb>
        <url>http://1337day.com/exploit/21440</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
  </theme>
  <theme name="ThisWay">
    <vulnerability>
      <title>ThisWay - remote shell upload vulnerability</title>
      <references>
        <url>http://packetstormsecurity.com/files/123895/</url>
      </references>
      <type>RCE</type>
    </vulnerability>
  </theme>
  <theme name="ThinkResponsive">
    <vulnerability>
      <title>Think Responsive 1.0 - Arbitrary shell upload vulnerability</title>
      <references>
        <exploitdb>29332</exploitdb>
        <url>http://packetstormsecurity.com/files/123880/</url>
      </references>
      <type>RCE</type>
    </vulnerability>
  </theme>
  <theme name="anthology">
    <vulnerability>
      <title>Anthology - Remote File Upload Vulnerability</title>
      <references>
        <url>http://1337day.com/exploit/21460</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
  </theme>
  <theme name="amoveo">
    <vulnerability>
      <title>Amoveo - Arbitrary File Upload Vulnerability</title>
      <references>
        <url>http://1337day.com/exploit/21451</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
  </theme>
  <theme name="switchblade">
    <vulnerability>
      <title>Switchblade 1.3 - Arbitrary File Upload Vulnerability</title>
      <references>
        <osvdb>88918</osvdb>
        <exploitdb>29330</exploitdb>
        <url>http://1337day.com/exploit/21457</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
  </theme>
  <theme name="magnitudo">
    <vulnerability>
      <title>Magnitudo - Arbitrary File Upload Vulnerability</title>
      <references>
        <url>http://1337day.com/exploit/21457</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
  </theme>
  <theme name="ghost">
    <vulnerability>
      <title>Ghost - Arbitrary File Upload Vulnerability</title>
      <references>
        <url>http://1337day.com/exploit/21416</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
  </theme>
  <theme name="RightNow">
    <vulnerability>
      <title>Right Now - Arbitrary File Upload Vulnerability</title>
      <references>
        <url>http://1337day.com/exploit/21420</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
  </theme>
  <theme name="ColdFusion">
    <vulnerability>
      <title>Cold Fusion - Arbitrary File Upload Vulnerability</title>
      <references>
        <url>http://1337day.com/exploit/21431</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
  </theme>
  <theme name="chameleon">
    <vulnerability>
      <title>Chameleon - Arbitrary File Upload Vulnerability</title>
      <references>
        <url>http://1337day.com/exploit/21449</url>
      </references>
      <type>UPLOAD</type>
    </vulnerability>
  </theme>
 </vulnerabilities>
--- a/data/themes.txt
+++ b/data/themes.txt
--- a/data/themes_full.txt
+++ b/data/themes_full.txt
@@ -24,6 +24,7 @@
 2010-translucence-parent
 2010-weaver
 2012-xtended
 2013-black-and-white
 2013-blue
 22nd-july
 25th-week
@@ -33,11 +34,13 @@
 30-basics
 31three
 3366
 350-media
 360theme
 3col-rdmban-lr
 3col-rdmban-rr
 3colours
 3d-realty
 3star-theme
 42k
 42walls
 4colourslover
@@ -58,6 +61,7 @@
 8press
 8q
 8some
 8squares
 8templates_city_green
 8templates_city_orange
 8templates_city_pink
@@ -208,6 +212,7 @@ alba
