From db82b2584ce7342a816416bb6376b20ab4bd6430 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sun, 13 Oct 2013 09:45:32 +0200
Subject: [PATCH 1/3] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 86 ++++++++++++++++++++++---------------------
 1 file changed, 45 insertions(+), 41 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 38f23238..e031715c 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -5,21 +5,23 @@
 
   <plugin name="content-slide">
     <vulnerability>
-      <title>Content Slide - Cross-Site Requst Forgery Vulnerability</title>
-      <type>CSRF</type>
+      <title>Content Slide 1.4.2 - Cross Site Requst Forgery Vulnerability</title>
       <references>
         <osvdb>93871</osvdb>
+        <cve>2013-2708</cve>
         <secunia>52949</secunia>
       </references>
+      <type>CSRF</type>
     </vulnerability>
   </plugin>
 
   <plugin name="wordpress-simple-paypal-shopping-cart">
     <vulnerability>
-      <title>Simple Paypal Shopping Cart - Cross-Site Request Forgery Vulnerability</title>
+      <title>Simple Paypal Shopping Cart 3.5 - Cross-Site Request Forgery Vulnerability</title>
       <references>
-        <secunia>52963</secunia>
         <osvdb>93953</osvdb>
+        <cve>2013-2705</cve>
+        <secunia>52963</secunia>
       </references>
       <type>CSRF</type>
       <fixed_in>3.6</fixed_in>
@@ -28,18 +30,19 @@
 
   <plugin name="wp-sendsms">
     <vulnerability>
-      <title>WP-SendSMS - Setting Manipulation CSRF</title>
+      <title>WP-SendSMS 1.0 - Setting Manipulation CSRF</title>
       <references>
-        <secunia>53796</secunia>
         <osvdb>94209</osvdb>
+        <secunia>53796</secunia>
         <exploitdb>26124</exploitdb>
       </references>
       <type>CSRF</type>
     </vulnerability>
     <vulnerability>
-      <title>WP-SendSMS - wp-admin/admin.php Multiple Parameter XSS</title>
+      <title>WP-SendSMS 1.0 - wp-admin/admin.php Multiple Parameter XSS</title>
       <references>
         <osvdb>94210</osvdb>
+        <exploitdb>26124</exploitdb>
       </references>
       <type>XSS</type>
     </vulnerability>
@@ -4261,6 +4264,8 @@
     <vulnerability>
       <title>Extend 1.3.7 - Shell Upload vulnerability</title>
       <references>
+        <osvdb>75638</osvdb>
+        <cve>2011-4106</cve>
         <exploitdb>17872</exploitdb>
       </references>
       <type>UPLOAD</type>
@@ -5098,7 +5103,7 @@
 
   <plugin name="gotmls">
     <vulnerability>
-      <title>Get Off Malicious Scripts Cross-Site Scripting Vulnerability</title>
+      <title>Get Off Malicious Scripts - Cross-Site Scripting Vulnerability</title>
       <references>
         <secunia>50030</secunia>
       </references>
@@ -5131,7 +5136,7 @@
 
   <plugin name="wp-explorer-gallery">
     <vulnerability>
-      <title>wp-explorer-gallery Arbitrary File Upload Vulnerability</title>
+      <title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
       <references>
         <url>http://www.1337day.com/exploit/20251</url>
       </references>
@@ -5141,7 +5146,7 @@
 
   <plugin name="accordion">
     <vulnerability>
-      <title>accordion Arbitrary File Upload Vulnerability</title>
+      <title>accordion - Arbitrary File Upload Vulnerability</title>
       <references>
         <url>http://www.1337day.com/exploit/20254</url>
       </references>
@@ -5151,7 +5156,7 @@
 
   <plugin name="wp-catpro">
     <vulnerability>
-      <title>wp-catpro Arbitrary File Upload Vulnerability</title>
+      <title>wp-catpro - Arbitrary File Upload Vulnerability</title>
       <references>
         <url>http://www.1337day.com/exploit/20256</url>
       </references>
@@ -5242,7 +5247,7 @@
 
