diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 24c20320..e281cb81 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -5,21 +5,23 @@
- Content Slide - Cross-Site Requst Forgery Vulnerability
- CSRF
+ Content Slide <=1.4.2 - Cross Site Requst Forgery Vulnerability
93871
+ 2013-2708
52949
+ CSRF
- Simple Paypal Shopping Cart - Cross-Site Request Forgery Vulnerability
+ Simple Paypal Shopping Cart 3.5 - Cross-Site Request Forgery Vulnerability
- 52963
93953
+ 2013-2705
+ 52963
CSRF
3.6
@@ -28,18 +30,19 @@
- WP-SendSMS - Setting Manipulation CSRF
+ WP-SendSMS 1.0 - Setting Manipulation CSRF
- 53796
94209
+ 53796
26124
CSRF
- WP-SendSMS - wp-admin/admin.php Multiple Parameter XSS
+ WP-SendSMS 1.0 - wp-admin/admin.php Multiple Parameter XSS
94210
+ 26124
XSS
@@ -149,7 +152,7 @@
- Thank You Counter Button - XSS
+ Thank You Counter Button <=1.8.2 - XSS
50977
@@ -160,7 +163,7 @@
- Bookings - XSS
+ Bookings <=1.8.2 - XSS
50975
@@ -171,12 +174,13 @@
- Cimy User Manager - Arbitrary File Disclosure
+ Cimy User Manager <=1.4.2 - Arbitrary File Disclosure
50834
http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/
UNKNOWN
+ 1.4.4
@@ -204,15 +208,17 @@
- WP125 - Multiple XSS
+ WP125 <=1.4.4 - Multiple XSS
50976
XSS
+ 1.4.5
- WP125 - CSRF
+ WP125 <=1.4.9 - CSRF
+ 2013-2700
http://www.securityfocus.com/bid/58934
CSRF
@@ -4261,6 +4267,8 @@
Extend 1.3.7 - Shell Upload vulnerability
+ 75638
+ 2011-4106
17872
UPLOAD
@@ -5098,7 +5106,7 @@
- Get Off Malicious Scripts Cross-Site Scripting Vulnerability
+ Get Off Malicious Scripts - Cross-Site Scripting Vulnerability
50030
@@ -5131,7 +5139,7 @@
- wp-explorer-gallery Arbitrary File Upload Vulnerability
+ wp-explorer-gallery - Arbitrary File Upload Vulnerability
http://www.1337day.com/exploit/20251
@@ -5141,7 +5149,7 @@
- accordion Arbitrary File Upload Vulnerability
+ accordion - Arbitrary File Upload Vulnerability
http://www.1337day.com/exploit/20254
@@ -5151,7 +5159,7 @@
- wp-catpro Arbitrary File Upload Vulnerability
+ wp-catpro - Arbitrary File Upload Vulnerability
http://www.1337day.com/exploit/20256
@@ -5242,7 +5250,7 @@
- ForumConverter SQL Injection Vulnerability
+ ForumConverter - SQL Injection Vulnerability
http://www.1337day.com/exploit/20275
@@ -5252,7 +5260,7 @@
- Newsletter SQL Injection Vulnerability
+ Newsletter - SQL Injection Vulnerability
http://www.1337day.com/exploit/20287
@@ -5271,7 +5279,7 @@
- Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin
+ CommentLuv - Cross Site Scripting Vulnerability
https://www.htbridge.com/advisory/HTB23138
http://packetstormsecurity.com/files/120090/
@@ -5373,7 +5381,7 @@
- smart-flv jwplayer.swf XSS
+ smart-flv - jwplayer.swf XSS
http://www.openwall.com/lists/oss-security/2013/02/24/7
http://packetstormsecurity.com/files/115100/
@@ -5397,7 +5405,6 @@
PHP Shell Plugin
-
https://github.com/wpscanteam/wpscan/issues/138
http://plugins.svn.wordpress.org/php-shell/trunk/shell.php
@@ -5407,7 +5414,7 @@
- Marekkis Watermark Cross Site Scripting
+ Marekkis Watermark - Cross Site Scripting
http://packetstormsecurity.com/files/120378/
@@ -5417,7 +5424,7 @@
- Responsive Logo Slideshow Cross Site Scripting
+ Responsive Logo Slideshow - Cross Site Scripting
http://packetstormsecurity.com/files/120379/
@@ -5717,7 +5724,7 @@
- vkontakte-api XSS vulnerability
+ vkontakte-api - XSS vulnerability
http://www.openwall.com/lists/oss-security/2013/03/11/1
2009-4168
@@ -5728,7 +5735,7 @@
- Terillion Reviews Cross Site Scripting
+ Terillion Reviews - Cross Site Scripting