 albinomouse
 albizia
 alce
 aldehyde
 aldus
 alex-and-anthonys-halloween
 alex-crunch-lite
@@ -247,6 +252,7 @@ alowa
 alpen
 alpen3col
 alpha
 alpha-source
 alphastrap
 alphatr
 alpine
@@ -291,7 +297,9 @@ anacronico-uri-httpanacroniconet63netblog
 anakin-mobile
 analytical-lite
 anand
 anarcho-notepad
 anatomy-lite
 anchor
 andclean
 andoru
 andrea
@@ -528,8 +536,10 @@ bandana
 bandtheme
 bangasd
 bangkok1
 banten-it
 baobab
 barbara
 barber
 barcelona
 barclays
 bare
@@ -567,6 +577,7 @@ baw-black-and-white
 baza-noclegowa
 bba
 bbcc-theme
 bbpress-and-canvas-fix-canvas-child-theme
 bbpress-twenty-ten
 bbtemplate-1
 bbtemplate-2
@@ -580,6 +591,7 @@ beach-evening
 beach-holiday
 beach-holidays
 beach-vacation
 bearded
 bearded-llama
 beardsley
 beautiful-decay
@@ -666,6 +678,7 @@ biznez-lite
 bizstudio-lite
 biztheme
 bizvektor
 bizvektor-global-edition
 bizway
 bizway-responsive
 bizz-trip
@@ -762,8 +775,10 @@ blacky-right-sidebar
 blackypress
 blackzebra
 blagz-blog-magazine-theme
 blain
 blank
 blank-page
 blank-theme
 blankpress
 blankslate
 blas-blogger
@@ -1013,6 +1028,7 @@ boathouse2
 bobs-law-blog
 bodhi
 bodrum-theme
 bodyhealth
 bogeygolfer
 boil-bauble
 boilerplate
@@ -1133,6 +1149,7 @@ buddypress-x-facebook
 buddytheme
 bude-rocks-theme
 budzmodo
 bueno
 bufa
 bugbudge
 build
@@ -1166,6 +1183,7 @@ business-vision
 business-woman-top
 business_blog
 businessfirst
 businessgrow
 businessidea
 businessman-pro
 businesspress
@@ -1176,6 +1194,7 @@ businessxpand_multicol
 businessxpand_tentacle
 businessxpand_twieme
 businessxpand_viewer_v2
 busiprof
 butcher-block
 butter-scotch
 buttercream
@@ -1203,8 +1222,10 @@ cakifo
 call-power
 callas
 calleiro
 callisto
 calotropis
 cameo
 camille-vencert
 cammino
 canddblog
 candid
@@ -1290,6 +1311,7 @@ change-it
 changeable
 chaostheory
 chaoticsoul
 chapparal-business-template
 charactertheme
 charcoal
 charcoal-v1
@@ -1322,6 +1344,7 @@ chiron
 chloe
 chocolate
 chocolate-lite
 chocolate-shoppe
 chocolate-theme-pedro-amigo-mio
 chocotheme
 chooko-lite
@@ -1344,7 +1367,9 @@ chun
 chuncss
 chunk
 chunky
 church
 circles
 cirkle
 cirque
 cisco
 citizen-journal
@@ -1380,6 +1405,7 @@ clean-and-clear
 clean-and-plain
 clean-and-red
 clean-and-simple
 clean-black
 clean-blue
 clean-blue-vision
 clean-dirt
@@ -1497,9 +1523,11 @@ codescheme_blue
 codicolorz
 codium
 codium-extend
 codium-grid
 cody
 cody-theme
 coffee
 coffee-break-theme
 coffee-cup
 coffee-desk
 coffee-lite
@@ -1677,6 +1705,7 @@ creative-mag
 creative-simplicity
 creativemag
 crimson
 crimson-lite
 crimsonsky
 cris
 crisp
@@ -1729,6 +1758,7 @@ custom-theme
 customclean
 customfolio
 customizr
 customizr123
 cute-bubbles
 cute-frames
 cute-theme
@@ -1747,6 +1777,7 @@ cyanus-theme
 cyberchimps
 cyberchimps-free
 cyclo
 cycnus
 cypee-red
 d-basic
 d-simpel
@@ -1878,8 +1909,10 @@ delicate-theme
 delicato
 delice
 delight
 delighted
 deliverance-gray-blog
 dellistore
 dellow
 delphi
 demar
 demiloo
@@ -1894,6 +1927,7 @@ depescatore-theme
 depo-masthead
 depo-square
 depo-square-revisited
 deposito
 derker
 desaindigital
 descartes
@@ -1922,6 +1956,7 @@ deuterium
 deux-milles-douze
 devart
 devart123
 devdmbootstrap3
 developer
 devita
 devolution
@@ -2036,6 +2071,7 @@ dramatica
 drawlin
 dream-in-infrared
 dream-sky
 dreambank
 dreamline
 dreamnix
 dreamplace
