From dda043d7f7d896c465a48abab599fe809a24e2d0 Mon Sep 17 00:00:00 2001 From: Gianluca Brindisi Date: Thu, 22 Nov 2012 11:31:14 +0100 Subject: [PATCH] Added http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html --- data/plugin_vulns.xml | 549 +++++++++++++++++++++--------------------- 1 file changed, 269 insertions(+), 280 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 085ac0dd..189a745d 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -1,4 +1,3 @@ - - - + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + + + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + + Ajax Post Search 1.1 Sql Injection @@ -40,7 +275,6 @@ ryandewhurst at gmail SQLI - Answer My Question 1.1 Multiple XSS @@ -48,7 +282,6 @@ ryandewhurst at gmail XSS - Catalog HTML Code Injection and Cross-site scripting @@ -56,7 +289,6 @@ ryandewhurst at gmail MULTI - Wordfence 3.3.5 XSS and IAA @@ -64,31 +296,27 @@ ryandewhurst at gmail MULTI - - Slideshow jQuery Image Gallery Multiple Vulnerabilities - http://www.waraxe.us/advisory-92.html + Slideshow jQuery Image Gallery Multiple Vulnerabilities + http://www.waraxe.us/advisory-92.html MULTI - - Social Discussions Multiple Vulnerabilities - http://www.waraxe.us/advisory-93.html + Social Discussions Multiple Vulnerabilities + http://www.waraxe.us/advisory-93.html MULTI - - ABtest Directory Traversal + ABtest Directory Traversal http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110 UNKNOWN - BBPress SQL Injection / Path Disclosure @@ -96,7 +324,6 @@ ryandewhurst at gmail MULTI - NextGen Cu3er Gallery Information Disclosure @@ -104,7 +331,6 @@ ryandewhurst at gmail UNKNOWN - Rich Widget File Upload @@ -112,7 +338,6 @@ ryandewhurst at gmail UPLOAD - Monsters Editor Shell Upload @@ -120,7 +345,6 @@ ryandewhurst at gmail UPLOAD - Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities @@ -128,7 +352,6 @@ ryandewhurst at gmail XSS - ThreeWP Email Reflector 1.13 Stored XSS @@ -136,7 +359,6 @@ ryandewhurst at gmail XSS - SimpleMail 1.0.6 Stored XSS @@ -144,7 +366,6 @@ ryandewhurst at gmail XSS - Postie 1.4.3 Stored XSS @@ -152,7 +373,6 @@ ryandewhurst at gmail XSS - RSVPMaker v2.5.4 Persistent XSS @@ -160,7 +380,6 @@ ryandewhurst at gmail XSS - Mz-jajak <= 2.1 SQL Injection Vulnerability @@ -168,7 +387,6 @@ ryandewhurst at gmail SQLI - Resume Submissions Job Posting v2.5.1 Unrestricted File Upload @@ -176,7 +394,6 @@ ryandewhurst at gmail UPLOAD - WP-Predict v1.0 Blind SQL Injection @@ -184,7 +401,6 @@ ryandewhurst at gmail SQLI - Backup Plugin 2.0.1 Information Disclosure @@ -192,7 +408,6 @@ ryandewhurst at gmail UNKNOWN - MoodThingy Widget v0.8.7 Blind SQL Injection @@ -200,7 +415,6 @@ ryandewhurst at gmail SQLI - Paid Business Listings v1.0.2 Blind SQL Injection @@ -208,7 +422,6 @@ ryandewhurst at gmail SQLI - Website FAQ Plugin v1.0 SQL Injection @@ -216,7 +429,6 @@ ryandewhurst at gmail SQLI - Fancy Gallery 1.2.4 Shell Upload @@ -224,7 +436,6 @@ ryandewhurst at gmail UPLOAD - Flip Book 1.0 Shell Upload @@ -232,7 +443,6 @@ ryandewhurst at gmail UPLOAD - Ajax Multi Upload 1.1 Shell Upload @@ -240,7 +450,6 @@ ryandewhurst at gmail UPLOAD - Schreikasten 0.14.13 XSS @@ -248,7 +457,6 @@ ryandewhurst at gmail XSS - Wordpress Automatic 2.0.3 CSRF @@ -256,7 +464,6 @@ ryandewhurst at gmail CSRF - VideoWhisper Video Conference @@ -265,7 +472,6 @@ ryandewhurst at gmail <type>UPLOAD</type> </vulnerability> </plugin> - <plugin name="auctionplugin"> <vulnerability> <title>Auctions Plugin 2.0.1.3 Arbitrary @@ -274,7 +480,6 @@ File Upload Vulnerability UPLOAD - LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability @@ -282,7 +487,6 @@ File Upload Vulnerability UPLOAD - Lim4wp 1.1.1 Arbitrary File Upload Vulnerability @@ -290,7 +494,6 @@ File Upload Vulnerability UPLOAD - Wp-ImageZoom 1.0.3 