Bumps the version

Example output:
  1) XML content each plugin vuln needs a type node
     Failure/Error: @result.should have(0).items, "Items:\n#{@result.join("\n")}"
       Items:
       ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure
       Gallery Plugin 3.8.3 - gallery-plugin.php filename_1 Parameter Arbitrary File Access
       EZPZ One Click Backup <= 12.03.10 - OS Command Injection
       BulletProof Security - Security Log Script Insertion Vulnerability
       Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure
       HMS Testimonials 2.0.10 - CSRF
       HMS Testimonials 2.0.10 - XSS
       platinum_seo_pack.php - s Parameter Reflected XSS
       Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability

.travis.yml

@@ -5,7 +5,7 @@ rvm:
   - 2.0.0
   - 2.1.0
   - 2.1.1
-script: bundle exec rspec --format documentation
+script: bundle exec rspec
 notifications:
   email:
     - wpscanteam@gmail.com

Gemfile

@@ -4,7 +4,7 @@ gem "typhoeus", "~>0.6.8"
 gem "nokogiri"
 gem "json"
 gem "terminal-table"
-gem "ruby-progressbar", ">=1.2.0"
+gem "ruby-progressbar", "~>1.4.2"
 
 group :test do
   gem "webmock", ">=1.17.2"

README

@@ -35,6 +35,7 @@ ryandewhurst at gmail
    * Kali Linux
    * Pentoo
    * SamuraiWTF
+   * ArchAssault
 
   Prerequisites:
 
@@ -131,15 +132,15 @@ ryandewhurst at gmail
     ap       all plugins (can take a long time)
     tt       timthumbs
     t        themes
-    vp       only vulnerable themes
+    vt       only vulnerable themes
     at       all themes (can take a long time)
-  Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+  Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
-  If no option is supplied, the default is 'vt,tt,u,vp'
+  If no option is supplied, the default is "vt,tt,u,vp"
 
---exclude-content-based '<regexp or string>'  Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
-                                              You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
 
---config-file | -c <config file> Use the specified config file
+--config-file | -c <config file> Use the specified config file, see the example.conf.json
 
 --user-agent | -a <User-Agent> Use the specified User-Agent
 
@@ -151,31 +152,35 @@ ryandewhurst at gmail
 
 --wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
 
---proxy <[protocol://]host:port>  Supply a proxy (will override the one from conf/browser.conf.json).
+--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
-                                  HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+                                 HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
 
---proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).
+--proxy-auth <username:password>  Supply the proxy login credentials.
 
---basic-auth <username:password>  Set the HTTP Basic authentication
+--basic-auth <username:password>  Set the HTTP Basic authentication.
 
 --wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
 
---threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+--threads  | -t <number of threads>  The number of threads to use when multi-threading requests.
 
 --username | -U <username>  Only brute force the supplied username.
 
---cache-ttl <cache-ttl>  Typhoeus cache TTL
+--cache-ttl <cache-ttl>  Typhoeus cache TTL.
 
---request-timeout <request-timeout>  Request Timeout
+--request-timeout <request-timeout>  Request Timeout.
 
---connect-timeout <connect-timeout>  Connect Timeout
+--connect-timeout <connect-timeout>  Connect Timeout.
 
---max-threads <max-threads>  Maximum Threads
+--max-threads <max-threads>  Maximum Threads.
 
 --help     | -h This help screen.
 
 --verbose  | -v Verbose output.
 
+--batch Never ask for user input, use the default behaviour.
+
+--no-color Do not use colors in the output.
+
 ==WPSCAN EXAMPLES==
 
 Do 'non-intrusive' checks...
@@ -212,17 +217,21 @@ Debug output...
 
 ==WPSTOOLS ARGUMENTS==
 
---help    | -h   This help screen.
+-v, --verbose                                                Verbose output
---Verbose | -v   Verbose output.
+    --check-vuln-ref-urls, --cvru                            Check all the vulnerabilities reference urls for 404
---update  | -u   Update to the latest revision.
+    --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY   Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
---generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
+    --generate-plugin-list, --gpl [NUMBER_OF_PAGES]          Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
---gpl  Alias for --generate_plugin_list
+    --generate-full-plugin-list, --gfpl                      Generate a new full data/plugins.txt file
---check-local-vulnerable-files | --clvf <local directory>  Perform a recursive scan in the <local directory> to find vulnerable files or shells
+    --generate-theme-list, --gtl [NUMBER_OF_PAGES]           Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)
+    --generate-full-theme-list, --gftl                       Generate a new full data/themes.txt file
+    --generate-all, --ga                                     Generate a new full plugins, full themes, popular plugins and popular themes list
+-s, --stats                                                  Show WpScan Database statistics
+    --spellcheck, --sc                                       Check all files for common spelling mistakes.
 
 ==WPSTOOLS EXAMPLES==
 
 - Generate a new 'most popular' plugin list, up to 150 pages ...
-ruby wpstools.rb --generate_plugin_list 150
+ruby wpstools.rb --generate-plugin-list 150
 
 - Locally scan a wordpress installation for vulnerable files or shells :
 ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/

README.md

@@ -30,6 +30,7 @@ WPScan comes pre-installed on the following Linux distributions:
 - [Kali Linux](http://www.kali.org/)
 - [Pentoo](http://www.pentoo.ch/)
 - [SamuraiWTF](http://samurai.inguardians.com/)
+- [ArchAssault](https://archassault.org/)
 
 Prerequisites:
 
@@ -130,7 +131,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
 
 #### WPSCAN ARGUMENTS
 
-    --update  Update to the latest revision
+    --update   Update to the latest revision
 
     --url   | -u <target url>  The WordPress URL/domain to scan.
 
@@ -147,13 +148,13 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
         t        themes
         vt       only vulnerable themes
         at       all themes (can take a long time)
-    Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+      Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
-    If no option is supplied, the default is 'vt,tt,u,vp'
+      If no option is supplied, the default is "vt,tt,u,vp"
 
-    --exclude-content-based '<regexp or string>'  Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+    --exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
-                                                  You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+                                                 You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
 
-    --config-file | -c <config file> Use the specified config file
+    --config-file | -c <config file> Use the specified config file, see the example.conf.json
 
     --user-agent | -a <User-Agent> Use the specified User-Agent
 
@@ -165,31 +166,35 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
 
     --wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
 
-    --proxy <[protocol://]host:port>  Supply a proxy (will override the one from conf/browser.conf.json).
+    --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
-                                      HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+                                     HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
 
-    --proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).
+    --proxy-auth <username:password>  Supply the proxy login credentials.
 
-    --basic-auth <username:password>  Set the HTTP Basic authentication
+    --basic-auth <username:password>  Set the HTTP Basic authentication.
 