   <plugin name="forumconverter">
     <vulnerability>
-      <title>ForumConverter SQL Injection Vulnerability</title>
+      <title>ForumConverter - SQL Injection Vulnerability</title>
       <references>
         <url>http://www.1337day.com/exploit/20275</url>
       </references>
@@ -5252,7 +5257,7 @@
 
   <plugin name="newsletter">
     <vulnerability>
-      <title>Newsletter SQL Injection Vulnerability</title>
+      <title>Newsletter - SQL Injection Vulnerability</title>
       <references>
         <url>http://www.1337day.com/exploit/20287</url>
       </references>
@@ -5271,7 +5276,7 @@
 
   <plugin name="commentluv">
     <vulnerability>
-      <title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin</title>
+      <title>CommentLuv - Cross Site Scripting Vulnerability</title>
       <references>
         <url>https://www.htbridge.com/advisory/HTB23138</url>
         <url>http://packetstormsecurity.com/files/120090/</url>
@@ -5373,7 +5378,7 @@
 
   <plugin name="smart-flv">
     <vulnerability>
-      <title>smart-flv jwplayer.swf XSS</title>
+      <title>smart-flv - jwplayer.swf XSS</title>
       <references>
         <url>http://www.openwall.com/lists/oss-security/2013/02/24/7</url>
         <url>http://packetstormsecurity.com/files/115100/</url>
@@ -5397,7 +5402,6 @@
     <vulnerability>
       <title>PHP Shell Plugin</title>
       <references>
-
         <url>https://github.com/wpscanteam/wpscan/issues/138</url>
         <url>http://plugins.svn.wordpress.org/php-shell/trunk/shell.php</url>
       </references>
@@ -5407,7 +5411,7 @@
 
   <plugin name="marekkis-watermark">
     <vulnerability>
-      <title>Marekkis Watermark Cross Site Scripting</title>
+      <title>Marekkis Watermark - Cross Site Scripting</title>
       <references>
         <url>http://packetstormsecurity.com/files/120378/</url>
       </references>
@@ -5417,7 +5421,7 @@
 
   <plugin name="responsive-logo-slideshow">
     <vulnerability>
-      <title>Responsive Logo Slideshow Cross Site Scripting</title>
+      <title>Responsive Logo Slideshow - Cross Site Scripting</title>
       <references>
         <url>http://packetstormsecurity.com/files/120379/</url>
       </references>
@@ -5717,7 +5721,7 @@
 
   <plugin name="vkontakte-api">
     <vulnerability>
-      <title>vkontakte-api XSS vulnerability</title>
+      <title>vkontakte-api - XSS vulnerability</title>
       <references>
         <url>http://www.openwall.com/lists/oss-security/2013/03/11/1</url>
         <cve>2009-4168</cve>
@@ -5728,7 +5732,7 @@
 
   <plugin name="terillion-reviews">
     <vulnerability>
-      <title>Terillion Reviews Cross Site Scripting</title>
+      <title>Terillion Reviews - Cross Site Scripting</title>
       <references>
         <url>http://packetstormsecurity.com/files/120730/</url>
       </references>
@@ -5792,7 +5796,7 @@
 
   <plugin name="wp-banners-lite">
     <vulnerability>
-      <title>XSS vulnerability on WP-Banners-Lite</title>
+      <title>WP-Banners-Lite - XSS vulnerability</title>
       <references>
         <url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
         <url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
@@ -5828,7 +5832,7 @@
 
   <plugin name="chikuncount">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
       </references>
@@ -5838,7 +5842,7 @@
 
   <plugin name="open-flash-chart-core-wordpress-plugin">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>open-flash-chart-core - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
         <secunia>37903</secunia>
@@ -5851,7 +5855,7 @@
 
   <plugin name="spamtask">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
       </references>
@@ -5861,7 +5865,7 @@
 
   <plugin name="php-analytics">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
       </references>
@@ -5871,7 +5875,7 @@
 
   <plugin name="seo-spy-google-wordpress-plugin">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
       </references>
@@ -5881,7 +5885,7 @@
 
   <plugin name="wp-seo-spy-google">
     <vulnerability>
-      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <title>wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
       <references>
         <exploitdb>24492</exploitdb>
       </references>
@@ -5901,7 +5905,7 @@
 
