Update plugin_vulns.xml

2013-10-20 12:06:21 +02:00
parent 49883bbc3a
commit edf2ac481b
1 changed files with 52 additions and 1 deletions
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -870,6 +870,16 @@
    </vulnerability>
  </plugin>

+  <plugin name="wp-image-resizer">
+    <vulnerability>
+      <title>Image Resizer - Cross Site Scripting</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/123651/</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
  <plugin name="wp-levoslideshow">
    <vulnerability>
      <title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
@@ -4775,13 +4785,20 @@

  <plugin name="woocommerce">
    <vulnerability>
-      <title>WooCommerce - index.php calc_shipping_state Parameter XSS</title>
+      <title>WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS</title>
      <references>
        <osvdb>95480</osvdb>
      </references>
      <type>XSS</type>
      <fixed_in>2.0.13</fixed_in>
    </vulnerability>
+    <vulnerability>
+      <title>WooCommerce 2.0.17 - Cross Site Scripting</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/123684/</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
  </plugin>

  <plugin name="wp-e-commerce-predictive-search">
@@ -7114,6 +7131,18 @@
    </vulnerability>
  </plugin>

+  <plugin name="quick-paypal-payments">
+    <vulnerability>
+      <title>Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS</title>
+      <references>
+        <osvdb>98715</osvdb>
+        <secunia>55292</secunia>
+        <url>http://packetstormsecurity.com/files/123662/</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
  <plugin name="email-newsletter">
    <vulnerability>
      <title>Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability</title>
@@ -7415,4 +7444,26 @@
    </vulnerability>
  </plugin>

+  <plugin name="wp-realty">
+    <vulnerability>
+      <title>WP Realty - Blind SQL Injection</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/123655/</url>
+      </references>
+      <type>SQLI</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="social-sharing-toolkit">
+    <vulnerability>
+      <title>Social Sharing Toolkit 2.2.1 - Setting Manipulation CSRF</title>
+      <references>
+        <osvdb>98717</osvdb>
+        <cve>2013-2701</cve>
+        <secunia>52951</secunia>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>