     --wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
 
-    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests.
 
     --username | -U <username>  Only brute force the supplied username.
 
-    --cache-ttl <cache-ttl>  Typhoeus cache TTL
+    --cache-ttl <cache-ttl>  Typhoeus cache TTL.
 
-    --request-timeout <request-timeout>  Request Timeout
+    --request-timeout <request-timeout>  Request Timeout.
 
-    --connect-timeout <connect-timeout>  Connect Timeout
+    --connect-timeout <connect-timeout>  Connect Timeout.
 
-    --max-threads <max-threads>  Maximum Threads
+    --max-threads <max-threads>  Maximum Threads.
 
     --help     | -h This help screen.
 
     --verbose  | -v Verbose output.
 
+    --batch Never ask for user input, use the default behaviour.
+
+    --no-color Do not use colors in the output.
+
 #### WPSCAN EXAMPLES
 
 Do 'non-intrusive' checks...
@@ -226,18 +231,23 @@ Debug output...
 
 #### WPSTOOLS ARGUMENTS
 
-    --help    | -h   This help screen.
+    -v, --verbose                                                Verbose output
-    --Verbose | -v   Verbose output.
+        --check-vuln-ref-urls, --cvru                            Check all the vulnerabilities reference urls for 404
-    --update  | -u   Update to the latest revision.
+        --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY   Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
-    --generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
+        --generate-plugin-list, --gpl [NUMBER_OF_PAGES]          Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
-    --gpl  Alias for --generate_plugin_list
+        --generate-full-plugin-list, --gfpl                      Generate a new full data/plugins.txt file
-    --check-local-vulnerable-files | --clvf <local directory>  Perform a recursive scan in the <local directory> to find vulnerable files or shells
+        --generate-theme-list, --gtl [NUMBER_OF_PAGES]           Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)
+        --generate-full-theme-list, --gftl                       Generate a new full data/themes.txt file
+        --generate-all, --ga                                     Generate a new full plugins, full themes, popular plugins and popular themes list
+    -s, --stats                                                  Show WpScan Database statistics.
+        --spellcheck, --sc                                       Check all files for common spelling mistakes.
+
 
 #### WPSTOOLS EXAMPLES
 
 Generate a new 'most popular' plugin list, up to 150 pages...
 
-```ruby wpstools.rb --generate_plugin_list 150```
+```ruby wpstools.rb --generate-plugin-list 150```
 
