garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #316 from pvdl/master

Browse Source 
Added WordPress Vulnerabilities
This commit is contained in:
erwanlr
2013-10-13 05:46:44 -07:00
parent b01559ce52 920a900e90
commit ec4f7d1638
1 changed files with 86 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
data/plugin_vulns.xml
View File

@@ -5,21 +5,23 @@
<plugin name="content-slide"> <plugin name="content-slide">
<vulnerability> <vulnerability>
<title>Content Slide - Cross-Site Requst Forgery Vulnerability</title> <title>Content Slide &lt;=1.4.2 - Cross Site Requst Forgery Vulnerability</title>
<type>CSRF</type>
<references> <references>
<osvdb>93871</osvdb> <osvdb>93871</osvdb>
<cve>2013-2708</cve>
<secunia>52949</secunia> <secunia>52949</secunia>
</references> </references>
<type>CSRF</type>
</vulnerability> </vulnerability>
</plugin> </plugin>
<plugin name="wordpress-simple-paypal-shopping-cart"> <plugin name="wordpress-simple-paypal-shopping-cart">
<vulnerability> <vulnerability>
<title>Simple Paypal Shopping Cart - Cross-Site Request Forgery Vulnerability</title> <title>Simple Paypal Shopping Cart 3.5 - Cross-Site Request Forgery Vulnerability</title>
<references> <references>
<secunia>52963</secunia>
<osvdb>93953</osvdb> <osvdb>93953</osvdb>
<cve>2013-2705</cve>
<secunia>52963</secunia>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
<fixed_in>3.6</fixed_in> <fixed_in>3.6</fixed_in>
@@ -28,18 +30,19 @@
<plugin name="wp-sendsms"> <plugin name="wp-sendsms">
<vulnerability> <vulnerability>
<title>WP-SendSMS - Setting Manipulation CSRF</title> <title>WP-SendSMS 1.0 - Setting Manipulation CSRF</title>
<references> <references>
<secunia>53796</secunia>
<osvdb>94209</osvdb> <osvdb>94209</osvdb>
<secunia>53796</secunia>
<exploitdb>26124</exploitdb> <exploitdb>26124</exploitdb>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
</vulnerability> </vulnerability>
<vulnerability> <vulnerability>
<title>WP-SendSMS - wp-admin/admin.php Multiple Parameter XSS</title> <title>WP-SendSMS 1.0 - wp-admin/admin.php Multiple Parameter XSS</title>
<references> <references>
<osvdb>94210</osvdb> <osvdb>94210</osvdb>
<exploitdb>26124</exploitdb>
</references> </references>
<type>XSS</type> <type>XSS</type>
</vulnerability> </vulnerability>
@@ -149,7 +152,7 @@
<plugin name="thanks-you-counter-button"> <plugin name="thanks-you-counter-button">
<vulnerability> <vulnerability>
<title>Thank You Counter Button - XSS</title> <title>Thank You Counter Button &lt;=1.8.2 - XSS</title>
<references> <references>
<secunia>50977</secunia> <secunia>50977</secunia>
</references> </references>
@@ -160,7 +163,7 @@
<plugin name="bookings"> <plugin name="bookings">
<vulnerability> <vulnerability>
<title>Bookings - XSS</title> <title>Bookings &lt;=1.8.2 - XSS</title>
<references> <references>
<secunia>50975</secunia> <secunia>50975</secunia>
</references> </references>
@@ -171,12 +174,13 @@
<plugin name="cimy-user-manager"> <plugin name="cimy-user-manager">
<vulnerability> <vulnerability>
<title>Cimy User Manager - Arbitrary File Disclosure</title> <title>Cimy User Manager &lt;=1.4.2 - Arbitrary File Disclosure</title>
<references> <references>
<secunia>50834</secunia> <secunia>50834</secunia>
<url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url> <url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
</references> </references>
<type>UNKNOWN</type> <type>UNKNOWN</type>
<fixed_in>1.4.4</fixed_in>
</vulnerability> </vulnerability>
</plugin> </plugin>
@@ -204,15 +208,17 @@