@@ -2111,6 +2147,7 @@ eco-world
 eco_house
 ecogreen
 ecologist
 ecommerce
 economist
 ecowp
 ectopudding
@@ -2246,6 +2283,7 @@ evening-shade
 evening-sun
 eventide
 ever-after
 ever-green
 ever-watchful
 everg33n
 evilpuzzle
@@ -2401,6 +2439,7 @@ fitzgerald
 fivecast
 fiver
 fixed-blix
 fixy
 flashcast
 flashy
 flat-portfolio
@@ -2530,9 +2569,11 @@ fresh
 fresh-blog
 fresh-blu
 fresh-editorial
 fresh-free
 fresh-ideas
 fresh-ink-magazine
 fresh-lime
 fresh-lite
 fresh-magazine
 fresh-mint-delight
 fresh-style
@@ -2638,6 +2679,7 @@ geospehre
 geosphere
 german-newspaper
 gerro-post-lime
 get-masum
 get-some
 getaway-graphics
 getfreewallpapers
@@ -2823,6 +2865,7 @@ greenmag
 greenmag_extend
 greenotation
 greenpaddy
 greenpage
 greenpoint-milanda
 greensplash-2-classic
 greensplash-classic
@@ -2914,6 +2957,7 @@ hanami
 hanamoto
 hananews
 hanging
 hannari
 happily-ever-after
 happy-cork-board
 happy-cyclope
@@ -3046,6 +3090,7 @@ huan
 huaqian
 hue-clash-in-harmony
 hued
 hueman
 hum
 human3rror
 humanities
@@ -3225,6 +3270,7 @@ internet-center-3-columns
 internet-music
 internet-music-3-columns
 internet-sharing
 inthedistance
 intrepid
 intrepidity
 introvert
@@ -3467,6 +3513,7 @@ kolkata-knight-riders-goldenblack-theme
 kolorful
 kolorful-wordpress-theme
 kom2-theme
 komachi
 kombinat-eins
 kombinat-zwo
 konax-for-buddypress
@@ -3514,6 +3561,7 @@ lakeside
 lalala
 laloo
 lambda
 lamya
 landline
 landscape
 landscape-gallery
@@ -3650,6 +3698,7 @@ listthis
 liteblue
 liten
 litepress
 litesta
 litethoughts
 littera-theme
 little
@@ -3752,6 +3801,7 @@ madmens-blog
 mag
 magatheme
 magatheme-html5
 magazine
 magazine-basic
 magazine-drome
 magazine-pro
@@ -3860,6 +3910,7 @@ mbresets-lite
 mc-responsive
 mc-twitterbootstrap
 mcg-theme
 mckinley
 me3
 mead
 meadowland
@@ -3904,6 +3955,7 @@ merry-christmas
 mes-vacances-french
 mesocolumn
 mess-desk-v2
 messenger
 metamarfosa
 metamorph_blue
 metamorph_dao
@@ -4055,6 +4107,7 @@ mmorpg-games
 mnml
 mnmlblog
 mnmltheme
 mobile
 mobile-minimalist
 mobilephonecomparision
 mobilescope
@@ -4068,6 +4121,7 @@ modern-blue
 modern-blue-dark
 modern-blue-style
 modern-clix
 modern-estate
 modern-furniture
 modern-girl
 modern-green
@@ -4075,6 +4129,7 @@ modern-green-theme
 modern-minimalist
 modern-multipurpose
 modern-notepad
 modern-real-estate
 modern-remix
 modern-style
 modern-theme
@@ -4128,6 +4183,7 @@ moony
 more-or-less
 morning-coffee
 morning-mai-like
 morphic
 mortaroo
 mortgage
 mortgages
@@ -4140,6 +4196,7 @@ moulin-whoosh
 mountain
 mountain-biking-sports-pro-theme
 mountain-climbing
 mountain-creek
 mountain-dawn
 mouse-it
 mouseover-blue
@@ -4342,6 +4399,7 @@ neutra
 neutral
 neutral-mono-labver
 neutralis
 neutro
 neverballium
 new-arabic-theme
 new-balance-of-blue
@@ -4400,6 +4458,8 @@ nice_wee_theme
 nicecol
 nicely-done
 nicey
 nichiboard
 nictitate-free
 nifty
 night
 night-circles
@@ -4493,6 +4553,7 @@ office
 officefolders
 offset-writing
 oh
 ohands
 okidoki
 old-book
 old-japan
@@ -4513,6 +4574,7 @@ omega
 omega-child
 omegab
 omegag
 omegatheme
 omegax
 omicron
 omni-theme-clone
@@ -4523,11 +4585,13 @@ one
 one-day-at-a-time
 one-fine-day
 one-night-in-paris
 one-page
 one-page-parallax
 one-pager
 one-simplemagazine
 one-winged-angel
 onec
 onecolumn
 onel
 onenews-basic
 onepress-framework