   <plugin name="fbsurveypro">
     <vulnerability>
-      <title>fbsurveypro XSS Vulnerability</title>
+      <title>fbsurveypro - XSS Vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20623</url>
       </references>
@@ -5911,7 +5915,7 @@
 
   <plugin name="timelineoptinpro">
     <vulnerability>
-      <title>timelineoptinpro XSS Vulnerability</title>
+      <title>timelineoptinpro - XSS Vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20620</url>
       </references>
@@ -5921,7 +5925,7 @@
 
   <plugin name="kioskprox">
     <vulnerability>
-      <title>kioskprox XSS Vulnerability</title>
+      <title>kioskprox - XSS Vulnerability</title>
       <references>
         <url>http://1337day.com/exploit/20624</url>
       </references>
@@ -5931,7 +5935,7 @@
 
   <plugin name="bigcontact">
     <vulnerability>
-      <title>bigcontact SQLI</title>
+      <title>bigcontact - SQLI</title>
       <references>
         <url>http://plugins.trac.wordpress.org/changeset/689798</url>
       </references>
@@ -5942,7 +5946,7 @@
 
   <plugin name="drawblog">
     <vulnerability>
-      <title>drawblog CSRF</title>
+      <title>drawblog - CSRF</title>
       <references>
         <url>http://plugins.trac.wordpress.org/changeset/691178</url>
       </references>
@@ -5953,7 +5957,7 @@
 
   <plugin name="social-media-widget">
     <vulnerability>
-      <title>social-media-widget malicious code</title>
+      <title>social-media-widget - malicious code</title>
       <references>
         <url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</url>
         <url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
@@ -5966,7 +5970,7 @@
 
   <plugin name="facebook-members">
     <vulnerability>
-      <title>facebook-members CSRF</title>
+      <title>facebook-members - CSRF</title>
       <references>
         <secunia>52962</secunia>
         <cve>2013-2703</cve>
@@ -5978,7 +5982,7 @@
 
   <plugin name="foursquare-checkins">
     <vulnerability>
-      <title>foursquare-checkins CSRF</title>
+      <title>foursquare-checkins - CSRF</title>
       <references>
         <secunia>53151</secunia>
         <cve>2013-2709</cve>
@@ -5990,7 +5994,7 @@
 
   <plugin name="formidable">
     <vulnerability>
-      <title>formidable Pro Unspecified Vulnerabilities</title>
+      <title>formidable Pro - Unspecified Vulnerabilities</title>
       <references>
         <secunia>53121</secunia>
       </references>
@@ -6001,7 +6005,7 @@
 
   <plugin name="all-in-one-webmaster">
     <vulnerability>
-      <title>all-in-one-webmaster CSRF</title>
+      <title>all-in-one-webmaster - CSRF</title>
       <references>
         <secunia>52877</secunia>
         <cve>2013-2696</cve>
@@ -6043,7 +6047,7 @@
 
   <plugin name="syntaxhighlighter">
     <vulnerability>
-      <title>syntaxhighlighter clipboard.swf XSS</title>
+      <title>syntaxhighlighter - clipboard.swf XSS</title>
       <references>
         <secunia>53235</secunia>
       </references>
@@ -6065,7 +6069,7 @@
 
   <plugin name="easy-adsense-lite">
     <vulnerability>
-      <title>easy-adsense-lite CSRF</title>
+      <title>easy-adsense-lite - CSRF</title>
       <references>
         <secunia>52953</secunia>
         <cve>2013-2702</cve>
@@ -6086,7 +6090,7 @@
       <type>XSS</type>
     </vulnerability>
     <vulnerability>
-      <title>uk-cookie CSRF</title>
+      <title>uk-cookie - CSRF</title>
       <references>
         <url>http://www.openwall.com/lists/oss-security/2013/06/06/10</url>
         <osvdb>94032</osvdb>
@@ -6098,7 +6102,7 @@
 
   <plugin name="wp-cleanfix">
     <vulnerability>
-      <title>wp-cleanfix Remote Command Execution, CSRF and XSS</title>
+      <title>wp-cleanfix - Remote Command Execution, CSRF and XSS</title>
       <references>
         <url>https://github.com/wpscanteam/wpscan/issues/186</url>
         <url>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</url>