<plugin name="wp125"> <plugin name="wp125">
<vulnerability> <vulnerability>
<title>WP125 - Multiple XSS</title> <title>WP125 &lt;=1.4.4 - Multiple XSS</title>
<references> <references>
<secunia>50976</secunia> <secunia>50976</secunia>
</references> </references>
<type>XSS</type> <type>XSS</type>
<fixed_in>1.4.5</fixed_in>
</vulnerability> </vulnerability>
<vulnerability> <vulnerability>
<title>WP125 - CSRF</title> <title>WP125 &lt;=1.4.9 - CSRF</title>
<references> <references>
<cve>2013-2700</cve>
<url>http://www.securityfocus.com/bid/58934</url> <url>http://www.securityfocus.com/bid/58934</url>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
@@ -4261,6 +4267,8 @@
<vulnerability> <vulnerability>
<title>Extend 1.3.7 - Shell Upload vulnerability</title> <title>Extend 1.3.7 - Shell Upload vulnerability</title>
<references> <references>
<osvdb>75638</osvdb>
<cve>2011-4106</cve>
<exploitdb>17872</exploitdb> <exploitdb>17872</exploitdb>
</references> </references>
<type>UPLOAD</type> <type>UPLOAD</type>
@@ -5098,7 +5106,7 @@
<plugin name="gotmls"> <plugin name="gotmls">
<vulnerability> <vulnerability>
<title>Get Off Malicious Scripts Cross-Site Scripting Vulnerability</title> <title>Get Off Malicious Scripts - Cross-Site Scripting Vulnerability</title>
<references> <references>
<secunia>50030</secunia> <secunia>50030</secunia>
</references> </references>
@@ -5131,7 +5139,7 @@
<plugin name="wp-explorer-gallery"> <plugin name="wp-explorer-gallery">
<vulnerability> <vulnerability>
<title>wp-explorer-gallery Arbitrary File Upload Vulnerability</title> <title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
<references> <references>
<url>http://www.1337day.com/exploit/20251</url> <url>http://www.1337day.com/exploit/20251</url>
</references> </references>
@@ -5141,7 +5149,7 @@
<plugin name="accordion"> <plugin name="accordion">
<vulnerability> <vulnerability>
<title>accordion Arbitrary File Upload Vulnerability</title> <title>accordion - Arbitrary File Upload Vulnerability</title>
<references> <references>
<url>http://www.1337day.com/exploit/20254</url> <url>http://www.1337day.com/exploit/20254</url>
</references> </references>
@@ -5151,7 +5159,7 @@
<plugin name="wp-catpro"> <plugin name="wp-catpro">
<vulnerability> <vulnerability>
<title>wp-catpro Arbitrary File Upload Vulnerability</title> <title>wp-catpro - Arbitrary File Upload Vulnerability</title>
<references> <references>
<url>http://www.1337day.com/exploit/20256</url> <url>http://www.1337day.com/exploit/20256</url>
</references> </references>
@@ -5242,7 +5250,7 @@
<plugin name="forumconverter"> <plugin name="forumconverter">
<vulnerability> <vulnerability>
<title>ForumConverter SQL Injection Vulnerability</title> <title>ForumConverter - SQL Injection Vulnerability</title>
<references> <references>
<url>http://www.1337day.com/exploit/20275</url> <url>http://www.1337day.com/exploit/20275</url>
</references> </references>
@@ -5252,7 +5260,7 @@
<plugin name="newsletter"> <plugin name="newsletter">
<vulnerability> <vulnerability>
<title>Newsletter SQL Injection Vulnerability</title> <title>Newsletter - SQL Injection Vulnerability</title>
<references> <references>
<url>http://www.1337day.com/exploit/20287</url> <url>http://www.1337day.com/exploit/20287</url>
</references> </references>
@@ -5271,7 +5279,7 @@
<plugin name="commentluv"> <plugin name="commentluv">
<vulnerability> <vulnerability>
<title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin</title> <title>CommentLuv - Cross Site Scripting Vulnerability</title>
<references> <references>