@@ -4545,6 +4609,7 @@ ontaheen
 onyx
 ooble
 open-blue-sky
 open-pages
 open-sourcerer
 openair
 openark-blog
@@ -4653,6 +4718,7 @@ p2-pro
 p2-red
 p2lysa
 p2v1
 p3
 paakbook-buddypress-buddypack
 pabooktlx
 pachyderm
@@ -4945,6 +5011,7 @@ premium-orange
 premium-photoblog
 premium-photoblog-uriwwwgoogleca
 premium-violet
 premium-wp-blog
 prequel
 present
 press3
@@ -4994,6 +5061,7 @@ projectcthroo
 prologic
 prologue
 promag
 promax
 pronto
 property-theme
 propress
@@ -5026,6 +5094,7 @@ pupul
 pupulsky
 pure
 pure-cloud
 pure-color
 pure-ii
 pure-line
 pure-sky
@@ -5156,6 +5225,7 @@ red-christmas
 red-city
 red-corner
 red-couch
 red-dead-redemption
 red-delicious
 red-diva
 red-dodge
@@ -5238,6 +5308,7 @@ reposter
 required
 reruns
 resimit-colors
 respare
 respect
 respon
 response
@@ -5310,6 +5381,7 @@ riverside
 rizwan
 rizwan-137
 road-fighter
 robbertooo78
 robia
 robo-basic
 rock-solid
@@ -5489,6 +5561,7 @@ semrawang
 senar1st-ten
 sense-and-sensibility-bp
 sensei
 sensilla
 sensitive
 sensitivesayan
 seo-basics
@@ -5504,6 +5577,7 @@ sepia
 serena
 serendib
 serene
 serene-elegant-free
 serenity
 serenity-orange
 serious-blogger
@@ -5563,11 +5637,13 @@ shoestrap
 shoot-it
 shop
 shop-front
 shopping
 shortcoded
 showcase
 showkaase
 showy
 shprink-one
 shpsmedia
 shreddyblog
 shsummer
 shufflemix
@@ -5623,6 +5699,7 @@ simple-catch
 simple-china
 simple-chrome
 simple-circle
 simple-classic
 simple-community
 simple-dark-theme
 simple-dia
@@ -5761,6 +5838,7 @@ simplymajestic
 simplypink
 simpo
 simpsons-donut
 simvance
 sing-song
 singlebot
 singsong
@@ -6075,7 +6153,9 @@ strikeball-counterstrike
 striker
 strikkemakeriet
 stripay
 striped
 striped-blog
 striped-by-donmik
 stripedblog
 stripefolio
 stripes
@@ -6104,6 +6184,7 @@ stylish
 stylish-blue
 stylish-deco
 stylish-home-deco
 stylize
 stylized-piano-black
 subar-rum
 sublime
@@ -6117,6 +6198,7 @@ subtly-stripe-ed
 sucha
 suevafree
 suffusion
 suits
 sukelius-magazine
 summ
 summer
@@ -6242,6 +6324,7 @@ tdtasko
 tdvoice
 teak
 teal
 teamraxy
 teamspirit
 teamwork
 teatrale
@@ -6361,6 +6444,7 @@ the-maleo
 the-marketing-theme
 the-mighty-moo
 the-minimalist
 the-newswire
 the-next-lvl
 the-nice-one
 the-night-watch
@@ -6368,6 +6452,7 @@ the-other-blog-lite-red
 the-pinata
 the-power-of-the-water
 the-premium-magazine-wordpress-theme
 the-professional
 the-real-blank-page
 the-real-blank-theme
 the-rust
@@ -6469,6 +6554,7 @@ timecafe-free-theme-1
 timecrunch
 timeless
 timeline
 timeturner
 timmmmmmmmmm
 timtamland
 tinland
@@ -6548,6 +6634,7 @@ travel-blogger-new-yorker
 travel-blogger-passport
 travel-blogger-streets
 travel-club
 travel-in-italy
 travel-in-love
 travel-inspired
 travel-is-my-life
@@ -6592,6 +6679,7 @@ trueblood
 trulyminimal
 trvl
 tsokolate
 tswplain
 ttblog
 ttblog-theme
 ttnews
@@ -6756,6 +6844,7 @@ up-front
 update-tucson
 updown-cloud
 upstart-blogger-modicus
 uptown
 urban
 urban-grunge
 urban-life
@@ -6839,6 +6928,7 @@ vinoluka
 vintage
 vintage-camera
 vintage-shire
 vintage-stamps-theme
 vintage-wall
 vintage1-camera1
 violet-fashion-theme
@@ -6974,6 +7064,7 @@ westkitnet
 wetlog
 wfclarity
 what-so-proudly-we-hail
 whatnew
 wheat
 wheat-lite
 whiskey-air
@@ -7146,6 +7237,7 @@ wp-awesome
 wp-bats-theme
 wp-bedrock
 wp-blogcrash
 wp-blogthirteen
 wp-bootstrap
 wp-boxes