 Locally scan a wordpress installation for vulnerable files or shells :
 ```ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/```

data/plugin_vulns.xml

@@ -326,12 +326,17 @@
 
   <plugin name="zingiri-forum">
     <vulnerability>
-      <title>Zingiri Forum - Arbitrary File Disclosure</title>
+      <title>Zingiri Forum 1.4.2 - forum.php zing_forum_output Function url Parameter XSS</title>
       <references>
+        <osvdb>89069</osvdb>
+        <cve>2012-4920</cve>
         <secunia>50833</secunia>
+        <url>http://www.securityfocus.com/bid/57224</url>
+        <url>http://xforce.iss.net/xforce/xfdb/81156</url>
         <url>http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/</url>
       </references>
-      <type>UNKNOWN</type>
+      <type>XSS</type>
+      <fixed_in>1.4.4</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -598,6 +603,7 @@
       <references>
         <osvdb>88869</osvdb>
       </references>
+      <type>FPD</type>
     </vulnerability>
     <vulnerability>
       <title>ReFlex Gallery 1.3 - Shell Upload</title>
@@ -620,6 +626,7 @@
       <title>Uploader 1.0.4 - notify.php blog Parameter XSS</title>
       <references>
         <osvdb>90840</osvdb>
+        <cve>2013-2287</cve>
         <secunia>52465</secunia>
       </references>
       <type>XSS</type>
@@ -2157,6 +2164,7 @@
         <url>http://www.securityfocus.com/bid/57256</url>
         <url>http://seclists.org/bugtraq/2013/Jan/45</url>
       </references>
+      <type>LFI</type>
     </vulnerability>
   </plugin>
 
@@ -2679,6 +2687,15 @@
   </plugin>
 
   <plugin name="ezpz-one-click-backup">
+    <vulnerability>
+      <title>EZPZ One Click Backup &lt;= 12.03.10 - OS Command Injection</title>
+      <references>
+        <osvdb>106511</osvdb>
+        <cve>2014-3114</cve>
+        <url>http://www.openwall.com/lists/oss-security/2014/05/01/11</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
     <vulnerability>
       <title>EZPZ One Click Backup &lt;= 12.03.10 - Cross Site Scripting</title>
       <references>
@@ -2815,6 +2832,7 @@
         <cve>2013-3487</cve>
         <secunia>53614</secunia>
       </references>
+      <type>XSS</type>
       <fixed_in>0.49</fixed_in>
     </vulnerability>
   </plugin>
@@ -3648,14 +3666,43 @@
 
   <plugin name="wp-ds-faq">
     <vulnerability>
-      <title>WP DS FAQ &lt;= 1.3.2 - SQL Injection Vulnerability</title>
+      <title>WP DS FAQ &lt;= 1.3.2 - ajax.php id Parameter SQL Injection</title>
       <references>
+        <osvdb>74574</osvdb>
+        <secunia>45640</secunia>
         <exploitdb>17683</exploitdb>
       </references>
       <type>SQLI</type>
     </vulnerability>
   </plugin>
 
+  <plugin name="wp-ds-faq-plus">
+    <vulnerability>
+      <title>WP DS FAQ Plus 1.0.12 - Multiple Unspecified Issues</title>
+      <references>
+        <osvdb>106614</osvdb>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>1.0.13</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>WP DS FAQ Plus 1.0.11 - Multiple Unspecified Issues</title>
+      <references>
+        <osvdb>106615</osvdb>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>1.0.12</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>WP DS FAQ Plus 1.0.3 - Multiple Unspecified CSRF</title>
+      <references>
+        <osvdb>106618</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.0.3</fixed_in>
+    </vulnerability>
+  </plugin>
+
   <plugin name="odihost-newsletter-plugin">
     <vulnerability>
       <title>OdiHost Newsletter &lt;= 1.0 - SQL Injection Vulnerability</title>
@@ -5978,6 +6025,7 @@
         <osvdb>98766</osvdb>
         <url>http://seclists.org/oss-sec/2013/q4/138</url>
       </references>
+      <type>FPD</type>
     </vulnerability>
     <vulnerability>
       <title>Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass</title>
@@ -6416,12 +6464,20 @@
 
   <plugin name="solvemedia">
     <vulnerability>
-      <title>SolveMedia 1.1.0 - CSRF Vulnerability</title>
+      <title>SolveMedia 1.1.0 - plugins.php API Key Manipulation CSRF</title>
       <references>
-        <exploitdb>24364</exploitdb>
         <osvdb>89585</osvdb>
-        <url>http://1337day.com/exploit/20222</url>
         <secunia>51927</secunia>
+        <exploitdb>24364</exploitdb>
+        <url>http://1337day.com/exploit/20222</url>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.1.1</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>SolveMedia 1.1.0 -  solvemedia.admin.inc Admin Options Page CSRF</title>
+      <references>
+        <osvdb>106320</osvdb>
       </references>
       <type>CSRF</type>
       <fixed_in>1.1.1</fixed_in>
@@ -8081,6 +8137,14 @@
   </plugin>
 
   <plugin name="syntaxhighlighter">
+    <vulnerability>
+      <title>SyntaxHighlighter Evolved 3.1.9 - Unspecified XSS</title>
+      <references>
+        <osvdb>106587</osvdb>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.1.10</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>SyntaxHighlighter Evolved 3.1.5 - clipboard.swf Unspecified XSS</title>
       <references>
@@ -8493,10 +8557,11 @@
 
   <plugin name="qtranslate">
     <vulnerability>
-      <title>qTranslate - Cross-Site Request Forgery Vulnerability</title>
+      <title>qTranslate 2.5.34 - Setting Manipulation CSRF</title>
       <references>
-        <secunia>53126</secunia>
         <osvdb>93873</osvdb>
+        <cve>2013-3251</cve>
+        <secunia>53126</secunia>
       </references>
       <type>CSRF</type>
     </vulnerability>
@@ -8733,6 +8798,7 @@
       <title>Stream Video Player &lt;= 1.4.0 - Setting Manipulation CSRF</title>
       <references>
         <osvdb>94466</osvdb>
+        <cve>2013-2706</cve>
         <secunia>52954</secunia>
       </references>
       <type>CSRF</type>
@@ -8832,6 +8898,7 @@
         <exploitdb>27531</exploitdb>
         <url>http://packetstormsecurity.com/files/122761/</url>
       </references>
+      <type>CSRF</type>
       <fixed_in>2.0.11</fixed_in>
