garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #338 from pvdl/master

Browse Source 
update wordpress vulns
This commit is contained in:
erwanlr
2013-10-24 14:13:31 -07:00
parent 40f1fd5c4b e148933c11
commit f2430171c6
1 changed files with 69 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
data/plugin_vulns.xml
View File

@@ -2247,6 +2247,15 @@
</references> </references>
<type>XSS</type> <type>XSS</type>
</vulnerability> </vulnerability>
<vulnerability>
<title>CMS Tree Page View 1.2.4 - Page Creation CSRF</title>
<references>
<osvdb>91270</osvdb>
<secunia>52581</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.2.5</fixed_in>
</vulnerability>
</plugin> </plugin>
<plugin name="all-in-one-event-calendar"> <plugin name="all-in-one-event-calendar">
@@ -4881,8 +4890,9 @@
<plugin name="wysija-newsletters"> <plugin name="wysija-newsletters">
<vulnerability> <vulnerability>
<title>Wysija Newsletters - SQL Injection Vulnerability</title> <title>Wysija Newsletters 2.2 - SQL Injection Vulnerability</title>
<references> <references>
<osvdb>89924</osvdb>
<url>https://www.htbridge.com/advisory/HTB23140</url> <url>https://www.htbridge.com/advisory/HTB23140</url>
<url>http://packetstormsecurity.com/files/120089/</url> <url>http://packetstormsecurity.com/files/120089/</url>
<url>http://seclists.org/bugtraq/2013/Feb/29</url> <url>http://seclists.org/bugtraq/2013/Feb/29</url>
@@ -5280,7 +5290,9 @@
<vulnerability> <vulnerability>
<title>Simple History - RSS Feed "rss_secret" Disclosure Weakness</title> <title>Simple History - RSS Feed "rss_secret" Disclosure Weakness</title>
<references> <references>
<osvdb>89640</osvdb>
<secunia>51998</secunia> <secunia>51998</secunia>
<url>http://www.securityfocus.com/bid/57628</url>
</references> </references>
<type>UNKNOWN</type> <type>UNKNOWN</type>
<fixed_in>1.0.8</fixed_in> <fixed_in>1.0.8</fixed_in>
@@ -5358,8 +5370,9 @@
<plugin name="commentluv"> <plugin name="commentluv">
<vulnerability> <vulnerability>
<title>CommentLuv - Cross Site Scripting Vulnerability</title> <title>CommentLuv 2.92.3 - Cross Site Scripting Vulnerability</title>
<references> <references>
<osvdb>89925</osvdb>
<url>https://www.htbridge.com/advisory/HTB23138</url> <url>https://www.htbridge.com/advisory/HTB23138</url>
<url>http://packetstormsecurity.com/files/120090/</url> <url>http://packetstormsecurity.com/files/120090/</url>
<url>http://seclists.org/bugtraq/2013/Feb/30</url> <url>http://seclists.org/bugtraq/2013/Feb/30</url>
@@ -5424,20 +5437,6 @@
</vulnerability> </vulnerability>
</plugin> </plugin>
<plugin name="wp-online-store">
<vulnerability>
<title>WP Online Store 1.3.1 - downloaded before 2013-01-17 File Disclosure and File Inclusion
Vulnerabilities
</title>
<references>
<secunia>50836</secunia>
<url>http://ceriksen.com/2013/02/18/wordpress-online-store-arbitrary-file-disclosure/</url>
<url>http://ceriksen.com/2013/02/18/wordpress-online-store-local-file-inclusion-vulnerability/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="password-protected"> <plugin name="password-protected">
<vulnerability> <vulnerability>
<title>Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect</title> <title>Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect</title>
@@ -5855,13 +5854,24 @@
<plugin name="occasions"> <plugin name="occasions">
<vulnerability> <vulnerability>
<title>Occasions 1.0.4 - CSRF Vulnerability</title> <title>Occasions 1.0.4 - Manipulation CSRF</title>
<references> <references>
<osvdb>91489</osvdb>
<exploitdb>24858</exploitdb> <exploitdb>24858</exploitdb>
<osvdb>91490</osvdb> <secunia>52651</secunia>
<url>http://packetstormsecurity.com/files/120871/</url>
</references> </references>
<type>CSRF</type> <type>CSRF</type>
</vulnerability> </vulnerability>
<vulnerability>
<title>Occasions 1.0.4 - occasions/occasions.php occ_content1 Parameter XSS</title>
<references>
<osvdb>91490</osvdb>
<exploitdb>24858</exploitdb>
<url>http://packetstormsecurity.com/files/120871/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin> </plugin>
<plugin name="mathjax-latex"> <plugin name="mathjax-latex">
@@ -7559,6 +7569,47 @@
</references> </references>
<type>XSS</type> <type>XSS</type>
</vulnerability> </vulnerability>
<vulnerability>
<title>Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS</title>
<references>
<osvdb>90366</osvdb>
<secunia>51088</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-mailup">
<vulnerability>
<title>MailUp 1.3.2 - ajax.functions.php Ajax Function Call Handling XSS Weakness</title>
<references>
<osvdb>91274</osvdb>
<cve>2013-0731</cve>
<secunia>51917</secunia>
</references>
<type>XSS</type>
<fixed_in>1.3.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-online-store">
<vulnerability>
<title>WP Online Store 1.3.1 - index.php slug Parameter Traversal Local File Inclusion</title>
<references>
<osvdb>90243</osvdb>
<secunia>50836</secunia>
</references>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>WP Online Store 1.3.1 - index.php Multiple Parameter Traversal Arbitrary File Access</title>
<references>
<osvdb>90244</osvdb>
<secunia>50836</secunia>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin> </plugin>
</vulnerabilities> </vulnerabilities>