<url>https://www.htbridge.com/advisory/HTB23138</url> <url>https://www.htbridge.com/advisory/HTB23138</url>
<url>http://packetstormsecurity.com/files/120090/</url> <url>http://packetstormsecurity.com/files/120090/</url>
@@ -5373,7 +5381,7 @@
<plugin name="smart-flv"> <plugin name="smart-flv">
<vulnerability> <vulnerability>
<title>smart-flv jwplayer.swf XSS</title> <title>smart-flv - jwplayer.swf XSS</title>
<references> <references>
<url>http://www.openwall.com/lists/oss-security/2013/02/24/7</url> <url>http://www.openwall.com/lists/oss-security/2013/02/24/7</url>
<url>http://packetstormsecurity.com/files/115100/</url> <url>http://packetstormsecurity.com/files/115100/</url>
@@ -5397,7 +5405,6 @@
<vulnerability> <vulnerability>
<title>PHP Shell Plugin</title> <title>PHP Shell Plugin</title>
<references> <references>
<url>https://github.com/wpscanteam/wpscan/issues/138</url> <url>https://github.com/wpscanteam/wpscan/issues/138</url>
<url>http://plugins.svn.wordpress.org/php-shell/trunk/shell.php</url> <url>http://plugins.svn.wordpress.org/php-shell/trunk/shell.php</url>
</references> </references>
@@ -5407,7 +5414,7 @@
<plugin name="marekkis-watermark"> <plugin name="marekkis-watermark">
<vulnerability> <vulnerability>
<title>Marekkis Watermark Cross Site Scripting</title> <title>Marekkis Watermark - Cross Site Scripting</title>
<references> <references>
<url>http://packetstormsecurity.com/files/120378/</url> <url>http://packetstormsecurity.com/files/120378/</url>
</references> </references>
@@ -5417,7 +5424,7 @@
<plugin name="responsive-logo-slideshow"> <plugin name="responsive-logo-slideshow">
<vulnerability> <vulnerability>
<title>Responsive Logo Slideshow Cross Site Scripting</title> <title>Responsive Logo Slideshow - Cross Site Scripting</title>
<references> <references>
<url>http://packetstormsecurity.com/files/120379/</url> <url>http://packetstormsecurity.com/files/120379/</url>
</references> </references>
@@ -5717,7 +5724,7 @@
<plugin name="vkontakte-api"> <plugin name="vkontakte-api">
<vulnerability> <vulnerability>
<title>vkontakte-api XSS vulnerability</title> <title>vkontakte-api - XSS vulnerability</title>
<references> <references>
<url>http://www.openwall.com/lists/oss-security/2013/03/11/1</url> <url>http://www.openwall.com/lists/oss-security/2013/03/11/1</url>
<cve>2009-4168</cve> <cve>2009-4168</cve>
@@ -5728,7 +5735,7 @@
<plugin name="terillion-reviews"> <plugin name="terillion-reviews">
<vulnerability> <vulnerability>
<title>Terillion Reviews Cross Site Scripting</title> <title>Terillion Reviews - Cross Site Scripting</title>
<references> <references>
<url>http://packetstormsecurity.com/files/120730/</url> <url>http://packetstormsecurity.com/files/120730/</url>
</references> </references>
@@ -5792,7 +5799,7 @@
<plugin name="wp-banners-lite"> <plugin name="wp-banners-lite">
<vulnerability> <vulnerability>
<title>XSS vulnerability on WP-Banners-Lite</title> <title>WP-Banners-Lite - XSS vulnerability</title>
<references> <references>
<url>http://seclists.org/fulldisclosure/2013/Mar/209</url> <url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513 <url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
@@ -5828,7 +5835,7 @@
<plugin name="chikuncount"> <plugin name="chikuncount">
<vulnerability> <vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title> <title>chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references> <references>
<exploitdb>24492</exploitdb> <exploitdb>24492</exploitdb>
</references> </references>
@@ -5838,7 +5845,7 @@