     </vulnerability>
     <vulnerability>
@@ -8848,6 +8915,7 @@
         <exploitdb>27531</exploitdb>
         <url>http://packetstormsecurity.com/files/122761/</url>
       </references>
+      <type>XSS</type>
       <fixed_in>2.0.11</fixed_in>
     </vulnerability>
   </plugin>
@@ -8907,6 +8975,7 @@
         <osvdb>97263</osvdb>
       </references>
       <fixed_in>1.3.8</fixed_in>
+      <type>XSS</type>
     </vulnerability>
   </plugin>
 
@@ -9355,6 +9424,7 @@
       <references>
         <url>http://www.securityfocus.com/bid/53850</url>
       </references>
+      <type>FPD</type>
     </vulnerability>
   </plugin>
 
@@ -10027,6 +10097,14 @@
   </plugin>
 
   <plugin name="connections">
+    <vulnerability>
+      <title>Connections Business Directory 0.7.9.3 - includes/template/class.template-parts.php Pagination URL Handling XSS</title>
+      <references>
+        <osvdb>106558</osvdb>
+      </references>
+      <type>XSS</type>
+      <fixed_in>0.7.9.4</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>Connections &lt;= 0.7.1.5 - Unspecified Security Vulnerability</title>
       <references>
@@ -12084,6 +12162,30 @@
   </plugin>
 
   <plugin name="springboard-video-quick-publish">
+    <vulnerability>
+      <title>Springboard Video Quick Publish 0.2.6 - videolist.php paged Parameter Reflected XSS</title>
+      <references>
+        <osvdb>105992</osvdb>
+      </references>
+      <type>XSS</type>
+      <fixed_in>0.2.7</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Springboard Video Quick Publish 0.2.6 - springboardvideo.php video_id Parameter XSS</title>
+      <references>
+        <osvdb>105993</osvdb>
+      </references>
+      <type>XSS</type>
+      <fixed_in>0.2.7</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Springboard Video Quick Publish 0.2.6 - sb_search.php paged Parameter Reflected XSS</title>
+      <references>
+        <osvdb>105994</osvdb>
+      </references>
+      <type>XSS</type>
+      <fixed_in>0.2.7</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>Springboard Video Quick Publish 0.2.4 - Unspecified Issue</title>
       <references>
@@ -12234,6 +12336,14 @@
       <type>UNKNOWN</type>
       <fixed_in>1.1.8</fixed_in>
     </vulnerability>
+    <vulnerability>
+      <title>Lazyest Gallery 0.10.4.3 - Multiple File/Directory Insecure Permissions Local Content Manipulation</title>
+      <references>
+        <osvdb>105818</osvdb>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>0.10.4.4</fixed_in>
+    </vulnerability>
   </plugin>
 
   <plugin name="post-expirator">
@@ -12249,12 +12359,29 @@
 
   <plugin name="quick-pagepost-redirect-plugin">
     <vulnerability>
-      <title>Quick Page Post Redirect - CSRF and stored XSS</title>
+      <title>Quick Page Post Redirect 5.0.4 - redirect-updates.php quickppr_redirects Parameter Stored XSS</title>
       <references>
-        <url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/</url>
+        <osvdb>105707</osvdb>
         <cve>2014-2598</cve>
+        <secunia>57883</secunia>
+        <exploitdb>32867</exploitdb>
+        <url>http://www.securityfocus.com/bid/66790</url>
+        <url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/</url>
       </references>
-      <type>MULTI</type>
+      <type>XSS</type>
+      <fixed_in>5.0.5</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Quick Page Post Redirect 5.0.4 - redirect-updates.php Multiple Admin Function CSRF</title>
+      <references>
+        <osvdb>105708</osvdb>
+        <cve>2014-2598</cve>
+        <secunia>57883</secunia>
+        <exploitdb>32867</exploitdb>
+        <url>http://www.securityfocus.com/bid/66790</url>
+        <url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/</url>
+      </references>
+      <type>CSRF</type>
       <fixed_in>5.0.5</fixed_in>
     </vulnerability>
   </plugin>
@@ -12308,4 +12435,141 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="liveoptim">
+    <vulnerability>
+      <title>LiveOptim 1.4.3 - Configuration Setting Manipulation CSRF</title>
+      <references>
+        <osvdb>105986</osvdb>
+        <secunia>57990</secunia>
+        <url>http://www.securityfocus.com/bid/66939</url>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.4.4</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="wp-conditional-captcha">
+    <vulnerability>
+      <title>Conditional CAPTCHA 3.6 - wp-conditional-captcha.php Settings Page CSRF</title>
+      <references>
+        <osvdb>106014</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>3.6.1</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="wp-js-external-link-info">
+    <vulnerability>
+      <title>JS External Link Info 1.21 - redirect.php blog Parameter XSS</title>
+      <references>
+        <osvdb>106125</osvdb>
+        <url>http://packetstormsecurity.com/files/126238/</url>
+        <url>http://www.securityfocus.com/bid/66999</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="simple-fields">
+    <vulnerability>
+      <title>Simple Fields 1.1.6 - inc-admin-options.php Admin Functions CSRF</title>
+      <references>
+        <osvdb>106316</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Simple Fields 0.3.5 - simple_fields.php wp_abspath Parameter Remote File Inclusion</title>
+      <references>
+        <osvdb>106622</osvdb>
+      </references>
+      <type>RFI</type>
+      <fixed_in>0.3.6</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="work-the-flow-file-upload">
+    <vulnerability>
+      <title>Work The Flow File Upload 1.2.1 - wp-admin/admin-ajax.php accept_file_types Parameter Manipulation File Upload Restriction Bypass</title>
+      <references>
+        <osvdb>106366</osvdb>
+        <secunia>58216</secunia>
+        <url>http://www.securityfocus.com/bid/67083</url>
+        <url>http://packetstormsecurity.com/files/126333/</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="file-gallery">
+    <vulnerability>
