diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 362fc5c4..9b9fe9f3 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -21,26 +21,29 @@
LFI
- UnGallery Arbitrary < 2.1.6 Command Execution
+ UnGallery Arbitrary Command Execution
http://secunia.com/advisories/50875/
http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/
RCE
+ 2.1.6
- Thank You Counter Button < 1.8.3 XSS
+ Thank You Counter Button XSS
http://secunia.com/advisories/50977/
XSS
+ 1.8.3
- Bookings < 1.8.3 XSS
+ Bookings XSS
http://secunia.com/advisories/50975/
XSS
+ 1.8.3
@@ -55,17 +58,19 @@
- WordPress FireStorm Professional Real Estate Plugin < 2.06.04 "id" SQL Injection Vulnerability
+ WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability
http://secunia.com/advisories/51107/
SQLI
+ 2.06.04
- FireStorm Professional Real Estate Plugin < 2.06.03 Multiple SQL Injection
+ FireStorm Professional Real Estate Plugin Multiple SQL Injection
http://secunia.com/advisories/50873/
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
SQLI
+ 2.06.03
@@ -123,13 +128,14 @@
- Google Document Embedder < 2.5.4 Arbitrary File Disclosure
+ Google Document Embedder Arbitrary File Disclosure
http://www.exploit-db.com/exploits/23970/
http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
http://secunia.com/advisories/50832/
exploit/unix/webapp/wp_google_document_embedder_exec
UNKNOWN
+ 2.5.4
@@ -211,10 +217,11 @@
- Shopping Cart <, 8.1.15 Shell Upload / SQL Injection
+ Shopping Cart Shell Upload / SQL Injection
http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt
http://secunia.com/advisories/51690/
MULTI
+ 8.1.15
@@ -454,9 +461,10 @@
XSS
- WordPress Carousel Slideshow Plugin < 3.10 Unspecified Vulnerabilities
+ WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities
http://secunia.com/advisories/50377/
UNKNOWN
+ 3.10
@@ -517,9 +525,10 @@
XSS
- WordPress Image News slider Plugin < 3.4 Unspecified Vulnerabilities
+ WordPress Image News slider Plugin Unspecified Vulnerabilities
http://secunia.com/advisories/50390/
UNKNOWN
+ 3.4
@@ -601,11 +610,12 @@
- Ajax Post Search < 1.3 Sql Injection
+ Ajax Post Search Sql Injection
http://seclists.org/bugtraq/2012/Nov/33
http://secunia.com/advisories/51205/
http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html
SQLI
+ 1.3
@@ -769,10 +779,11 @@
- Backup Plugin < 2.1 Information Disclosure
+ Backup Plugin Information Disclosure
http://www.exploit-db.com/exploits/19524/
http://secunia.com/advisories/50038/
UNKNOWN
+ 2.1
@@ -980,9 +991,10 @@
AUTHBYPASS
- WordPress Mac Photo Gallery Plugin < 3.0 Multiple Script Insertion Vulnerabilities
+ WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/49836/
XSS
+ 3.0
Mac Photo Gallery 2.7 Arbitrary File Upload
@@ -1139,9 +1151,10 @@
MULTI
- store-locator-le < 3.8.7 SQL Injection
+ store-locator-le SQL Injection
http://secunia.com/advisories/51757/
SQLI
+ 3.8.7
@@ -1433,9 +1446,10 @@
- Login With Ajax plugin < 3.0.4.1 Cross Site Scripting
+ Login With Ajax plugin Cross Site Scripting
http://secunia.com/advisories/49013/
XSS
+ 3.0.4.1
@@ -1462,9 +1476,10 @@
- WordPress Zingiri Web Shop Plugin < 2.4.8 Cookie SQL Injection Vulnerability
+ WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability
http://secunia.com/advisories/49398/
SQLI
+ 2.4.8
Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities
@@ -1711,9 +1726,10 @@
- Click Desk Live Support Chat < 2.0 Cross Site Scripting Vulnerability