<plugin name="open-flash-chart-core-wordpress-plugin"> <plugin name="open-flash-chart-core-wordpress-plugin">
<vulnerability> <vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title> <title>open-flash-chart-core - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references> <references>
<exploitdb>24492</exploitdb> <exploitdb>24492</exploitdb>
<secunia>37903</secunia> <secunia>37903</secunia>
@@ -5851,7 +5858,7 @@
<plugin name="spamtask"> <plugin name="spamtask">
<vulnerability> <vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title> <title>spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references> <references>
<exploitdb>24492</exploitdb> <exploitdb>24492</exploitdb>
</references> </references>
@@ -5861,7 +5868,7 @@
<plugin name="php-analytics"> <plugin name="php-analytics">
<vulnerability> <vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title> <title>php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references> <references>
<exploitdb>24492</exploitdb> <exploitdb>24492</exploitdb>
</references> </references>
@@ -5871,7 +5878,7 @@
<plugin name="seo-spy-google-wordpress-plugin"> <plugin name="seo-spy-google-wordpress-plugin">
<vulnerability> <vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title> <title>seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references> <references>
<exploitdb>24492</exploitdb> <exploitdb>24492</exploitdb>
</references> </references>
@@ -5881,7 +5888,7 @@
<plugin name="wp-seo-spy-google"> <plugin name="wp-seo-spy-google">
<vulnerability> <vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title> <title>wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references> <references>
<exploitdb>24492</exploitdb> <exploitdb>24492</exploitdb>
</references> </references>
@@ -5901,7 +5908,7 @@
<plugin name="fbsurveypro"> <plugin name="fbsurveypro">
<vulnerability> <vulnerability>
<title>fbsurveypro XSS Vulnerability</title> <title>fbsurveypro - XSS Vulnerability</title>
<references> <references>
<url>http://1337day.com/exploit/20623</url> <url>http://1337day.com/exploit/20623</url>
</references> </references>
@@ -5911,7 +5918,7 @@
<plugin name="timelineoptinpro"> <plugin name="timelineoptinpro">
<vulnerability> <vulnerability>
<title>timelineoptinpro XSS Vulnerability</title> <title>timelineoptinpro - XSS Vulnerability</title>
<references> <references>
<url>http://1337day.com/exploit/20620</url> <url>http://1337day.com/exploit/20620</url>
</references> </references>
@@ -5921,7 +5928,7 @@
<plugin name="kioskprox"> <plugin name="kioskprox">
<vulnerability> <vulnerability>
<title>kioskprox XSS Vulnerability</title> <title>kioskprox - XSS Vulnerability</title>
<references> <references>
<url>http://1337day.com/exploit/20624</url> <url>http://1337day.com/exploit/20624</url>
</references> </references>
@@ -5931,7 +5938,7 @@
<plugin name="bigcontact"> <plugin name="bigcontact">
<vulnerability> <vulnerability>
<title>bigcontact SQLI</title> <title>bigcontact - SQLI</title>
<references> <references>
<url>http://plugins.trac.wordpress.org/changeset/689798</url> <url>http://plugins.trac.wordpress.org/changeset/689798</url>
</references> </references>
@@ -5942,7 +5949,7 @@
<plugin name="drawblog"> <plugin name="drawblog">
<vulnerability> <vulnerability>
<title>drawblog CSRF</title> <title>drawblog - CSRF</title>
<references> <references>
<url>http://plugins.trac.wordpress.org/changeset/691178</url> <url>http://plugins.trac.wordpress.org/changeset/691178</url>
</references> </references>
@@ -5953,7 +5960,7 @@