http://packetstormsecurity.com/files/120730/
@@ -5792,7 +5799,7 @@
- XSS vulnerability on WP-Banners-Lite
+ WP-Banners-Lite - XSS vulnerability
http://seclists.org/fulldisclosure/2013/Mar/209
http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
@@ -5828,7 +5835,7 @@
- ofc_upload_image.php Arbitrary File Upload Vulnerability
+ chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
@@ -5838,7 +5845,7 @@
- ofc_upload_image.php Arbitrary File Upload Vulnerability
+ open-flash-chart-core - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
37903
@@ -5851,7 +5858,7 @@
- ofc_upload_image.php Arbitrary File Upload Vulnerability
+ spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
@@ -5861,7 +5868,7 @@
- ofc_upload_image.php Arbitrary File Upload Vulnerability
+ php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
@@ -5871,7 +5878,7 @@
- ofc_upload_image.php Arbitrary File Upload Vulnerability
+ seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
@@ -5881,7 +5888,7 @@
- ofc_upload_image.php Arbitrary File Upload Vulnerability
+ wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability
24492
@@ -5901,7 +5908,7 @@
- fbsurveypro XSS Vulnerability
+ fbsurveypro - XSS Vulnerability
http://1337day.com/exploit/20623
@@ -5911,7 +5918,7 @@
- timelineoptinpro XSS Vulnerability
+ timelineoptinpro - XSS Vulnerability
http://1337day.com/exploit/20620
@@ -5921,7 +5928,7 @@
- kioskprox XSS Vulnerability
+ kioskprox - XSS Vulnerability
http://1337day.com/exploit/20624
@@ -5931,7 +5938,7 @@
- bigcontact SQLI
+ bigcontact - SQLI
http://plugins.trac.wordpress.org/changeset/689798
@@ -5942,7 +5949,7 @@
- drawblog CSRF
+ drawblog - CSRF
http://plugins.trac.wordpress.org/changeset/691178
@@ -5953,7 +5960,7 @@
- social-media-widget malicious code
+ social-media-widget - malicious code
http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk
http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
@@ -5966,7 +5973,7 @@
- facebook-members CSRF
+ facebook-members - CSRF
52962
2013-2703
@@ -5978,10 +5985,11 @@
- foursquare-checkins CSRF
+ foursquare-checkins - CSRF
- 53151
+ 92641
2013-2709
+ 53151
CSRF
1.3
@@ -5990,7 +5998,7 @@
- formidable Pro Unspecified Vulnerabilities
+ formidable Pro - Unspecified Vulnerabilities
53121
@@ -6001,7 +6009,7 @@
- all-in-one-webmaster CSRF
+ all-in-one-webmaster - CSRF
52877
2013-2696
@@ -6043,7 +6051,7 @@
- syntaxhighlighter clipboard.swf XSS
+ syntaxhighlighter - clipboard.swf XSS
53235
@@ -6065,7 +6073,7 @@
- easy-adsense-lite CSRF
+ easy-adsense-lite - CSRF
52953
2013-2702
@@ -6086,7 +6094,7 @@
XSS
- uk-cookie CSRF
+ uk-cookie - CSRF
http://www.openwall.com/lists/oss-security/2013/06/06/10
94032
@@ -6098,7 +6106,7 @@
- wp-cleanfix Remote Command Execution, CSRF and XSS
+ wp-cleanfix - Remote Command Execution, CSRF and XSS
https://github.com/wpscanteam/wpscan/issues/186
http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning
@@ -6170,8 +6178,9 @@
- WP Print Friendly - Security Bypass Vulnerability
+ WP Print Friendly <=0.5.2 - Security Bypass Vulnerability
+ 93243
53371
UNKNOWN
@@ -6246,7 +6255,7 @@
- Digg Digg CSRF
+ Digg Digg - CSRF
http://wordpress.org/plugins/digg-digg/changelog/
53120
@@ -6261,9 +6270,9 @@
SS Quiz - Multiple Unspecified Vulnerabilities
- http://wordpress.org/plugins/ssquiz/changelog/
- 53378
93531
+ 53378
+ http://wordpress.org/plugins/ssquiz/changelog/
UNKNOWN
2.0
@@ -6272,7 +6281,7 @@
- FunCaptcha CSRF
+ FunCaptcha - CSRF
http://wordpress.org/extend/plugins/funcaptcha/changelog/