Remote File Disclosure @@ -298,7 +501,6 @@ File Upload Vulnerability UNKNOWN - Invit0r 0.22 Shell Upload @@ -306,7 +508,6 @@ File Upload Vulnerability UPLOAD - Annonces 1.2.0.1 Shell Upload @@ -314,7 +515,6 @@ File Upload Vulnerability UPLOAD - Contus Video Gallery 1.3 Arbitrary @@ -323,7 +523,6 @@ File Upload Vulnerability UPLOAD - Contus HD FLV Player 1.7 Arbitrary @@ -332,7 +531,6 @@ File Upload Vulnerability UPLOAD - User Meta Version 1.1.1 Arbitrary File Upload Vulnerability @@ -340,7 +538,6 @@ File Upload Vulnerability UPLOAD - Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability @@ -348,7 +545,6 @@ File Upload Vulnerability UPLOAD - SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability @@ -356,23 +552,30 @@ File Upload Vulnerability UPLOAD - + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19055/ UPLOAD - + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + Mac Photo Gallery 2.7 Arbitrary File Upload http://www.exploit-db.com/exploits/19056/ UPLOAD - drag and drop file upload 0.1 Arbitrary File Upload Vulnerability @@ -380,7 +583,6 @@ File Upload Vulnerability UPLOAD - Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability @@ -388,7 +590,6 @@ File Upload Vulnerability UPLOAD - wp-gpx-max version 1.1.21 Arbitrary File Upload @@ -396,7 +597,6 @@ File Upload Vulnerability UPLOAD - Front File Manager Plugin 0.1 Arbitrary File Upload @@ -404,7 +604,6 @@ File Upload Vulnerability UPLOAD - Front End Upload 0.5.3 Arbitrary File Upload @@ -417,7 +616,6 @@ File Upload Vulnerability UPLOAD - Omni Secure Files 0.1.13 Arbitrary File Upload @@ -425,7 +623,6 @@ File Upload Vulnerability UPLOAD - Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability @@ -433,7 +630,6 @@ File Upload Vulnerability UNKNOWN - PICA Photo Gallery 1.0 Remote File Disclosure @@ -441,7 +637,6 @@ File Upload Vulnerability UNKNOWN - Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability @@ -449,7 +644,6 @@ File Upload Vulnerability UNKNOWN - RBX Gallery 2.1 Arbitrary File Upload @@ -457,7 +651,6 @@ File Upload Vulnerability UPLOAD - Simple Download Button Shortcode 1.0 Remote File Disclosure @@ -465,7 +658,6 @@ File Upload Vulnerability UNKNOWN - Thinkun Remind 1.1.3 Remote File Disclosure @@ -473,7 +665,6 @@ File Upload Vulnerability UNKNOWN - Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure @@ -481,7 +672,6 @@ File Upload Vulnerability UNKNOWN - wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload @@ -489,7 +679,6 @@ File Upload Vulnerability UPLOAD - Gallery 3.06 Arbitrary File Upload @@ -497,7 +686,6 @@ File Upload Vulnerability UPLOAD - Font Uploader 1.2.4 Arbitrary File Upload @@ -505,7 +693,6 @@ File Upload Vulnerability UPLOAD - WP-Property 1.35.0 Arbitrary File Upload @@ -513,7 +700,6 @@ File Upload Vulnerability UPLOAD - WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload @@ -521,7 +707,6 @@ File Upload Vulnerability UPLOAD - Google Maps via Store Locator Multiple Vulnerabilities @@ -529,7 +714,6 @@ File Upload Vulnerability MULTI - HTML5 AV Manager 0.2.7 Arbitrary File Upload @@ -537,7 +721,6 @@ File Upload Vulnerability UPLOAD - Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload @@ -550,7 +733,6 @@ File Upload Vulnerability MULTI - Asset Manager 0.2 Arbitrary File Upload @@ -558,7 +740,6 @@ File Upload Vulnerability UPLOAD - Track That Stat <= 1.0.8 Cross Site Scripting @@ -566,7 +747,6 @@ File Upload Vulnerability XSS - WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting @@ -574,7 +754,6 @@ File Upload Vulnerability XSS - Survey And Quiz Tool <= 2.9.2 Cross Site Scripting @@ -582,7 +761,6 @@ File Upload Vulnerability XSS - WP Statistics <= 2.2.4 Cross Site Scripting @@ -590,7 +768,6 @@ File Upload Vulnerability XSS - WP Easy Gallery <= 1.7 Cross Site Scripting @@ -598,7 +775,6 @@ File Upload Vulnerability XSS - Subscribe2 <= 8.0 Cross Site Scripting @@ -606,7 +782,6 @@ File Upload Vulnerability XSS - Soundcloud Is Gold <= 2.1 Cross Site Scripting @@ -614,7 +789,6 @@ File Upload Vulnerability XSS - Sharebar <= 1.2.1 SQL Injection / Cross Site Scripting @@ -622,7 +796,6 @@ File Upload Vulnerability MULTI - Share And Follow <= 1.80.3 Cross Site Scripting @@ -630,7 +803,6 @@ File Upload Vulnerability XSS - SABRE <= 1.2.0 Cross Site Scripting @@ -638,7 +810,6 @@ File Upload Vulnerability XSS - Pretty Link Lite <= 1.5.2 Cross Site Scripting @@ -646,7 +817,6 @@ File Upload Vulnerability XSS - Newsletter Manager <= 1.0 Cross Site Scripting @@ -654,7 +824,6 @@ File Upload Vulnerability XSS - Network Publisher <= 5.0.1 Cross Site Scripting @@ -662,7 +831,6 @@ File Upload Vulnerability XSS - LeagueManager <= 3.7 Cross Site Scripting @@ -670,7 +838,6 @@ File Upload Vulnerability XSS - Leaflet <= 0.0.1 Cross Site Scripting @@ -678,7 +845,6 @@ File Upload Vulnerability XSS - PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting @@ -686,7 +852,6 @@ File Upload Vulnerability XSS - IFrame Admin Pages <= 0.1 Cross Site Scripting @@ -694,7 +859,6 @@ File Upload Vulnerability XSS - EZPZ One Click Backup <= 12.03.10 Cross Site Scripting @@ -702,7 +866,6 @@ File Upload Vulnerability XSS - Dynamic Widgets <= 1.5.1 Cross Site Scripting @@ -710,7 +873,6 @@ File Upload Vulnerability XSS - Download Monitor <= 3.3.5.7 Cross Site Scripting @@ -723,7 +885,6 @@ File Upload Vulnerability XSS - Download Manager <= 2.2 Cross Site Scripting @@ -731,7 +892,6 @@ File Upload Vulnerability XSS - Code Styling Localization <= 1.99.16 Cross Site Scripting @@ -739,7 +899,6 @@ File Upload Vulnerability XSS - Catablog <= 1.6 Cross Site Scripting @@ -747,7 +906,6 @@ File Upload Vulnerability XSS - Bad Behavior <= 2.24 Cross Site Scripting @@ -755,7 +913,6 @@ File Upload Vulnerability XSS - BulletProof Security <= 0.47 Cross Site Scripting @@ -763,7 +920,6 @@ File Upload Vulnerability XSS - Better WP Security v3.4.3 @@ -776,7 +932,6 @@ File Upload Vulnerability XSS - Custom Contact Forms <= 5.0.0.1 Cross Site Scripting @@ -784,7 +939,6 @@ File Upload Vulnerability XSS - 2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting @@ -797,7 +951,6 @@ File Upload Vulnerability XSS - Login With Ajax plugin < 3.0.4.1 Cross Site Scripting @@ -805,7 +958,6 @@ File Upload Vulnerability XSS - Media Library Categories plugin <= 1.0.6 SQL Injection Vulnerability @@ -818,7 +970,6 @@ File Upload Vulnerability SQLI - FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload @@ -826,7 +977,6 @@ File Upload Vulnerability RFI - Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities @@ -844,7 +994,6 @@ File Upload Vulnerability UPLOAD - Organizer 1.2.1 Cross Site Scripting / Path Disclosure @@ -852,7 +1001,6 @@ File Upload Vulnerability MULTI - Zingiri Tickets plugin File Disclosure @@ -860,7 +1008,6 @@ File Upload Vulnerability UNKNOWN - XSS vulnerability in CMS Tree Page View Plugin @@ -868,7 +1015,6 @@ File Upload Vulnerability XSS - Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress @@ -876,7 +1022,6 @@ File Upload Vulnerability XSS - Buddypress <= 1.5.5 SQL Injection @@ -884,7 +1029,6 @@ File Upload Vulnerability SQLI - Register Plus Redux <= 3.8.3 Cross Site Scripting @@ -892,7 +1036,6 @@ File Upload Vulnerability XSS - Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability @@ -900,7 +1043,6 @@ File Upload Vulnerability UPLOAD - Kish Guest Posting 1.0 Arbitrary File Upload @@ -908,7 +1050,6 @@ File Upload Vulnerability RFI - AllWebMenus Shell Upload <= 1.1.9 Shell Upload @@ -923,7 +1064,6 @@ File Upload Vulnerability abspath=XXpathXX - Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting @@ -931,7 +1071,6 @@ File