<plugin name="social-media-widget"> <plugin name="social-media-widget">
<vulnerability> <vulnerability>
<title>social-media-widget malicious code</title> <title>social-media-widget - malicious code</title>
<references> <references>
<url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</url> <url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</url>
<url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot <url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
@@ -5966,7 +5973,7 @@
<plugin name="facebook-members"> <plugin name="facebook-members">
<vulnerability> <vulnerability>
<title>facebook-members CSRF</title> <title>facebook-members - CSRF</title>
<references> <references>
<secunia>52962</secunia> <secunia>52962</secunia>
<cve>2013-2703</cve> <cve>2013-2703</cve>
@@ -5978,10 +5985,11 @@
<plugin name="foursquare-checkins"> <plugin name="foursquare-checkins">
<vulnerability> <vulnerability>
<title>foursquare-checkins CSRF</title> <title>foursquare-checkins - CSRF</title>
<references> <references>
<secunia>53151</secunia> <osvdb>92641</osvdb>
<cve>2013-2709</cve> <cve>2013-2709</cve>
<secunia>53151</secunia>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
<fixed_in>1.3</fixed_in> <fixed_in>1.3</fixed_in>
@@ -5990,7 +5998,7 @@
<plugin name="formidable"> <plugin name="formidable">
<vulnerability> <vulnerability>
<title>formidable Pro Unspecified Vulnerabilities</title> <title>formidable Pro - Unspecified Vulnerabilities</title>
<references> <references>
<secunia>53121</secunia> <secunia>53121</secunia>
</references> </references>
@@ -6001,7 +6009,7 @@
<plugin name="all-in-one-webmaster"> <plugin name="all-in-one-webmaster">
<vulnerability> <vulnerability>
<title>all-in-one-webmaster CSRF</title> <title>all-in-one-webmaster - CSRF</title>
<references> <references>
<secunia>52877</secunia> <secunia>52877</secunia>
<cve>2013-2696</cve> <cve>2013-2696</cve>
@@ -6043,7 +6051,7 @@
<plugin name="syntaxhighlighter"> <plugin name="syntaxhighlighter">
<vulnerability> <vulnerability>
<title>syntaxhighlighter clipboard.swf XSS</title> <title>syntaxhighlighter - clipboard.swf XSS</title>
<references> <references>
<secunia>53235</secunia> <secunia>53235</secunia>
</references> </references>
@@ -6065,7 +6073,7 @@
<plugin name="easy-adsense-lite"> <plugin name="easy-adsense-lite">
<vulnerability> <vulnerability>
<title>easy-adsense-lite CSRF</title> <title>easy-adsense-lite - CSRF</title>
<references> <references>
<secunia>52953</secunia> <secunia>52953</secunia>
<cve>2013-2702</cve> <cve>2013-2702</cve>
@@ -6086,7 +6094,7 @@
<type>XSS</type> <type>XSS</type>
</vulnerability> </vulnerability>
<vulnerability> <vulnerability>
<title>uk-cookie CSRF</title> <title>uk-cookie - CSRF</title>
<references> <references>
<url>http://www.openwall.com/lists/oss-security/2013/06/06/10</url> <url>http://www.openwall.com/lists/oss-security/2013/06/06/10</url>
<osvdb>94032</osvdb> <osvdb>94032</osvdb>
@@ -6098,7 +6106,7 @@
<plugin name="wp-cleanfix"> <plugin name="wp-cleanfix">
<vulnerability> <vulnerability>
<title>wp-cleanfix Remote Command Execution, CSRF and XSS</title> <title>wp-cleanfix - Remote Command Execution, CSRF and XSS</title>
<references> <references>
<url>https://github.com/wpscanteam/wpscan/issues/186</url> <url>https://github.com/wpscanteam/wpscan/issues/186</url>
<url>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</url> <url>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</url>
@@ -6170,8 +6178,9 @@
<plugin name="wp-print-friendly"> <plugin name="wp-print-friendly">
<vulnerability> <vulnerability>