+      <title>File Gallery 1.7.9 - Settings Page create_function Function Remote Command Execution</title>
+      <references>
+        <osvdb>106417</osvdb>
+        <cve>2014-2558</cve>
+        <secunia>58216</secunia>
+        <url>http://www.securityfocus.com/bid/67120</url>
+      </references>
+      <type>RCE</type>
+      <fixed_in>1.7.9.2</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="nextcellent-gallery-nextgen-legacy">
+    <vulnerability>
+      <title>NextCellent Gallery 1.9.13 - admin/manage-images.php Multiple Field Stored XSS Weakness</title>
+      <references>
+        <osvdb>106474</osvdb>
+        <url>http://www.securityfocus.com/bid/67085</url>
+      </references>
+      <type>XSS</type>
+      <fixed_in>1.9.18</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="wp-affiliate-platform">
+    <vulnerability>
+      <title>WP Affiliate Manager - login.php msg Parameter XSS</title>
+      <references>
+        <osvdb>106533</osvdb>
+        <url>http://packetstormsecurity.com/files/126424/</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="query-interface">
+    <vulnerability>
+      <title>Query Interface 1.1 - Multiple Unspecified Issues</title>
+      <references>
+        <osvdb>106642</osvdb>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>1.2</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="photo-gallery">
+    <vulnerability>
+      <title>Photo-Gallery - Cross Site Request Forgery</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/126521/</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="infusion4wp">
+    <vulnerability>
+     <title>iMember360is 3.9.001 - XSS / Disclosure / Code Execution</title>
+      <references>
+        <url>http://1337day.com/exploit/22184</url>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.9.002</fixed_in>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

data/themes.txt

@@ -1,69 +1,60 @@
 aadya
 abaris
+academica
 adamos
-adaptive-flat
 adelle
-admired
 adventure
 advertica-lite
-albinomouse
 aldehyde
 alexandria
 analytical-lite
-anarcho-notepad
 apprise
 arcade-basic
-arunachala
-aspen
 asteria-lite
-asteroid
 atahualpa
 attitude
 base-wp
 beach
 bearded
-big-city
-bizantine
 bizark
 bizflare
 bizkit
 biznez-lite
-bizsphere
 bizstudio-lite
-bizway
 blackbird
 blankslate
-blogbox
-blogolife
 blox
-bluegray
 boldr-lite
 boot-store
 bootstrap-ultimate
 bouquet
 bresponzive
 brightnews
-bueno
+briks
 business-lite
+business-pro
 busiprof
+butterbelly
 buzz
 capture
+careta
 catch-box
 catch-everest
 catch-evolution
 catch-kathmandu
 celestial-lite
 chaostheory
-childishly-simple
 church
+circumference-lite
 cirrus
 clean-retina
-cleo
 coller
 colorway
 contango
 coraline
 corpo
+count-down
+crangasi
 custom-community
 customizr
 cyberchimps
@@ -75,7 +66,6 @@ desk-mess-mirrored
 destro
 discover
 dms
-drop
 duena
 dusk-to-dawn
 duster
@@ -83,10 +73,8 @@ dw-minion
 dw-timeline
 dw-wallpress
 eclipse
-elegantwhite
-elmax
 engrave-lite
-epic
+enough
 esell
 esplanade
 esquire
@@ -94,76 +82,87 @@ evolve
 expert
 expound
 family
+faq
+fashionistas
 fifteen
 fine
 firmasite
 flat
+flounder
 focus
 forever
 formation
 fresh-lite
+frisco-for-buddypress
 frontier
 fruitful
 gamepress
-gold
 govpress
 graphene
 graphy
-gridbulletin
-gridiculous
 gridster-lite
 hatch
 hazen
 health-center-lite
 hemingway
+hiero
 highwind
 hueman
 i-transform
 iconic-one
 ifeature
+ignite
 imprint
 independent-publisher
 infinite
 infoway
 inkness
 inkzine
+interface
 intuition
 invert-lite
-irex-lite
 iribbon
 isis
+italian-restaurant
 itek
+jbst
+jbst-masonary
+journal-lite
 justwrite
 kavya
 klasik
+landscape
 leatherdiary
 lingonberry
-linia-magazine
+looki-lite
-luminescence-lite
 lupercalia
+madeini
+magazine-basic
 magazine-style
 magazino
 mantra
 market
+marketer
 match
 matheson
 max-magazine
-maxflat-core
 meadowhill
 mesocolumn
 mh-magazine-lite
 midnightcity
+minima-lite
 minimatica
 minimize
 mn-flow
-modern-estate
+modern-business
 monaco
 montezuma
-multiloquent
+naturefox
-mywiki
+neighborly
 neuro
 newgamer
-newpro
+news-flash
+newspress-lite
 next-saturday
 nictitate
 omega
@@ -177,6 +176,7 @@ oxygen
 p2
 padhang
 pagelines
+papercuts
 parabola
 parallax
 parament
@@ -186,11 +186,13 @@ pilot-fish
 pinbin
 pinboard
 pink-touch-2
+pisces
 platform
 point
 portfolio-press
 pr-news
 preference-lite
+presentation-lite
 preus
 primo-lite
 promax
@@ -201,20 +203,24 @@ raindrops
 rambo
 raptor
 raven
-redesign
+ready-review
+resolution
 responsive
 restaurante
 restaurateur
 restimpo
-retention
 reviewgine-affiliate
+rewind
 ridizain
+road-fighter
 sampression-lite
-semper-fi-lite
+seismic-manhattan
 sensitive
 sequel
-serene
+shamatha
 shopping
+siempel
+silver-quantum
 simple-catch
 simply-vision
 singl
@@ -225,12 +231,14 @@ smpl-skeleton
 snaps
 snapshot
 sneak-lite
-socialize-lite
+sorbet
 spacious
+sparkling
 spartan
 spasalon
 sporty
 spun
+squirrel
 stairway
 stargazer
 start-point
@@ -241,14 +249,14 @@ suevafree
 suffusion
 sugar-and-spice
 sundance
-sunny-blue-sky
 sunrain
 sunspot
 superhero
 supernova
 surfarama
 swift-basic
-tanzanite
+taraza
+tatva-lite
 teal
 tempera
 temptation
@@ -256,8 +264,6 @@ terrifico
 the-newswire
 thematic
 theron-lite
-tiga
-timeturner
 tiny-forge
 tonal
 tonic
@@ -270,13 +276,11 @@ twentytwelve
 typal-makewp005
 unite
 untitled
-uu-2014
 vantage
 venom
 viper
 virtue
 vision
-visitpress
 visual
 vryn-restaurant
 ward
@@ -286,13 +290,10 @@ wp-creativix
 wp-opulus
 wp-simple
 wpchimp-countdown
+wpstart
 writr
 x2
+xin-magazine
 yoko
-zbench
 zeedynamic
 zeeflow
-zeeminty
-zeenoble
-zeestyle
-zeetasty

data/themes_full.txt

@@ -96,6 +96,7 @@ a-little-touch-of-purple
 a-new
 a-new-theme
 a-new-wordpress-theme
+a-piece-of-cake
 a-plus
 a-setting-sun
 a-shade-of-grey
@@ -385,6 +386,7 @@ anvil-theme
 anvys
 anya
 anypixelpixel中文版
+aocean
 aos-second-version
 apbt
 apelsin
@@ -433,6 +435,7 @@ arcus-blue
 ardeeest-personal-theme
 area-51