Upload Vulnerability XSS - uCan Post plugin <= 1.0.09 Stored XSS @@ -939,7 +1078,6 @@ File Upload Vulnerability XSS - WP Cycle Playlist plugin Multiple Vulnerabilities @@ -947,7 +1085,6 @@ File Upload Vulnerability MULTI - myEASYbackup 1.0.8.1 Directory Traversal @@ -955,7 +1092,6 @@ File Upload Vulnerability UNKNOWN - Count Per Day 3.2.3 Cross Site Scripting @@ -978,7 +1114,6 @@ File Upload Vulnerability SQLI - WP-AutoYoutube plugin <= 0.1 Blind SQL Injection Vulnerability @@ -986,7 +1121,6 @@ File Upload Vulnerability SQLI - Age Verification plugin <= 0.4 Open Redirect @@ -994,7 +1128,6 @@ File Upload Vulnerability REDIRECT - Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting @@ -1002,7 +1135,6 @@ File Upload Vulnerability XSS - Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities @@ -1010,7 +1142,6 @@ File Upload Vulnerability MULTI - Whois Search <= 1.4.2 Cross Site Scripting @@ -1018,7 +1149,6 @@ File Upload Vulnerability XSS - BLIND SQL injection UPM-POLLS plugin 1.0.4 @@ -1026,7 +1156,6 @@ File Upload Vulnerability SQLI - Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS) @@ -1034,7 +1163,6 @@ File Upload Vulnerability XSS - Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability @@ -1042,7 +1170,6 @@ File Upload Vulnerability XSS - Link Library plugin <= 5.2.1 SQL Injection @@ -1050,7 +1177,6 @@ File Upload Vulnerability SQLI - CevherShare 2.0 plugin SQL Injection Vulnerability @@ -1058,7 +1184,6 @@ File Upload Vulnerability SQLI - WP Glossary plugin SQL Injection Vulnerability @@ -1066,7 +1191,6 @@ File Upload Vulnerability SQLI - meenews 5.1 plugin Cross-Site Scripting Vulnerabilities @@ -1074,7 +1198,6 @@ File Upload Vulnerability XSS - Click Desk Live Support Chat < 2.0 Cross Site Scripting Vulnerability @@ -1082,7 +1205,6 @@ File Upload Vulnerability XSS - adminimize 1.7.21 Cross-Site Scripting Vulnerabilities @@ -1090,7 +1212,6 @@ File Upload Vulnerability XSS - Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability @@ -1098,7 +1219,6 @@ File Upload Vulnerability XSS - MM Duplicate plugin <= 1.2 SQL Injection Vulnerability @@ -1106,7 +1226,6 @@ File Upload Vulnerability SQLI - UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability @@ -1114,7 +1233,6 @@ File Upload Vulnerability LFI - Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability @@ -1122,7 +1240,6 @@ File Upload Vulnerability SQLI - Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability @@ -1130,7 +1247,6 @@ File Upload Vulnerability SQLI - Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability @@ -1138,7 +1254,6 @@ File Upload Vulnerability SQLI - Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability @@ -1146,7 +1261,6 @@ File Upload Vulnerability SQLI - WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability @@ -1154,7 +1268,6 @@ File Upload Vulnerability SQLI - OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability @@ -1162,7 +1275,6 @@ File Upload Vulnerability SQLI - Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability @@ -1170,7 +1282,6 @@ File Upload Vulnerability SQLI - WP Symposium plugin <= 0.64 SQL Injection Vulnerability @@ -1178,7 +1289,6 @@ File Upload Vulnerability SQLI - Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability @@ -1186,7 +1296,6 @@ File Upload Vulnerability SQLI - File Groups plugin <= 1.1.2 SQL Injection Vulnerability @@ -1194,7 +1303,6 @@ File Upload Vulnerability SQLI - IP-Logger plugin <= 3.0 SQL Injection Vulnerability @@ -1202,7 +1310,6 @@ File Upload Vulnerability SQLI - Beer Recipes v.1.0 XSS @@ -1210,7 +1317,6 @@ File Upload Vulnerability SQLI - Is-human <=1.4.2 Remote Command Execution Vulnerability @@ -1218,7 +1324,6 @@ File Upload Vulnerability RCE - EditorMonkey plugin (FCKeditor) Arbitrary File Upload @@ -1226,7 +1331,6 @@ File Upload Vulnerability UPLOAD - SermonBrowser 0.43 SQL Injection @@ -1234,7 +1338,6 @@ File Upload Vulnerability SQLI - Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities @@ -1242,7 +1345,6 @@ File Upload Vulnerability MULTI - WP Custom Pages 0.5.0.1 LFI Vulnerability @@ -1250,8 +1352,12 @@ File Upload Vulnerability LFI - + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities http://packetstormsecurity.org/files/117665/ @@ -1273,7 +1379,6 @@ File Upload Vulnerability XSS - PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit @@ -1281,7 +1386,6 @@ File Upload Vulnerability RCE - OPS Old Post Spinner 2.2.1 LFI Vulnerability @@ -1289,7 +1393,6 @@ File Upload Vulnerability LFI - jQuery Mega Menu 1.0 Local File Inclusion @@ -1297,7 +1400,6 @@ File Upload Vulnerability LFI - IWantOneButton 3.0.1 Multiple Vulnerabilities @@ -1305,7 +1407,6 @@ File Upload Vulnerability MULTI - WP Forum Server 1.6.5 SQL Injection Vulnerability @@ -1323,7 +1424,6 @@ File Upload Vulnerability MULTI - Relevanssi 2.7.2 Stored XSS Vulnerability @@ -1331,7 +1431,6 @@ File Upload Vulnerability XSS - GigPress 2.1.10 Stored XSS Vulnerability @@ -1339,7 +1438,6 @@ File Upload Vulnerability XSS - Comment Rating 2.9.23 Multiple Vulnerabilities @@ -1347,7 +1445,6 @@ File Upload Vulnerability MULTI - Z-Vote 1.1 SQL Injection Vulnerability @@ -1355,7 +1452,6 @@ File Upload Vulnerability SQLI - User Photo Component Remote File Upload Vulnerability @@ -1363,7 +1459,6 @@ File Upload Vulnerability UPLOAD - Enable Media Replace Multiple Vulnerabilities @@ -1371,7 +1466,6 @@ File Upload Vulnerability MULTI - Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection @@ -1394,7 +1488,6 @@ File Upload Vulnerability MULTI - Accept Signups 0.1 XSS @@ -1402,7 +1495,6 @@ File Upload Vulnerability XSS - Events Manager Extended Persistent XSS Vulnerability @@ -1410,7 +1502,6 @@ File Upload Vulnerability XSS - NextGEN Smooth Gallery Blind SQL Injection Vulnerability @@ -1418,7 +1509,6 @@ File Upload Vulnerability SQLI - myLDlinker SQL Injection Vulnerability @@ -1426,7 +1516,6 @@ File Upload Vulnerability SQLI - Firestats Remote Configuration File Download @@ -1434,7 +1523,6 @@ File Upload Vulnerability UNKNOWN - Simple:Press SQL Injection Vulnerability @@ -1442,7 +1530,6 @@ File Upload Vulnerability SQLI - Vulnerabilities in Cimy Counter for WordPress @@ -1450,15 +1537,18 @@ File Upload Vulnerability MULTI - + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + XSS in NextGEN Gallery <= 1.5.1 http://www.exploit-db.com/exploits/12098/ XSS - Copperleaf Photolog SQL injection @@ -1466,7 +1556,6 @@ File Upload Vulnerability SQLI - Events SQL Injection Vulnerability @@ -1474,7 +1563,6 @@ File Upload Vulnerability SQLI - Image Manager Plugins Shell Upload Vulnerability @@ -1482,7 +1570,6 @@ File Upload Vulnerability UPLOAD - Vulnerabilities in WP-Cumulus <= 1.20 for WordPress @@ -1495,7 +1582,6 @@ File Upload Vulnerability XSS - WP-Syntax <= 0.9.1 Remote Command Execution @@ -1503,7 +1589,6 @@ File Upload Vulnerability RCE - My Category Order <= 2.8 SQL Injection Vulnerability @@ -1511,7 +1596,6 @@ File Upload Vulnerability SQLI - Related Sites 2.1 Blind SQL Injection Vulnerability @@ -1519,8 +1603,12 @@ File Upload Vulnerability SQLI - + + SWF Vulnerable to XSS Bundled in Many Wordpress Plugins + http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html + XSS + DM Albums 1.9.2 Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/9048/ @@ -1533,7 +1621,6 @@ File Upload Vulnerability /wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=XXpathXX - Photoracer 1.0 (id) SQL Injection Vulnerability @@ -1551,7 +1638,6 @@ File Upload Vulnerability MULTI - Lytebox (wp-lytebox) Local File Inclusion Vulnerability @@ -1559,7 +1645,6 @@ File Upload Vulnerability