@@ -6283,7 +6292,7 @@
- xili-language XSS
+ xili-language - XSS
http://wordpress.org/plugins/xili-language/changelog/
@@ -6294,7 +6303,7 @@
- Security issue which allowed any user to reset settings
+ wordpress-seo - Security issue which allowed any user to reset settings
http://wordpress.org/plugins/wordpress-seo/changelog/
@@ -6305,7 +6314,7 @@
- CSRF in WordPress underConstruction plugin
+ Under Construction - CSRF
http://wordpress.org/plugins/underconstruction/changelog/
52881
@@ -6319,7 +6328,7 @@
- ADIF Log Search Widget XSS Arbitrary Vulnerability
+ ADIF Log Search Widget - XSS Arbitrary Vulnerability
http://packetstormsecurity.com/files/121777/
53599
@@ -6354,7 +6363,7 @@
- Remote File Inclusion Vulnerability
+ Export to text - Remote File Inclusion Vulnerability
51348
93715
@@ -6468,7 +6477,7 @@
- WP Maintenance Mode Setting Manipulation CSRF
+ WP Maintenance Mode - Setting Manipulation CSRF
94450
@@ -6489,7 +6498,7 @@
- Leaflet Maps Marker Tag Multiple Parameter SQL Injection
+ Leaflet Maps Marker - Tag Multiple Parameter SQL Injection
94388
@@ -6522,7 +6531,7 @@
- Dropdown Menu Widget Script Insertion CSRF
+ Dropdown Menu Widget - Script Insertion CSRF
94771
@@ -6532,7 +6541,7 @@
- BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS
+ <title>BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS
94807
@@ -6544,7 +6553,7 @@
- wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection
+ wp-private-messages - /wp-admin/profile.php msgid Parameter SQL Injection
94702
@@ -6554,7 +6563,7 @@
- Stream Video Player - - Setting Manipulation CSRF
+ Stream Video Player - Setting Manipulation CSRF
94466
@@ -6564,7 +6573,7 @@
- Duplicator installer.cleanup.php package Parameter XSS
+ Duplicator - installer.cleanup.php package Parameter XSS
95627
2013-4625
@@ -6576,7 +6585,7 @@
- Citizen Space Script Insertion CSRF
+ Citizen Space - Script Insertion CSRF
95570
@@ -6587,7 +6596,7 @@
- Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion
+ Spicy Blogroll - spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion
95557
26804
@@ -6598,7 +6607,7 @@
- Pie Register wp-login.php Multiple Parameter XSS
+ Pie Register - wp-login.php Multiple Parameter XSS
95160
@@ -6609,7 +6618,7 @@
- CSRF in admin/setting.php in Xhanch
+ Xhanch my Twitter - CSRF in admin/setting.php
96027
53133
@@ -6636,7 +6645,7 @@
- CSRF in HMS Testimonials 2.0.10
+ HMS Testimonials 2.0.10 - CSRF
http://wordpress.org/plugins/hms-testimonials/changelog/
2013-4240
@@ -6651,7 +6660,7 @@
2.0.11
- XSS in HMS Testimonials 2.0.10
+ HMS Testimonials 2.0.10 - XSS
http://wordpress.org/plugins/hms-testimonials/changelog/
2013-4241
@@ -6671,20 +6680,22 @@
IndiaNIC Testimonial 2.2 - CSRF vulnerability
- http://seclists.org/fulldisclosure/2013/Sep/5
+ 96792
2013-5672
28054
http://packetstormsecurity.com/files/123036/
+ http://seclists.org/fulldisclosure/2013/Sep/5
CSRF
IndiaNIC Testimonial 2.2 - SQL Injection vulnerability
- http://seclists.org/fulldisclosure/2013/Sep/5
+ 96793
2013-5673
28054
http://packetstormsecurity.com/files/123036/
+ http://seclists.org/fulldisclosure/2013/Sep/5
SQLI
@@ -6714,7 +6725,7 @@
- platinum_seo_pack.php s Parameter Reflected XSS
+ platinum_seo_pack.php - s Parameter Reflected XSS
97263
@@ -6792,11 +6803,11 @@
Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution
- http://packetstormsecurity.com/files/123349/
- http://xforce.iss.net/xforce/xfdb/87384
97662
2013-5961
28452
+ http://packetstormsecurity.com/files/123349/
+ http://xforce.iss.net/xforce/xfdb/87384
UPLOAD