 arefly-v1
+arete
 argonia
 ari
 ari-p
@@ -587,6 +590,7 @@ bad-mojo
 bahama
 bakeroner
 bakes
+baleen
 balloonr
 balloonsongreen
 baltimore-phototheme
@@ -723,6 +727,7 @@ bikes
 bilej-jako-mliko
 billions
 billydroid
+bilqis-theme
 binary-stylo
 biotodoma
 birchware-kiss
@@ -852,6 +857,7 @@ blackypress
 blackzebra
 blagz-blog-magazine-theme
 blain
+blanc
 blank
 blank-page
 blank-theme
@@ -901,6 +907,7 @@ blogbox
 blogfolio
 bloggable
 bloggdesigns3
+blogger
 blogger-notes
 bloggering
 bloggermom
@@ -918,6 +925,7 @@ blogmor
 blognote
 blogolife
 blogotron
+blogpress
 blogsimplified
 blogsimplified-blackneon
 blogsimplified-three-column-adsense10
@@ -931,6 +939,7 @@ blogtxt
 blogwave
 blogwise
 blogx
+blogy
 blokeish-aries
 blood-red-flower
 blossom
@@ -1206,6 +1215,7 @@ briks
 brisk
 brochure-melbourne
 broent
+bromine
 brown
 brown-ish-grid
 brown-palm
@@ -1282,6 +1292,7 @@ business-casual
 business-casual-portfolio
 business-flick
 business-flick-theme
+business-guru
 business-lite
 business-lite-4
 business-meeting
@@ -1336,6 +1347,7 @@ bytetips-remix
 bywill
 byzero
 c
+cafe
 cakifo
 call-power
 callas
@@ -1385,6 +1397,7 @@ casino-red-theme
 casino-x
 casper
 casper-mobile
+cassie
 casual
 casual-blog
 casual-theme
@@ -1454,6 +1467,7 @@ checker
 cheer
 cheetah
 chemistry
+cherish
 cherry-blossom
 cherry-dreams
 cheshire
@@ -1503,6 +1517,7 @@ chunky
 church
 circa
 circle-free
+circle-lite
 circles
 circumference-lite
 cirkle
@@ -1830,9 +1845,11 @@ cosmos
 cosplayfu
 count-down
 countdown
+counterpoint
 counterstrike
 coupler-simple-lite
 coupler-simple-theme-lite
+courier
 cover-wp
 covera-lite
 coverht-wp
@@ -1842,6 +1859,7 @@ cp-minimal
 crafty
 crafty-business
 crafty-cart
+crangasi
 crater
 crates
 crazy-colors
@@ -1959,6 +1977,7 @@ daily-minefield
 dailygood-theme
 dailymaker
 dailypost
+daisy-blue
 daisy-gray
 daivu
 daleri-selection
@@ -2043,6 +2062,7 @@ ddjogja
 de-base
 de-base-responsive-framework
 de-minimalist
+de-naani
 deadwood
 dear-diary
 debase
@@ -2147,6 +2167,7 @@ df-penguin
 df-rocker
 dfalls
 dfblog
+dgdeveloper
 dharma-initiative-theme
 di-the-writer
 diablo-blaze
@@ -2184,6 +2205,7 @@ digu
 dillon
 dimenzion
 dine-with-me
+dinhan94
 dinky
 director-theme
 directory
@@ -2198,6 +2220,7 @@ disconnected
 discoteque-theme
 discover
 discover-simple-theme
+discovery
 discussion
 discuzhome-1-0
 disney-world
@@ -2341,6 +2364,7 @@ ecologist
 ecommerce
 economist
 ecowp
+ecrivain-wp
 ectopudding
 edans-theme
 edegree
@@ -2496,6 +2520,7 @@ evo4-cms
 evocraft
 evolve
 evolved
+evoque
 evr-green
 ewul
 ex-astris
@@ -2504,6 +2529,7 @@ exagone
 exceptional
 excess
 exciter
+exclusive
 excursion
 excursion-1-1
 excursions
@@ -2518,6 +2544,7 @@ exoteric
 experia-adsense-optimizer-theme
 expert
 expound
+express
 expresscurate
 expressionblue
 expressions
@@ -2602,8 +2629,10 @@ fd
 fearful-jesuit
 feather-pen
 featuring
+fed-front-end-design
 feed-me-seymour
 feed-them
+felicity
 female
 feminine
 femme-flora
@@ -2616,6 +2645,7 @@ fetherweight
 feya
 fhi-zin
 fiber-instrumental-free
+fictive
 fidi
 fidi-2
 field
@@ -2647,6 +2677,7 @@ firmasite
 firmasite-geo
 firmasite-social
 first-boot
+first-edition
 first-lego-league-official
 first-love
 firstyme
@@ -2672,11 +2703,13 @@ flat-bootstrap-by-xtremelysocial
 flat-bootstrap-child
 flat-bootstrap-developer
 flat-bootstrap-pratt
+flat-bootstrap-spot
 flat-portfolio
 flat-portfolio-bootstrap
 flatblog
 flatiron
 flatland
+flatmag
 flato
 flatty
 flensa
@@ -2711,6 +2744,7 @@ florida-blog-theme
 floristica
 flounder
 flow
+flower
 flower-fairy-wordpress-theme-1
 flower-lust
 flower-power
@@ -2743,6 +2777,7 @@ foliocollage
 foliogrid
 foliogrid-dark
 folioville-theme-base
+follet
 follow-me-darling
 fondbox
 fontella
@@ -2751,6 +2786,7 @@ food-diet
 food-italian
 food-recipe
 foodblog
+foodeez-lite
 foolmatik
 football-mania
 football-wordpress-theme
@@ -2758,6 +2794,7 @@ for-blogger
 for-fashion
 for-women-female
 forbs-studio-chocolate-wordppress
+forceful-lite
 ford-mustang
 fordreporter
 forestly
@@ -2784,6 +2821,7 @@ frame
 framework
 france
 frank
+franklin
 franklin-street
 frantic
 frau
@@ -2797,6 +2835,7 @@ freedesign
 freedream
 freedream2010
 freemason-theme-black
+freemium
 freeside
 freetrafficsystemcom-serious-stuff-theme
 freetypo
@@ -2915,6 +2954,7 @@ gemini
 gen-blue
 generate
 generated-with-lubith
+generatepress
 generation
 generic-design
 generic-framework
@@ -2953,6 +2993,7 @@ girly
 girly-cloud-nine
 giroshi
 gitem
+gitsta
 glam-theme
 glamosense
 glass
@@ -3055,6 +3096,7 @@ gray-lines
 gray-lines-3
 gray-modern
 gray-pearl
+gray-square
 gray-texture
 gray-theme
 gray-white
@@ -3076,6 +3118,7 @@ green-city
 green-eye
 green-flowers
 green-fun
+green-garden
 green-grass
 green-grey-wide
 green-helium
@@ -3103,6 +3146,7 @@ green-view
 green-web-sign
 green-yellow
 green_1
+greenage-vegetarian-fresh-organic-blog-by-bestwebsoft
 greenandblack
 greenback
 greenblog
@@ -3295,6 +3339,7 @@ high-technologies
 highdef
 highschool
 highsense
+hightide
 highwind
 highwind-light
 hijau-itu-indah
@@ -3511,6 +3556,7 @@ infinitano
 infinite
 infinity
 infinity-and-beyond
+infiword
 influencers
 info-notes
 info-technology
@@ -3555,6 +3601,7 @@ instructor-lead-online-tutoring-system
 intaglio
 integrati
 intention
+interface
 internet
 internet-center
 internet-center-3-columns
@@ -3652,6 +3699,7 @@ jatri
 jaxjam
 jazz-cafe
 jbst
+jbst-1pxdeep
 jbst-masonary
 jc-one-lite
 jcblackone
@@ -3715,6 +3763,7 @@ jour-dhiver
 journal
 journal-blogazine
 journal-box
+journal-lite
 journal-theme
 journalism
 journalist
@@ -3750,6 +3799,7 @@ just-enough-is-more-single-author
 just-for-october
 just-grey
 just-kite-it
+just-landing-page
 just-pink
 just-simple
 just-theme-framework-light
@@ -3780,6 +3830,7 @@ karakuri
 karappo-style
 karsho-simple
 karsho-simple-theme
+kasa
 kasrod
 kastelgreen
 katarina-dark
@@ -3811,6 +3862,7 @@ kiloalpha
 kimono
 kind-of-business
 kindo
+king-church-theme
 king51