LFI - fMoblog 2.1 (id) SQL Injection Vulnerability @@ -1567,7 +1652,6 @@ File Upload Vulnerability SQLI - Page Flip Image Gallery <= 0.2.2 Remote FD Vuln @@ -1575,7 +1659,6 @@ File Upload Vulnerability LFI - e-Commerce <= 3.4 Arbitrary File Upload Exploit @@ -1583,7 +1666,6 @@ File Upload Vulnerability UPLOAD - Download Manager 0.2 Arbitrary File Upload Exploit @@ -1591,7 +1673,6 @@ File Upload Vulnerability UPLOAD - Spreadsheet <= 0.6 SQL Injection Vulnerability @@ -1599,7 +1680,6 @@ File Upload Vulnerability SQLI - Download (dl_id) SQL Injection Vulnerability @@ -1607,7 +1687,6 @@ File Upload Vulnerability SQLI - Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities @@ -1615,7 +1694,6 @@ File Upload Vulnerability MULTI - Photo album Remote SQL Injection Vulnerability @@ -1623,7 +1701,6 @@ File Upload Vulnerability SQLI - Simple Forum 2.0-2.1 SQL Injection Vulnerability @@ -1636,7 +1713,6 @@ File Upload Vulnerability SQLI - st_newsletter Remote SQL Injection Vulnerability @@ -1649,7 +1725,6 @@ File Upload Vulnerability SQLI - Wordspew Remote SQL Injection Vulnerability @@ -1657,7 +1732,6 @@ File Upload Vulnerability SQLI - dmsguestbook 1.7.0 Multiple Remote Vulnerabilities @@ -1665,7 +1739,6 @@ File Upload Vulnerability MULTI - WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit @@ -1673,7 +1746,6 @@ File Upload Vulnerability SQLI - Adserve 0.2 adclick.php SQL Injection Exploit @@ -1681,7 +1753,6 @@ File Upload Vulnerability SQLI - plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability @@ -1689,7 +1760,6 @@ File Upload Vulnerability SQLI - WP-Cal 0.3 editevent.php SQL Injection Vulnerability @@ -1697,7 +1767,6 @@ File Upload Vulnerability SQLI - plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability @@ -1710,7 +1779,6 @@ File Upload Vulnerability SQLI - Wp-FileManager 1.2 Remote Upload Vulnerability @@ -1718,7 +1786,6 @@ File Upload Vulnerability UPLOAD - PictPress <= 0.91 Remote File Disclosure Vulnerability @@ -1726,7 +1793,6 @@ File Upload Vulnerability LFI - BackUp<= 0.4.2b RFI Vulnerability @@ -1735,7 +1801,6 @@ File Upload Vulnerability /wp-content/plugins/BackUp/Archive.php?bkpwp_plugin_path=XXpathXX - plugin myflash <= 1.00 (wppath) RFI Vulnerability @@ -1744,7 +1809,6 @@ File Upload Vulnerability /wp-content/plugins/myflash/myflash-button.php?wpPATH=XXpathXX - plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability @@ -1753,7 +1817,6 @@ File Upload Vulnerability /wp-content/plugins/wordtube/wordtube-button.php?wpPATH=XXpathXX - plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability @@ -1762,7 +1825,6 @@ File Upload Vulnerability /wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=XXpathXX - myGallery <= 1.4b4 Remote File Inclusion Vulnerability @@ -1771,7 +1833,6 @@ File Upload Vulnerability /mygallery/myfunctions/mygallerybrowser.php?myPath=XXpathXX - SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability @@ -1779,7 +1840,6 @@ File Upload Vulnerability SQLI - Js-appointment plugin <= 1.5 SQL Injection Vulnerability @@ -1787,7 +1847,6 @@ File Upload Vulnerability SQLI - MM Forms Community <= 1.2.3 SQL Injection Vulnerability @@ -1800,7 +1859,6 @@ File Upload Vulnerability UPLOAD - Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability @@ -1808,7 +1866,6 @@ File Upload Vulnerability SQLI - Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability @@ -1816,7 +1873,6 @@ File Upload Vulnerability SQLI - Oqey Headers plugin <= 0.3 SQL Injection Vulnerability @@ -1824,7 +1880,6 @@ File Upload Vulnerability SQLI - Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability @@ -1832,7 +1887,6 @@ File Upload Vulnerability SQLI - Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability @@ -1845,7 +1899,6 @@ File Upload Vulnerability UPLOAD - Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability @@ -1853,7 +1906,6 @@ File Upload Vulnerability SQLI - mySTAT plugin <= 2.6 SQL Injection Vulnerability @@ -1861,7 +1913,6 @@ File Upload Vulnerability SQLI - SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability @@ -1869,7 +1920,6 @@ File Upload Vulnerability SQLI - iCopyright(R) Article Tools plugin <= 1.1.4 SQL Injection Vulnerability @@ -1877,7 +1927,6 @@ File Upload Vulnerability SQLI - Advertizer plugin <= 1.0 SQL Injection Vulnerability @@ -1885,7 +1934,6 @@ File Upload Vulnerability SQLI - Event Registration plugin <= 5.44 SQL Injection Vulnerability @@ -1903,7 +1951,6 @@ File Upload Vulnerability SQLI - Craw Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability @@ -1911,7 +1958,6 @@ File Upload Vulnerability SQLI - wp audio gallery playlist plugin <= 0.12 SQL Injection Vulnerability @@ -1919,7 +1965,6 @@ File Upload Vulnerability SQLI - yolink Search plugin <= 1.1.4 SQL Injection Vulnerability @@ -1927,7 +1972,6 @@ File Upload Vulnerability SQLI - PureHTML plugin <= 1.0.0 SQL Injection Vulnerability @@ -1935,7 +1979,6 @@ File Upload Vulnerability SQLI - Couponer plugin <= 1.2 SQL Injection Vulnerability @@ -1943,7 +1986,6 @@ File Upload Vulnerability SQLI - grapefile plugin <= 1.1 Arbitrary File Upload @@ -1951,7 +1993,6 @@ File Upload Vulnerability UPLOAD - image-gallery-with-slideshow plugin <= 1.5 Arbitrary File Upload / SQL Injection @@ -1959,7 +2000,6 @@ File Upload Vulnerability MULTI - Donation plugin <= 1.0 SQL Injection Vulnerability @@ -1967,7 +2007,6 @@ File Upload Vulnerability SQLI - WP Bannerize plugin <= 2.8.6 SQL Injection Vulnerability @@ -1980,7 +2019,6 @@ File Upload Vulnerability SQLI - SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability @@ -1988,7 +2026,6 @@ File Upload Vulnerability SQLI - VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability @@ -1996,7 +2033,6 @@ File Upload Vulnerability SQLI - Facebook Opengraph Meta plugin <= 1.0 SQL Injection Vulnerability @@ -2004,7 +2040,6 @@ File Upload Vulnerability SQLI - Zotpress plugin <= 4.4 SQL Injection Vulnerability @@ -2012,7 +2047,6 @@ File Upload Vulnerability SQLI - oQey Gallery plugin <= 0.4.8 SQL Injection Vulnerability @@ -2020,7 +2054,6 @@ File Upload Vulnerability SQLI - Tweet Old Post plugin <= 3.2.5 SQL Injection Vulnerability @@ -2028,7 +2061,6 @@ File Upload Vulnerability SQLI - post highlights plugin <= 2.2 SQL Injection Vulnerability @@ -2036,7 +2068,6 @@ File Upload Vulnerability SQLI - KNR Author List Widget plugin <= 2.0.0 SQL Injection Vulnerability @@ -2044,7 +2075,6 @@ File Upload Vulnerability SQLI - SCORM Cloud plugin <= 1.0.6.6 SQL Injection Vulnerability @@ -2052,7 +2082,6 @@ File Upload Vulnerability SQLI - Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability @@ -2060,7 +2089,6 @@ File Upload Vulnerability SQLI - Paid Downloads plugin <= 2.01 SQL Injection Vulnerability @@ -2068,7 +2096,6 @@ File Upload Vulnerability SQLI - Community Events plugin <= 1.2.1 SQL Injection Vulnerability @@ -2076,7 +2103,6 @@ File Upload Vulnerability SQLI - 1 Flash Gallery Arbiraty File Upload Exploit (MSF) @@ -2084,7 +2110,6 @@ File Upload Vulnerability UPLOAD - WP-Filebase Download Manager plugin <= 0.2.9 SQL Injection Vulnerability @@ -2092,7 +2117,6 @@ File Upload Vulnerability SQLI - A to Z Category Listing plugin <= 1.3 SQL Injection Vulnerability @@ -2100,7 +2124,6 @@ File Upload Vulnerability SQLI - WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability @@ -2108,7 +2131,6 @@ File Upload Vulnerability SQLI - Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability @@ -2116,7 +2138,6 @@ File Upload Vulnerability LFI - TheCartPress <= 1.6 Cross Site Sripting @@ -2130,7 +2151,6 @@ File Upload Vulnerability /wp-content/plugins/thecartpress/checkout/CheckoutEditor.php?tcp_save_fields=true&tcp_class_name=asdf&tcp_class_path=XXpathXX - WPEasyStats 1.8 Remote File Inclusion @@ -2139,7 +2159,6 @@ File Upload Vulnerability /wp-content/plugins/wpeasystats/export.php?homep=XXpathXX - Annonces 1.2.0.0 Remote File Inclusion @@ -2148,7 +2167,6 @@ File Upload Vulnerability /wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php?abspath=XXpathXX - Livesig 0.4 Remote File Inclusion @@ -2158,7 +2176,6 @@ File Upload Vulnerability wp-root=XXpathXX&action=asdf - Disclosure Policy 1.0 Remote File Inclusion @@ -2167,7 +2184,6 @@ File Upload Vulnerability /wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&blogUrl=asdf&abspath=XXpathXX - Mailing List 1.3.2 Remote File Inclusion @@ -2181,7 +2197,6 @@ File Upload Vulnerability UNKNOWN - Zingiri Web Shop 2.2.0 Remote File Inclusion @@ -2195,7 +2210,6 @@ File Upload Vulnerability RCE - Mini Mail Dashboard Widget 1.36 Remote File Inclusion @@ -2208,7 +2222,6 @@ File Upload Vulnerability XSS - Relocate Upload 0.14 Remote File Inclusion @@ -2217,7 +2230,6 @@ File Upload Vulnerability /wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=XXpathXX - Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability @@ -2225,7 +2237,6 @@ File Upload Vulnerability UPLOAD - Auto Attachments plugin 0.2.9 Shell Upload vulnerability @@ -2233,7 +2244,6 @@ File Upload Vulnerability UPLOAD - WP Marketplace plugin 1.1.0 Shell Upload vulnerability @@ -2241,7 +2251,6 @@ File Upload Vulnerability UPLOAD - DP Thumbnail plugin 1.0 Shell Upload vulnerability @@ -2249,7 +2258,6 @@ File Upload Vulnerability UPLOAD - Vk Gallery plugin 1.1.0 Shell Upload vulnerability @@ -2257,7 +2265,6 @@ File Upload Vulnerability UPLOAD - Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability @@ -2265,7 +2272,6 @@ File Upload Vulnerability UPLOAD - CAC Featured Content plugin 0.8 Shell Upload vulnerability @@ -2273,7 +2279,6 @@ File Upload Vulnerability UPLOAD - Rent A Car plugin 1.0 Shell Upload vulnerability @@ -2281,7 +2286,6 @@ File Upload Vulnerability UPLOAD - LISL Last Image Slider plugin 1.0 Shell Upload vulnerability @@ -2289,7 +2293,6 @@ File Upload Vulnerability UPLOAD - Islidex plugin 2.7 Shell Upload vulnerability @@ -2297,7 +2300,6 @@ File Upload Vulnerability UPLOAD - Kino Gallery plugin 1.0 Shell Upload vulnerability @@ -2305,7 +2307,6 @@ File Upload Vulnerability UPLOAD - Cms Pack plugin 1.3 Shell Upload vulnerability @@ -2313,7 +2314,6 @@ File Upload Vulnerability UPLOAD - A Gallery plugin 0.9 Shell Upload vulnerability @@ -2321,7 +2321,6 @@ File Upload Vulnerability UPLOAD - Category List Portfolio Page plugin 0.9 Shell Upload vulnerability @@ -2329,7 +2328,6 @@ File Upload Vulnerability UPLOAD - Really Easy Slider plugin 0.1 Shell Upload vulnerability @@ -2337,7 +2335,6 @@ File Upload Vulnerability UPLOAD - Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability @@ -2345,7 +2342,6 @@ File Upload Vulnerability UPLOAD - User Avatar plugin 1.3.7 shell upload vulnerability @@ -2353,7 +2349,6 @@ File Upload Vulnerability UPLOAD - Extend plugin 1.3.7 Shell Upload vulnerability @@ -2361,7 +2356,6 @@ File Upload Vulnerability UPLOAD - AdRotate plugin <= 3.6.5 SQL Injection Vulnerability @@ -2374,7 +2368,6 @@ File Upload Vulnerability SQLI - WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability @@ -2382,7 +2375,6 @@ File Upload Vulnerability SQLI - GD Star Rating plugin <= 1.9.10 SQL Injection @@ -2395,7 +2387,6 @@ File Upload Vulnerability SQLI - Contact Form plugin <= 2.7.5 SQL Injection @@ -2403,7 +2394,6 @@ File Upload Vulnerability SQLI - WP Photo Album Plus <= 4.1.1 SQL Injection @@ -2411,7 +2401,6 @@ File Upload Vulnerability SQLI - BackWPUp 2.1.4 Code Execution @@ -2424,5 +2413,5 @@ File Upload Vulnerability RCE - +