<title>WP Print Friendly - Security Bypass Vulnerability</title> <title>WP Print Friendly &lt;=0.5.2 - Security Bypass Vulnerability</title>
<references> <references>
<osvdb>93243</osvdb>
<secunia>53371</secunia> <secunia>53371</secunia>
</references> </references>
<type>UNKNOWN</type> <type>UNKNOWN</type>
@@ -6246,7 +6255,7 @@
<plugin name="digg-digg"> <plugin name="digg-digg">
<vulnerability> <vulnerability>
<title>Digg Digg CSRF</title> <title>Digg Digg - CSRF</title>
<references> <references>
<url>http://wordpress.org/plugins/digg-digg/changelog/</url> <url>http://wordpress.org/plugins/digg-digg/changelog/</url>
<secunia>53120</secunia> <secunia>53120</secunia>
@@ -6261,9 +6270,9 @@
<vulnerability> <vulnerability>
<title>SS Quiz - Multiple Unspecified Vulnerabilities</title> <title>SS Quiz - Multiple Unspecified Vulnerabilities</title>
<references> <references>
<url>http://wordpress.org/plugins/ssquiz/changelog/</url>
<secunia>53378</secunia>
<osvdb>93531</osvdb> <osvdb>93531</osvdb>
<secunia>53378</secunia>
<url>http://wordpress.org/plugins/ssquiz/changelog/</url>
</references> </references>
<type>UNKNOWN</type> <type>UNKNOWN</type>
<fixed_in>2.0</fixed_in> <fixed_in>2.0</fixed_in>
@@ -6272,7 +6281,7 @@
<plugin name="funcaptcha"> <plugin name="funcaptcha">
<vulnerability> <vulnerability>
<title>FunCaptcha CSRF</title> <title>FunCaptcha - CSRF</title>
<references> <references>
<url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url> <url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
</references> </references>
@@ -6283,7 +6292,7 @@
<plugin name="xili-language"> <plugin name="xili-language">
<vulnerability> <vulnerability>
<title>xili-language XSS</title> <title>xili-language - XSS</title>
<references> <references>
<url>http://wordpress.org/plugins/xili-language/changelog/</url> <url>http://wordpress.org/plugins/xili-language/changelog/</url>
</references> </references>
@@ -6294,7 +6303,7 @@
<plugin name="wordpress-seo"> <plugin name="wordpress-seo">
<vulnerability> <vulnerability>
<title>Security issue which allowed any user to reset settings</title> <title>wordpress-seo - Security issue which allowed any user to reset settings</title>
<references> <references>
<url>http://wordpress.org/plugins/wordpress-seo/changelog/</url> <url>http://wordpress.org/plugins/wordpress-seo/changelog/</url>
</references> </references>
@@ -6305,7 +6314,7 @@
<plugin name="underconstruction"> <plugin name="underconstruction">
<vulnerability> <vulnerability>
<title>CSRF in WordPress underConstruction plugin</title> <title>Under Construction - CSRF</title>
<references> <references>
<url>http://wordpress.org/plugins/underconstruction/changelog/</url> <url>http://wordpress.org/plugins/underconstruction/changelog/</url>
<secunia>52881</secunia> <secunia>52881</secunia>
@@ -6319,7 +6328,7 @@
<plugin name="adif-log-search-widget"> <plugin name="adif-log-search-widget">
<vulnerability> <vulnerability>
<title>ADIF Log Search Widget XSS Arbitrary Vulnerability</title> <title>ADIF Log Search Widget - XSS Arbitrary Vulnerability</title>
<references> <references>
<url>http://packetstormsecurity.com/files/121777/</url> <url>http://packetstormsecurity.com/files/121777/</url>
<secunia>53599</secunia> <secunia>53599</secunia>
@@ -6354,7 +6363,7 @@
<plugin name="export-to-text"> <plugin name="export-to-text">
<vulnerability> <vulnerability>
<title>Remote File Inclusion Vulnerability</title> <title>Export to text - Remote File Inclusion Vulnerability</title>
<references> <references>