From 7f6cd57e517fbadb3f164b8fe6167a0a9286dfa0 Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sun, 13 Oct 2013 11:02:39 +0200
Subject: [PATCH 2/3] Update plugin_vulns.xml

---
 data/plugin_vulns.xml | 61 +++++++++++++++++++++++--------------------
 1 file changed, 32 insertions(+), 29 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index e031715c..ad0c044d 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -5,7 +5,7 @@
 
   <plugin name="content-slide">
     <vulnerability>
-      <title>Content Slide 1.4.2 - Cross Site Requst Forgery Vulnerability</title>
+      <title>Content Slide &lt;=1.4.2 - Cross Site Requst Forgery Vulnerability</title>
       <references>
         <osvdb>93871</osvdb>
         <cve>2013-2708</cve>
@@ -152,7 +152,7 @@
 
   <plugin name="thanks-you-counter-button">
     <vulnerability>
-      <title>Thank You Counter Button - XSS</title>
+      <title>Thank You Counter Button &lt;=1.8.2 - XSS</title>
       <references>
         <secunia>50977</secunia>
       </references>
@@ -163,7 +163,7 @@
 
   <plugin name="bookings">
     <vulnerability>
-      <title>Bookings - XSS</title>
+      <title>Bookings &lt;=1.8.2 - XSS</title>
       <references>
         <secunia>50975</secunia>
       </references>
@@ -174,12 +174,13 @@
 
   <plugin name="cimy-user-manager">
     <vulnerability>
-      <title>Cimy User Manager - Arbitrary File Disclosure</title>
+      <title>Cimy User Manager &lt;=1.4.2 - Arbitrary File Disclosure</title>
       <references>
         <secunia>50834</secunia>
         <url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>1.4.4</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -207,15 +208,17 @@
 
   <plugin name="wp125">
     <vulnerability>
-      <title>WP125 - Multiple XSS</title>
+      <title>WP125 &lt;=1.4.4 - Multiple XSS</title>
       <references>
         <secunia>50976</secunia>
       </references>
       <type>XSS</type>
+      <fixed_in>1.4.5</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>WP125 - CSRF</title>
+      <title>WP125 &lt;=1.4.9 - CSRF</title>
       <references>
+        <cve>2013-2700</cve>
         <url>http://www.securityfocus.com/bid/58934</url>
       </references>
       <type>CSRF</type>
@@ -6250,7 +6253,7 @@
 
   <plugin name="digg-digg">
     <vulnerability>
-      <title>Digg Digg CSRF</title>
+      <title>Digg Digg - CSRF</title>
       <references>
         <url>http://wordpress.org/plugins/digg-digg/changelog/</url>
         <secunia>53120</secunia>
@@ -6276,7 +6279,7 @@
 
   <plugin name="funcaptcha">
     <vulnerability>
-      <title>FunCaptcha CSRF</title>
+      <title>FunCaptcha - CSRF</title>
       <references>
         <url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
       </references>
@@ -6287,7 +6290,7 @@
 
   <plugin name="xili-language">
     <vulnerability>
-      <title>xili-language XSS</title>
+      <title>xili-language - XSS</title>
       <references>
         <url>http://wordpress.org/plugins/xili-language/changelog/</url>
       </references>
@@ -6298,7 +6301,7 @@
 
   <plugin name="wordpress-seo">
     <vulnerability>
-      <title>Security issue which allowed any user to reset settings</title>
+      <title>wordpress-seo - Security issue which allowed any user to reset settings</title>
       <references>
         <url>http://wordpress.org/plugins/wordpress-seo/changelog/</url>
       </references>
@@ -6309,7 +6312,7 @@
 
   <plugin name="underconstruction">
     <vulnerability>
-      <title>CSRF in WordPress underConstruction plugin</title>
+      <title>Under Construction - CSRF</title>
       <references>
         <url>http://wordpress.org/plugins/underconstruction/changelog/</url>
         <secunia>52881</secunia>
@@ -6323,7 +6326,7 @@
 