+ Click Desk Live Support Chat Cross Site Scripting Vulnerability
http://seclists.org/bugtraq/2011/Nov/148
XSS
+ 2.0
@@ -2142,9 +2158,10 @@
MULTI
- WP-Cumulus < 1.23 Cross Site Scripting Vulnerabily
+ WP-Cumulus Cross Site Scripting Vulnerabily
http://seclists.org/fulldisclosure/2011/Nov/340
XSS
+ 1.23
@@ -2573,9 +2590,10 @@
- WordPress yolink Search Plugin < 2.6 "s" Cross-Site Scripting Vulnerability
+ WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52030/
XSS
+ 2.6
yolink Search plugin <= 1.1.4 SQL Injection Vulnerability
@@ -2753,9 +2771,10 @@
SQLI
- WordPress WP-Filebase Plugin < 0.2.9.25 Unspecified Vulnerabilities
+ WordPress WP-Filebase Plugin Unspecified Vulnerabilities
http://secunia.com/advisories/51269/
UNKNOWN
+ 0.2.9.25
@@ -2840,9 +2859,10 @@
RFI
- Mailing List < 1.4.1 Arbitrary file download
+ Mailing List Arbitrary file download
http://www.exploit-db.com/exploits/18276/
UNKNOWN
+ 1.4.1
@@ -3047,9 +3067,10 @@
- WordPress GD Star Rating Plugin < 1.9.19 Export Security Bypass Security Issue
+ WordPress GD Star Rating Plugin Export Security Bypass Security Issue
http://secunia.com/advisories/49850/
AUTHBYPASS
+ 1.9.19
GD Star Rating plugin <= 1.9.16 Cross Site Scripting
@@ -3083,19 +3104,22 @@
XSS
- WP Photo Album Plus < 4.9.1 Full Path Disclosure
+ WP Photo Album Plus Full Path Disclosure
http://1337day.com/exploit/20125
FPD
+ 4.9.1
- WP Photo Album Plus < 4.9.3 XSS
+ WP Photo Album Plus XSS
http://secunia.com/advisories/51829/
XSS
+ 4.9.3
- WP Photo Album Plus < 4.9.3 XSS
+ WP Photo Album Plus XSS
http://secunia.com/advisories/51669/
XSS
+ 4.9.3
@@ -3114,24 +3138,26 @@
- portable-phpMyAdmin < 1.3.1 Authentication Bypass
+ portable-phpMyAdmin Authentication Bypass
http://www.exploit-db.com/exploits/23356
http://secunia.com/advisories/51520/
AUTHBYPASS
+ 1.3.1
- super-refer-a-friend < 1.0 Full Path Disclosure
+ super-refer-a-friend Full Path Disclosure
http://1337day.com/exploit/20126
FPD
+ 1.0
- W3-Total-Cache 0.9.2.4 (or before) Username and Hash Extract
+ W3-Total-Cache Username and Hash Extract
http://seclists.org/fulldisclosure/2012/Dec/242
https://github.com/FireFart/W3TotalCacheExploit
auxiliary/gather/wp_w3_total_cache_hash_extract
@@ -3139,7 +3165,7 @@
0.9.2.5
- W3-Total-Cache < 0.9.2.9 Remote Code Execution
+ W3-Total-Cache Remote Code Execution
http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
http://wordpress.org/support/topic/pwn3d
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
@@ -3151,11 +3177,12 @@
- WP-Super-Cache < 1.3.1 Remote Code Execution
+ WP-Super-Cache Remote Code Execution
http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
http://wordpress.org/support/topic/pwn3d
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
RCE
+ 1.3.1
@@ -3198,30 +3225,34 @@
- Simple Login Log Plugin < 0.9.4 XSS
+ Simple Login Log Plugin XSS
http://secunia.com/advisories/51780/
XSS
+ 0.9.4
- Simple Login Log Plugin < 0.9.4 SQL Injection
+ Simple Login Log Plugin SQL Injection
http://secunia.com/advisories/51780/
SQLI
+ 0.9.4
- wp-slimstat < 2.8.5 XSS
+ wp-slimstat XSS
http://secunia.com/advisories/51721/
XSS
+ 2.8.5
- browser-rejector < 2.11 Remote and Local File Inclusion
+ browser-rejector Remote and Local File Inclusion
http://secunia.com/advisories/51739/
LFI
+ 2.11
@@ -3235,9 +3266,10 @@
- WordPress Poll Plugin < 34.06 Cross-Site Request Forgery Vulnerability