<secunia>51348</secunia> <secunia>51348</secunia>
<osvdb>93715</osvdb> <osvdb>93715</osvdb>
@@ -6468,7 +6477,7 @@
<plugin name="wp-maintenance-mode"> <plugin name="wp-maintenance-mode">
<vulnerability> <vulnerability>
<title>WP Maintenance Mode Setting Manipulation CSRF</title> <title>WP Maintenance Mode - Setting Manipulation CSRF</title>
<references> <references>
<osvdb>94450</osvdb> <osvdb>94450</osvdb>
</references> </references>
@@ -6489,7 +6498,7 @@
<plugin name="mapsmarker"> <plugin name="mapsmarker">
<vulnerability> <vulnerability>
<title>Leaflet Maps Marker Tag Multiple Parameter SQL Injection</title> <title>Leaflet Maps Marker - Tag Multiple Parameter SQL Injection</title>
<references> <references>
<osvdb>94388</osvdb> <osvdb>94388</osvdb>
</references> </references>
@@ -6522,7 +6531,7 @@
<plugin name="dropdown-menu-widget"> <plugin name="dropdown-menu-widget">
<vulnerability> <vulnerability>
<title>Dropdown Menu Widget Script Insertion CSRF</title> <title>Dropdown Menu Widget - Script Insertion CSRF</title>
<references> <references>
<osvdb>94771</osvdb> <osvdb>94771</osvdb>
</references> </references>
@@ -6532,7 +6541,7 @@
<plugin name="buddypress-extended-friendship-request"> <plugin name="buddypress-extended-friendship-request">
<vulnerability> <vulnerability>
<title>BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS <title>BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS
</title> </title>
<references> <references>
<osvdb>94807</osvdb> <osvdb>94807</osvdb>
@@ -6544,7 +6553,7 @@
<plugin name="wp-private-messages"> <plugin name="wp-private-messages">
<vulnerability> <vulnerability>
<title>wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection</title> <title>wp-private-messages - /wp-admin/profile.php msgid Parameter SQL Injection</title>
<references> <references>
<osvdb>94702</osvdb> <osvdb>94702</osvdb>
</references> </references>
@@ -6554,7 +6563,7 @@
<plugin name="stream-video-player"> <plugin name="stream-video-player">
<vulnerability> <vulnerability>
<title>Stream Video Player - - Setting Manipulation CSRF</title> <title>Stream Video Player - Setting Manipulation CSRF</title>
<references> <references>
<osvdb>94466</osvdb> <osvdb>94466</osvdb>
</references> </references>
@@ -6564,7 +6573,7 @@
<plugin name="duplicator"> <plugin name="duplicator">
<vulnerability> <vulnerability>
<title>Duplicator installer.cleanup.php package Parameter XSS</title> <title>Duplicator - installer.cleanup.php package Parameter XSS</title>
<references> <references>
<osvdb>95627</osvdb> <osvdb>95627</osvdb>
<cve>2013-4625</cve> <cve>2013-4625</cve>
@@ -6576,7 +6585,7 @@
<plugin name="citizen-space"> <plugin name="citizen-space">
<vulnerability> <vulnerability>
<title>Citizen Space Script Insertion CSRF</title> <title>Citizen Space - Script Insertion CSRF</title>
<references> <references>
<osvdb>95570</osvdb> <osvdb>95570</osvdb>
</references> </references>
@@ -6587,7 +6596,7 @@
<plugin name="spicy-blogroll"> <plugin name="spicy-blogroll">
<vulnerability> <vulnerability>
<title>Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title> <title>Spicy Blogroll - spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
<references> <references>
<osvdb>95557</osvdb> <osvdb>95557</osvdb>
<exploitdb>26804</exploitdb> <exploitdb>26804</exploitdb>
@@ -6598,7 +6607,7 @@
<plugin name="pie-register"> <plugin name="pie-register">
<vulnerability> <vulnerability>
<title>Pie Register wp-login.php Multiple Parameter XSS</title> <title>Pie Register - wp-login.php Multiple Parameter XSS</title>