   <plugin name="adif-log-search-widget">
     <vulnerability>
-      <title>ADIF Log Search Widget XSS Arbitrary Vulnerability</title>
+      <title>ADIF Log Search Widget - XSS Arbitrary Vulnerability</title>
       <references>
         <url>http://packetstormsecurity.com/files/121777/</url>
         <secunia>53599</secunia>
@@ -6358,7 +6361,7 @@
 
   <plugin name="export-to-text">
     <vulnerability>
-      <title>Remote File Inclusion Vulnerability</title>
+      <title>Export to text - Remote File Inclusion Vulnerability</title>
       <references>
         <secunia>51348</secunia>
         <osvdb>93715</osvdb>
@@ -6472,7 +6475,7 @@
 
   <plugin name="wp-maintenance-mode">
     <vulnerability>
-      <title>WP Maintenance Mode Setting Manipulation CSRF</title>
+      <title>WP Maintenance Mode - Setting Manipulation CSRF</title>
       <references>
         <osvdb>94450</osvdb>
       </references>
@@ -6493,7 +6496,7 @@
 
   <plugin name="mapsmarker">
     <vulnerability>
-      <title>Leaflet Maps Marker Tag Multiple Parameter SQL Injection</title>
+      <title>Leaflet Maps Marker - Tag Multiple Parameter SQL Injection</title>
       <references>
         <osvdb>94388</osvdb>
       </references>
@@ -6526,7 +6529,7 @@
 
   <plugin name="dropdown-menu-widget">
     <vulnerability>
-      <title>Dropdown Menu Widget Script Insertion CSRF</title>
+      <title>Dropdown Menu Widget - Script Insertion CSRF</title>
       <references>
         <osvdb>94771</osvdb>
       </references>
@@ -6536,7 +6539,7 @@
 
   <plugin name="buddypress-extended-friendship-request">
     <vulnerability>
-      <title>BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS
+      <title>BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS
       </title>
       <references>
         <osvdb>94807</osvdb>
@@ -6548,7 +6551,7 @@
 
   <plugin name="wp-private-messages">
     <vulnerability>
-      <title>wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection</title>
+      <title>wp-private-messages - /wp-admin/profile.php msgid Parameter SQL Injection</title>
       <references>
         <osvdb>94702</osvdb>
       </references>
@@ -6558,7 +6561,7 @@
 
   <plugin name="stream-video-player">
     <vulnerability>
-      <title>Stream Video Player - - Setting Manipulation CSRF</title>
+      <title>Stream Video Player - Setting Manipulation CSRF</title>
       <references>
         <osvdb>94466</osvdb>
       </references>
@@ -6568,7 +6571,7 @@
 
   <plugin name="duplicator">
     <vulnerability>
-      <title>Duplicator installer.cleanup.php package Parameter XSS</title>
+      <title>Duplicator - installer.cleanup.php package Parameter XSS</title>
       <references>
         <osvdb>95627</osvdb>
         <cve>2013-4625</cve>
@@ -6580,7 +6583,7 @@
 
   <plugin name="citizen-space">
     <vulnerability>
-      <title>Citizen Space Script Insertion CSRF</title>
+      <title>Citizen Space - Script Insertion CSRF</title>
       <references>
         <osvdb>95570</osvdb>
       </references>
@@ -6591,7 +6594,7 @@
 
   <plugin name="spicy-blogroll">
     <vulnerability>
-      <title>Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
+      <title>Spicy Blogroll - spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
       <references>
         <osvdb>95557</osvdb>
         <exploitdb>26804</exploitdb>
@@ -6602,7 +6605,7 @@
 
   <plugin name="pie-register">
     <vulnerability>
-      <title>Pie Register wp-login.php Multiple Parameter XSS</title>
+      <title>Pie Register - wp-login.php Multiple Parameter XSS</title>
       <references>
         <osvdb>95160</osvdb>
       </references>
@@ -6613,7 +6616,7 @@
 
   <plugin name="xhanch-my-twitter">
     <vulnerability>
-      <title>CSRF in admin/setting.php in Xhanch</title>
+      <title>Xhanch my Twitter - CSRF in admin/setting.php</title>
       <references>
         <osvdb>96027</osvdb>
         <secunia>53133</secunia>
@@ -6640,7 +6643,7 @@
 