 wp-brown
@@ -7164,6 +7256,7 @@ wp-eden
 wp-faster
 wp-feedly
 wp-fitness-fitness-theme
 wp-flatthirteen
 wp-forums
 wp-foundation
 wp-framework
@@ -7171,6 +7264,8 @@ wp-freelance-pro
 wp-full-site
 wp-hot-cook
 wp-inspirat
 wp-jurist
 wp-knowledge-base
 wp-knowledge-base-theme
 wp-liteflex
 wp-marketingstrap
@@ -7192,7 +7287,9 @@ wp-portaltheme
 wp-premium-orange
 wp-real-estate-theme
 wp-red-post-news-elegant
 wp-rootstrap
 wp-sanda
 wp-simple
 wp-soul
 wp-sponge-bob
 wp-strap
@@ -7269,6 +7366,7 @@ writers-desk
 writers-quill
 writhem-blog
 writing-desk
 writr
 written
 writter
 wrock-metro
@@ -7364,6 +7462,7 @@ your-existence
 youth
 yui-grid-css
 yukti
 yume
 yuniho
 yway
 zack-990
@@ -7388,6 +7487,7 @@ zeeflow
 zeefocus
 zeelinear
 zeemagazine
 zeeminty
 zeenews
 zeenewspro
 zeenoble
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -34,6 +34,7 @@
        <osvdb>97212</osvdb>
        <cve>2013-4339</cve>
        <secunia>54803</secunia>
        <url>http://packetstormsecurity.com/files/123589/</url>
        <url>http://core.trac.wordpress.org/changeset/25323</url>
      </references>
      <type>UNKNOWN</type>
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -39,10 +39,6 @@ $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
 $LOAD_PATH.unshift(MODELS_LIB_DIR)
 def kali_linux?
  %x{uname -a}.match(/linux kali/i) ? true : false
 end
 require 'environment'
 # TODO : add an exclude pattern ?
--- a/lib/common/models/wp_version/output.rb
+++ b/lib/common/models/wp_version/output.rb
@@ -10,7 +10,7 @@ class WpVersion < WpItem
      unless vulnerabilities.empty?
        puts
-        puts red('[!]') + " We have identified #{vulnerabilities.size} vulnerabilities from the version number:"
+        puts red('[!]') + " #{vulnerabilities.size} vulnerabilities identified from the version number:"
        vulnerabilities.output
      end
--- a/lib/environment.rb
+++ b/lib/environment.rb
@@ -13,7 +13,7 @@ Encoding.default_external = Encoding::UTF_8
 begin
  # Standard libs
-  require 'bundler/setup' unless kali_linux?
+  require 'bundler/setup'
  require 'getoptlong'
  require 'optparse' # Will replace getoptlong
  require 'uri'
--- a/lib/wpstools/plugins/list_generator/list_generator_plugin.rb
+++ b/lib/wpstools/plugins/list_generator/list_generator_plugin.rb
@@ -9,7 +9,7 @@ class ListGeneratorPlugin < Plugin
      ['--generate-plugin-list [NUMBER_OF_PAGES]', '--gpl', Integer, 'Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)'],
      ['--generate-full-plugin-list', '--gfpl', 'Generate a new full data/plugins.txt file'],
-      ['--generate-theme-list [NUMBER_OF_PAGES]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)'],
+      ['--generate-theme-list [NUMBER_OF_PAGES]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)'],
      ['--generate-full-theme-list', '--gftl', 'Generate a new full data/themes.txt file'],
      ['--generate-all', '--ga', 'Generate a new full plugins, full themes, popular plugins and popular themes list']
@@ -29,7 +29,7 @@ class ListGeneratorPlugin < Plugin
    end
    if options.has_key?(:generate_theme_list) || generate_all
-      most_popular('theme', options[:generate_theme_list] || 150)
+      most_popular('theme', options[:generate_theme_list] || 20)
    end
    if options[:generate_full_theme_list] || generate_all