<references> <references>
<osvdb>95160</osvdb> <osvdb>95160</osvdb>
</references> </references>
@@ -6609,7 +6618,7 @@
<plugin name="xhanch-my-twitter"> <plugin name="xhanch-my-twitter">
<vulnerability> <vulnerability>
<title>CSRF in admin/setting.php in Xhanch</title> <title>Xhanch my Twitter - CSRF in admin/setting.php</title>
<references> <references>
<osvdb>96027</osvdb> <osvdb>96027</osvdb>
<secunia>53133</secunia> <secunia>53133</secunia>
@@ -6636,7 +6645,7 @@
<plugin name="hms-testimonials"> <plugin name="hms-testimonials">
<vulnerability> <vulnerability>
<title>CSRF in HMS Testimonials 2.0.10</title> <title>HMS Testimonials 2.0.10 - CSRF</title>
<references> <references>
<url>http://wordpress.org/plugins/hms-testimonials/changelog/</url> <url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
<cve>2013-4240</cve> <cve>2013-4240</cve>
@@ -6651,7 +6660,7 @@
<fixed_in>2.0.11</fixed_in> <fixed_in>2.0.11</fixed_in>
</vulnerability> </vulnerability>
<vulnerability> <vulnerability>
<title>XSS in HMS Testimonials 2.0.10</title> <title>HMS Testimonials 2.0.10 - XSS</title>
<references> <references>
<url>http://wordpress.org/plugins/hms-testimonials/changelog/</url> <url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
<cve>2013-4241</cve> <cve>2013-4241</cve>
@@ -6671,20 +6680,22 @@
<vulnerability> <vulnerability>
<title>IndiaNIC Testimonial 2.2 - CSRF vulnerability</title> <title>IndiaNIC Testimonial 2.2 - CSRF vulnerability</title>
<references> <references>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url> <osvdb>96792</osvdb>
<cve>2013-5672</cve> <cve>2013-5672</cve>
<exploitdb>28054</exploitdb> <exploitdb>28054</exploitdb>
<url>http://packetstormsecurity.com/files/123036/</url> <url>http://packetstormsecurity.com/files/123036/</url>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
</vulnerability> </vulnerability>
<vulnerability> <vulnerability>
<title>IndiaNIC Testimonial 2.2 - SQL Injection vulnerability</title> <title>IndiaNIC Testimonial 2.2 - SQL Injection vulnerability</title>
<references> <references>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url> <osvdb>96793</osvdb>
<cve>2013-5673</cve> <cve>2013-5673</cve>
<exploitdb>28054</exploitdb> <exploitdb>28054</exploitdb>
<url>http://packetstormsecurity.com/files/123036/</url> <url>http://packetstormsecurity.com/files/123036/</url>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
</references> </references>
<type>SQLI</type> <type>SQLI</type>
</vulnerability> </vulnerability>
@@ -6714,7 +6725,7 @@
<plugin name="platinum-seo-pack"> <plugin name="platinum-seo-pack">
<vulnerability> <vulnerability>
<title>platinum_seo_pack.php s Parameter Reflected XSS</title> <title>platinum_seo_pack.php - s Parameter Reflected XSS</title>
<references> <references>
<osvdb>97263</osvdb> <osvdb>97263</osvdb>
</references> </references>
@@ -6792,11 +6803,11 @@
<vulnerability> <vulnerability>
<title>Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution</title> <title>Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution</title>
<references> <references>
<url>http://packetstormsecurity.com/files/123349/</url>
<url>http://xforce.iss.net/xforce/xfdb/87384</url>
<osvdb>97662</osvdb> <osvdb>97662</osvdb>
<cve>2013-5961</cve> <cve>2013-5961</cve>
<exploitdb>28452</exploitdb> <exploitdb>28452</exploitdb>
<url>http://packetstormsecurity.com/files/123349/</url>
<url>http://xforce.iss.net/xforce/xfdb/87384</url>
</references> </references>
<type>UPLOAD</type> <type>UPLOAD</type>
</vulnerability> </vulnerability>