+ WordPress Poll Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51925/
CSRF
+ 34.06
Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin
@@ -3247,9 +3279,10 @@
SQLI
- WordPress Poll Plugin < 33.6 Multiple SQL Injection Vulnerabilities
+ WordPress Poll Plugin Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/50910/
SQLI
+ 33.6
@@ -3265,26 +3298,29 @@
- WordPress DVS Custom Notification Plugin < 1.0.1 Cross-Site Request Forgery Vulnerability
+ WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51531/
CSRF
+ 1.0.1
- WordPress Events Manager Plugin < 5.3.4 Multiple Cross-Site Scripting Vulnerabilities
+ WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/51869/
XSS
+ 5.3.4
- WordPress SolveMedia < 1.1.1 CSRF Vulnerability
+ WordPress SolveMedia CSRF Vulnerability
http://1337day.com/exploit/20222
http://secunia.com/advisories/51927/
CSRF
+ 1.1.1
@@ -3330,9 +3366,10 @@
- WordPress vTiger CRM Lead Capture Plugin < 1.1.0 Unspecified Vulnerability
+ WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability
http://secunia.com/advisories/51305/
UNKNOWN
+ 1.1.0
@@ -3354,18 +3391,20 @@
- SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin < 2.2.1
+ SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin
https://www.htbridge.com/advisory/HTB23140
http://packetstormsecurity.com/files/120089/wpwysijanl-sql.txt
http://seclists.org/bugtraq/2013/Feb/29
http://cxsecurity.com/issue/WLB-2013020039
SQLI
+ 2.2.1
- WordPress Wysija Newsletters Plugin < 2.1.7 swfupload Cross-Site Scripting Vulnerability
+ WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51249/
http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
XSS
+ 2.1.7
@@ -3395,65 +3434,73 @@
- WordPress Zingiri Form Builder Plugin < 1.2.1 "error" Cross-Site Scripting Vulnerability
+ WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50983/
XSS
+ 1.2.1
- WordPress White Label CMS Plugin < 1.5.1 Cross-Site Request Forgery Vulnerability
+ WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50487/
CSRF
+ 1.5.1
- Wordpress Download Shortcode Plugin < 0.2.1 "file" Arbitrary File Disclosure Vulnerability
+ Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/50924/
LFI
+ 0.2.1
- WordPress Crayon Syntax Highlighter Plugin < 1.13"wp_load" Remote File Inclusion Vulnerability
+ WordPress Crayon Syntax Highlighter Plugin "wp_load" Remote File Inclusion Vulnerability
http://secunia.com/advisories/50804/
RFI
+ 1.13
- WordPress eShop Magic Plugin < 0.2 "file" Arbitrary File Disclosure Vulnerability
+ WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/50933/
LFI
+ 0.2
- WordPress Pinterest "Pin It" Button Lite Plugin < 1.4.0 Multiple Unspecified Vulnerabilities
+ WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/50868/
MULTI
+ 1.4.0
- WordPress CSS Plus Plugin < 1.3.2 Unspecified Vulnerabilities
+ WordPress CSS Plus Plugin Unspecified Vulnerabilities
http://secunia.com/advisories/50793/
UNKNOWN
+ 1.3.2
- WordPress Multisite Plugin Manager Plugin < 3.1.2 Two Cross-Site Scripting Vulnerabilities
+ WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50762/
XSS
+ 3.1.2
@@ -3504,9 +3551,10 @@
XSS
- WordPress WP-TopBar Plugin < 4.0.3 Cross-Site Request Forgery Vulnerability
+ WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50693/
CSRF
+ 4.0.3
@@ -3520,25 +3568,28 @@
- WordPress Cloudsafe365 Plugin < 1.47 Multiple Vulnerabilities