   <plugin name="hms-testimonials">
     <vulnerability>
-      <title>CSRF in HMS Testimonials 2.0.10</title>
+      <title>HMS Testimonials 2.0.10 - CSRF</title>
       <references>
         <url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
         <cve>2013-4240</cve>
@@ -6655,7 +6658,7 @@
       <fixed_in>2.0.11</fixed_in>
     </vulnerability>
     <vulnerability>
-      <title>XSS in HMS Testimonials 2.0.10</title>
+      <title>HMS Testimonials 2.0.10 - XSS</title>
       <references>
         <url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
         <cve>2013-4241</cve>
@@ -6718,7 +6721,7 @@
 
   <plugin name="platinum-seo-pack">
     <vulnerability>
-      <title>platinum_seo_pack.php s Parameter Reflected XSS</title>
+      <title>platinum_seo_pack.php - s Parameter Reflected XSS</title>
       <references>
         <osvdb>97263</osvdb>
       </references>
@@ -6796,11 +6799,11 @@
     <vulnerability>
       <title>Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution</title>
       <references>
-        <url>http://packetstormsecurity.com/files/123349/</url>
-        <url>http://xforce.iss.net/xforce/xfdb/87384</url>
         <osvdb>97662</osvdb>
         <cve>2013-5961</cve>
         <exploitdb>28452</exploitdb>
+        <url>http://packetstormsecurity.com/files/123349/</url>
+        <url>http://xforce.iss.net/xforce/xfdb/87384</url>
       </references>
       <type>UPLOAD</type>
     </vulnerability>

From 920a900e90d7846df896c8339f63ee6c9233331d Mon Sep 17 00:00:00 2001
From: Peter van der Laan <vanderlaan.pm@gmail.com>
Date: Sun, 13 Oct 2013 11:28:04 +0200
Subject: [PATCH 3/3] Added OSVDB #92641, #93243, #96792, #96793

---
 data/plugin_vulns.xml | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index ad0c044d..268da57a 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -5987,8 +5987,9 @@
     <vulnerability>
       <title>foursquare-checkins - CSRF</title>
       <references>
-        <secunia>53151</secunia>
+        <osvdb>92641</osvdb>
         <cve>2013-2709</cve>
+        <secunia>53151</secunia>
       </references>
       <type>CSRF</type>
       <fixed_in>1.3</fixed_in>
@@ -6177,8 +6178,9 @@
 
   <plugin name="wp-print-friendly">
     <vulnerability>
-      <title>WP Print Friendly - Security Bypass Vulnerability</title>
+      <title>WP Print Friendly &lt;=0.5.2 - Security Bypass Vulnerability</title>
       <references>
+        <osvdb>93243</osvdb>
         <secunia>53371</secunia>
       </references>
       <type>UNKNOWN</type>
@@ -6268,9 +6270,9 @@
     <vulnerability>
       <title>SS Quiz - Multiple Unspecified Vulnerabilities</title>
       <references>
-        <url>http://wordpress.org/plugins/ssquiz/changelog/</url>
-        <secunia>53378</secunia>
         <osvdb>93531</osvdb>
+        <secunia>53378</secunia>
+        <url>http://wordpress.org/plugins/ssquiz/changelog/</url>
       </references>
       <type>UNKNOWN</type>
       <fixed_in>2.0</fixed_in>
@@ -6678,20 +6680,22 @@
     <vulnerability>
       <title>IndiaNIC Testimonial 2.2 - CSRF vulnerability</title>
       <references>
-        <url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
+        <osvdb>96792</osvdb>
         <cve>2013-5672</cve>
         <exploitdb>28054</exploitdb>
         <url>http://packetstormsecurity.com/files/123036/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
       </references>
       <type>CSRF</type>
     </vulnerability>
     <vulnerability>
       <title>IndiaNIC Testimonial 2.2 - SQL Injection vulnerability</title>
       <references>
-        <url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
+        <osvdb>96793</osvdb>
         <cve>2013-5673</cve>
         <exploitdb>28054</exploitdb>
         <url>http://packetstormsecurity.com/files/123036/</url>
+        <url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
       </references>
       <type>SQLI</type>
     </vulnerability>