 kingdom
 kinyonga
@@ -3920,6 +3972,7 @@ layout-engine-base
 layout-engine-theme
 lazy-sunday
 lazyday
+lazyprof
 lb-mint
 lb-projects
 lb-spring-2009
@@ -3931,6 +3984,7 @@ le-redditor
 leaf
 leaf-butterfly
 leafwall
+lean
 lean-and-clean
 lean-and-clean-arizona
 leapwing
@@ -3947,6 +4001,7 @@ lelci
 lemming
 lemon-lemon
 lemosstyle
+lemuralia
 lenen
 leniy-radius
 lenora
@@ -3959,6 +4014,7 @@ less-is-more
 less-less-less
 let-them-eat-marie
 letspanic
+letterhead
 leviathan
 lform-simple-theme
 lias-card-games
@@ -4138,6 +4194,7 @@ macpress
 mad-meg
 made-for-small-business
 made-for-you
+madeini
 madiha
 madina
 madinasyedan
@@ -4155,6 +4212,7 @@ magazine-three-column
 magazino
 magazinstyle-ter
 magic-beauty
+magic-corp
 magic-dust
 magic-tree
 magicbackground
@@ -4179,6 +4237,7 @@ majapahit
 majestic
 major
 major-media
+make
 make-money-online-theme
 make-money-online-theme-1
 make-money-online-theme-2
@@ -4280,6 +4339,7 @@ media-maven
 media-pressroom-theme
 mediaandme-cherry-theme
 medical
+medical-center
 medical-practice-101
 medical-theme
 medicine
@@ -4719,6 +4779,7 @@ naked
 namib
 nano-blogger
 nanoplex
+narcissism
 narcissus
 narga
 narrownplain
@@ -4729,6 +4790,7 @@ native-1-0
 nattywp
 natura
 naturaagro
+natural
 natural-beauty
 natural-magazine
 natural-remedy-blog-theme
@@ -4757,6 +4819,7 @@ needle
 needles
 neewee
 neewee-wordpress-theme
+neighborly
 nelson
 nemezisproject-toolbox
 neni
@@ -4792,6 +4855,7 @@ neverballium
 new-arabic-theme
 new-balance-of-blue
 new-contemporary
+new-era
 new-fresh
 new-golden-gray
 new-green-natural-living-ngnl
@@ -4804,6 +4868,7 @@ new-visions
 new-web
 new-york
 new-york-black-and-white
+newave
 newbar
 newblog
 newdark
@@ -4823,6 +4888,7 @@ news-leak
 news-magazine-theme-640
 news-print
 news-print-v20
+news-real-estate
 news-tfi
 newsbeat
 newschannel
@@ -4833,6 +4899,7 @@ newsmin
 newspaper
 newspaper-theme
 newspress
+newspress-lite
 newspring
 newsprint
 newstheme
@@ -4888,6 +4955,7 @@ njobsboard
 no-frills
 no-image-theme
 no-name-yet
+no-newz
 noble
 nobyebye-theme
 nocss
@@ -4983,6 +5051,7 @@ old-style
 oldblog
 oldgreen-and-grey
 olingo
+oliva
 olive
 olive-todd
 olivia
@@ -5233,6 +5302,7 @@ pemilu
 pemimpin
 pencil-draw
 penguin-2-0
+penny
 penumbra
 people-silhouettes
 pep
@@ -5272,6 +5342,7 @@ phire
 phloggin
 phobos-wp-theme
 phoenix
+phogra
 phoney
 phonix
 photo-addict
@@ -5314,6 +5385,7 @@ picolight
 picomol
 picomol-theme
 pictorial
+pictorico
 picture-perfect
 picturesque
 pieces
@@ -5322,6 +5394,7 @@ piggie-bank
 pigmented
 pilcrow
 pilot-fish
+pinado
 pinbin
 pinblack
 pinblue
@@ -5369,6 +5442,7 @@ pinzolo
 piratenkleider
 piratenpartei-deutschland
 pisces
+pistacia
 pitch
 pitch-premium
 pitter
@@ -5395,6 +5469,7 @@ plainmagic
 plainscape
 plainscape-dark-mod
 plaintxtblog
+planc
 planetemo
 plantiversum
 planu
@@ -5482,6 +5557,7 @@ premium-violet
 premium-wp-blog
 prequel
 present
+presentation-lite
 press3
 pressplay
 presswork
@@ -5519,6 +5595,7 @@ probluezine
 proclouds
 produccion-musical
 producer
+product
 productive
 professional-blog
 professional-business-magazine
@@ -5600,6 +5677,7 @@ qawker
 qawker-by-skatter-tech
 qore-press-premium-q-theme
 quadra
+quality
 quality-control
 quantum
 quantus
@@ -5626,6 +5704,7 @@ rabbit-hole
 rachel
 ractopress
 ractors-wordpress-theme
+radar
 radiant
 radiate
 radioactive-wordpress-theme
@@ -5687,6 +5766,7 @@ realify
 reality
 realizare-site
 realizare-site-web
+realm
 rebar
 reborn
 recipes-blog-by-accuwebhostingcom
@@ -5839,6 +5919,7 @@ retrosp3ct
 retrospective
 retweet
 reuben
+reveal-pro
 review
 review-press
 reviewgine-affiliate
@@ -5992,6 +6073,7 @@ sandy-beach
 sangsaka-20
 sanguinaire
 sans
+santiagum
 santra
 sapphire
 sapphire-stretch
@@ -6066,6 +6148,7 @@ selalu-ceria
 self
 selfish-jerk
 selfish-jerk-3
+selfword
 semper-fi
 semper-fi-lite
 semplice
@@ -6194,6 +6277,7 @@ silver-corp
 silver-dreams
 silver-mag-lite
 silver-platinum
+silver-quantum
 silver-simplicity
 silver-spot
 silvera
@@ -6206,6 +6290,7 @@ simba
 simger
 simobile
 simon-wp-framework
+simone
 simpcalar
 simple
 simple-and-clean
@@ -6233,6 +6318,7 @@ simple-dark-theme
 simple-dia
 simple-dream
 simple-flow
+simple-gold-one
 simple-golden-black
 simple-gray
 simple-green
@@ -6260,6 +6346,7 @@ simple-pro
 simple-property
 simple-red
 simple-red-theme
+simple-responsive
 simple-round
 simple-search
 simple-sophisticated
@@ -6634,6 +6721,7 @@ spun2
 square-splatter
 squared
 squares
+squeezeme
 squeezepage
 squirrel
 squoze
@@ -6668,6 +6756,7 @@ start-news
 start-point
 started
 starter
+starter-layout-1
 starterleft
 starterright
 startpoint
@@ -6685,6 +6774,7 @@ status
 staycool
 staypressed
 stealth-gray-mix-red-251
+steampuff
 steampunk
 steampunk-x2-v11
 steamy-heatmap-theme
@@ -6961,6 +7051,8 @@ tectale-sunset
 tectale-tweety
 tedxwc
 teerex
+tehno-njuz
+tehnonjuz
 teki-theme
 tellypress
 tema-882-nb
@@ -7112,6 +7204,7 @@ themetastico
 themetiger-fashion
 themia-lite
 themia-pro
+themify-base
 themingpress-skeleton
 themolio
 theophilus
@@ -7152,6 +7245,7 @@ thurs
 thursdays-women
 tibelat
 tickled-pink
+tidy
 tidy-focus
 tiga
 tiger
@@ -7227,6 +7321,7 @@ tp-iphone
 tp-purpure
 tpbb
 tpsunrise
+tracks
 traction
 traffica
 traffica-theme
@@ -7260,6 +7355,7 @@ travel-is-my-life
 travel-is-my-life2
 travel-lite
 travel-log-by-taddeiweb
+travel-planet
 travel-power
 travelblog
 traveler-blog
@@ -7299,10 +7395,13 @@ trueblood
 trulyminimal
 trvl
 tryitfree
+ts-365-taraba-software
 tsokolate
+tsw
 tsw-plain
 tsw_plain
 tswplain
+tswwide
 ttblog
 ttblog-theme
 ttnews
@@ -7412,6 +7511,9 @@ twittress
 two-birds
 twocolors
 twordder
+twwenty-twelve
+twwwenty-twelve
+tycoon
 tydskrif
 tylan
 tyler
@@ -7499,6 +7601,7 @@ urwahl3000
 usa-management
 usable-l-c-r
 usama
+usertheme
 utheme
 utieletronica
 utility
@@ -7593,6 +7696,7 @@ virtual-sightseeing
 virtue
 vision
 visitpress
+viso
 viso-theme
 vista
 vista-like
@@ -7602,6 +7706,7 @@ visual
 visual-sense-light