+ WordPress Cloudsafe365 Plugin Multiple Vulnerabilities
http://secunia.com/advisories/50392/
MULTI
+ 1.47
- WordPress Vitamin Plugin < 1.1 Two Arbitrary File Disclosure Vulnerabilities
+ WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities
http://secunia.com/advisories/50176/
LFI
+ 1.1
- WordPress Featured Post with thumbnail Plugin < 1.5 Unspecified timthumb Vulnerability
+ WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability
http://secunia.com/advisories/50161/
UNKNOWN
+ 1.5
@@ -3552,10 +3603,11 @@
- WordPress XVE Various Embed Plugin JW Player < 1.0.4 Multiple Cross-Site Scripting Vulnerabilities
+ <title>WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50173/
XSS
+ 1.0.4
@@ -3569,41 +3621,46 @@
- WordPress Backend Localization Plugin < 2.0 Cross-Site Scripting Vulnerabilities
+ WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50099/
XSS
+ 2.0
- WordPress Flexi Quote Rotator Plugin < 0.9.2 Cross-Site Request Forgery and SQL Injection Vulnerabilities
+ WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities
http://secunia.com/advisories/49910/
MULTI
+ 0.9.2
- WordPress Get Off Malicious Scripts < 1.2.07.20 Cross-Site Scripting Vulnerability
+ WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50030/
XSS
+ 1.2.07.20
- WordPress Cimy User Extra Fields Plugin < 2.3.9 Arbitrary File Upload Vulnerability
+ WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49975/
UPLOAD
+ 2.3.9
- WordPress Nmedia Users File Uploader Plugin < 2.0 Arbitrary File Upload Vulnerability
+ WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49996/
UPLOAD
+ 2.0
@@ -3657,9 +3714,10 @@
- WordPress Simple History Plugin < 1.0.8 RSS Feed "rss_secret" Disclosure Weakness
+ WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness
http://secunia.com/advisories/51998/
UNKNOWN
+ 1.0.8
@@ -3678,11 +3736,12 @@
XSS
- Wordpress wp-table-reloaded plugin < 1.9.4 cross-site scripting in SWF
+ Wordpress wp-table-reloaded plugin cross-site scripting in SWF
http://packetstormsecurity.com/files/119968/wptablereloaded-xss.txt
http://secunia.com/advisories/52027/
http://seclists.org/bugtraq/2013/Feb/28
XSS
+ 1.9.4
@@ -3712,13 +3771,14 @@
- Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin < 2.92.4
+ Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin
https://www.htbridge.com/advisory/HTB23138
http://packetstormsecurity.com/files/120090/wpcommentluv-xss.txt
http://seclists.org/bugtraq/2013/Feb/30
http://cxsecurity.com/issue/WLB-2013020040
http://secunia.com/advisories/52092/
XSS
+ 2.92.4
@@ -3732,18 +3792,20 @@
- WordPress WP ecommerce Shop Styling Plugin < 1.8 "dompdf" Remote File Inclusion Vulnerability
+ WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability
http://secunia.com/advisories/51707/
RFI
+ 1.8
- Wordpress Audio Player Plugin < 2.0.4.6 XSS in SWF
+ Wordpress Audio Player Plugin XSS in SWF
http://seclists.org/bugtraq/2013/Feb/35
http://secunia.com/advisories/52083/
XSS
+ 2.0.4.6
@@ -4211,26 +4273,29 @@
- bigcontact < 1.4.7 SQLI
+ bigcontact SQLI
http://plugins.trac.wordpress.org/changeset/689798
SQLI
+ 1.4.7
- drawblog < 0.81 CSRF
+ drawblog CSRF
http://plugins.trac.wordpress.org/changeset/691178
CSRF
+ 0.81
- social-media-widget < 4.0.1 malicious code
+ social-media-widget malicious code
http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk
http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
UNKNOWN
+ 4.0.1