 visual-violent
 vita
+vivacity
 vivid-night
 vk-style-for-wp
 vnotebook
@@ -7674,6 +7779,7 @@ watercolor
 waternymph-and-dolphin
 waterside
 watson
+wau-comunicacion
 wavefront
 wbhosts
 wbox
@@ -7744,7 +7850,9 @@ white-on-blue
 white-orange
 white-pad
 white-paper
+white-premium
 white-queen
+white-spektrum
 white-structure-blue-version
 white-themes
 white-top-show
@@ -7967,6 +8075,7 @@ wp-red-post-news-elegant
 wp-rootstrap
 wp-sanda
 wp-simple
+wp-simple-one
 wp-soul
 wp-sponge-bob
 wp-strap
@@ -7981,6 +8090,7 @@ wp-swing
 wp-themes-blogger
 wp-themes-blue
 wp-themes-magazine
+wp-themingstrap
 wp-thevalley
 wp-tiles
 wp-times

data/wp_versions.xml

@@ -11,6 +11,9 @@
              xsi:noNamespaceSchemaLocation="wp_versions.xsd">
 
   <file src="readme.html">
+    <hash md5="cdbf9b18e3729b3553437fc4e9b6baad">
+      <version>3.9.1</version>
+    </hash>
     <hash md5="84b54c54aa48ae72e633685c17e67457">
       <version>3.9</version>
     </hash>
@@ -62,15 +65,18 @@
   </file>
 
   <file src="wp-includes/css/buttons-rtl.css">
-    <hash md5="d24d1d1eb3a4b9a4998e4df1761f8b9e">
-      <version>3.9</version>
-    </hash>
     <hash md5="71c13ab1693b45fb3d7712e540c4dfe0">
       <version>3.8</version>
     </hash>
   </file>
 
   <file src="wp-includes/js/tinymce/wp-tinymce.js.gz">
+    <hash md5="de42820ca28cfc889f428dbef29621c3">
+      <version>3.9.1</version>
+    </hash>
+    <hash md5="1d52314b1767c557b7232ae192c80318">
+      <version>3.9</version>
+    </hash>
     <!-- Note: 3.7.1 has no unique file (the hash below is the same than the 3.7.2) -->
     <hash md5="44d281b0d84cc494e2b095a6d2202f4d">
       <version>3.7.1</version>

lib/common/common_helper.rb

@@ -34,7 +34,7 @@ WP_VERSIONS_XSD     = DATA_DIR + '/wp_versions.xsd'
 LOCAL_FILES_XSD     = DATA_DIR + '/local_vulnerable_files.xsd'
 USER_AGENTS_FILE    = DATA_DIR + '/user-agents.txt'
 
-WPSCAN_VERSION       = '2.4'
+WPSCAN_VERSION       = '2.4.1'
 
 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -95,6 +95,35 @@ def version
   REVISION ? "v#{WPSCAN_VERSION}r#{REVISION}" : "v#{WPSCAN_VERSION}"
 end
 
+# Define colors
+def colorize(text, color_code)
+  if $COLORSWITCH
+    "#{text}"
+  else
+    "\e[#{color_code}m#{text}\e[0m"
+  end
+end
+
+def bold(text)
+  colorize(text, 1)
+end
+
+def red(text)
+  colorize(text, 31)
+end
+
+def green(text)
+  colorize(text, 32)
+end
+
+def amber(text)
+  colorize(text, 33)
+end
+
+def blue(text)
+  colorize(text, 34)
+end
+
 # our 1337 banner
 def banner
   puts '_______________________________________________________________'
@@ -118,18 +147,6 @@ def banner
   puts
 end
 
-def colorize(text, color_code)
-  "\e[#{color_code}m#{text}\e[0m"
-end
-
-def red(text)
-  colorize(text, 31)
-end
-
-def green(text)
-  colorize(text, 32)
-end
-
 def xml(file)
   Nokogiri::XML(File.open(file)) do |config|
     config.noblanks

lib/common/models/vulnerability/output.rb

@@ -5,17 +5,17 @@ class Vulnerability
 
     # output the vulnerability
     def output(verbose = false)
-      puts ' |'
+      puts
-      puts ' | ' + red("* Title: #{title}")
+      puts "#{red('[!]')} Title: #{title}"
       references.each do |key, urls|
         methodname = "url_#{key}"
         urls.each do |u|
           url = send(methodname, u)
-          puts ' | ' + red("* Reference: #{url}") if url
+          puts "    Reference: #{url}" if url
         end
       end
       if !fixed_in.empty?
-         puts " | * Fixed in: #{fixed_in}"
+         puts "#{blue('[i]')} Fixed in: #{fixed_in}"
       end
     end
   end

lib/common/models/wp_item/output.rb

@@ -6,13 +6,13 @@ class WpItem
     # @return [ Void ]
     def output(verbose = false)
       puts
-      puts " | Name: #{self}" #this will also output the version number if detected
+      puts "#{green('[+]')} Name: #{self}" #this will also output the version number if detected
-      puts " | Location: #{url}"
+      puts " |  Location: #{url}"
       #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
-      puts " | Readme: #{readme_url}" if has_readme?
+      puts " |  Readme: #{readme_url}" if has_readme?
-      puts " | Changelog: #{changelog_url}" if has_changelog?
+      puts " |  Changelog: #{changelog_url}" if has_changelog?
-      puts " | " + red('[!]') + " Directory listing is enabled: #{url}" if has_directory_listing?
+      puts "#{red('[!]')} Directory listing is enabled: #{url}" if has_directory_listing?
-      puts " | " + red('[!]') + " An error_log file has been found: #{error_log_url}" if has_error_log?
+      puts "#{red('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log?
 
       additional_output(verbose) if respond_to?(:additional_output)
 

lib/common/models/wp_theme/output.rb

@@ -5,18 +5,18 @@ class WpTheme
 
     # @return [ Void ]
     def additional_output(verbose = false)
-      puts " | Style URL: #{style_url}"
-      puts " | Theme Name: #@theme_name" if @theme_name
-      puts " | Theme URI: #@theme_uri" if @theme_uri
       theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
-      puts " | Description: #{theme_desc}"
+      puts " |  Style URL: #{style_url}"
-      puts " | Author: #@theme_author" if @theme_author
+      puts " |  Theme Name: #@theme_name" if @theme_name
-      puts " | Author URI: #@theme_author_uri" if @theme_author_uri
+      puts " |  Theme URI: #@theme_uri" if @theme_uri
-      puts " | Template: #@theme_template" if @theme_template and verbose
+      puts " |  Description: #{theme_desc}"
-      puts " | License: #@theme_license" if @theme_license and verbose
+      puts " |  Author: #@theme_author" if @theme_author
-      puts " | License URI: #@theme_license_uri" if @theme_license_uri and verbose
+      puts " |  Author URI: #@theme_author_uri" if @theme_author_uri
-      puts " | Tags: #@theme_tags" if @theme_tags and verbose
+      puts " |  Template: #@theme_template" if @theme_template and verbose
-      puts " | Text Domain: #@theme_text_domain" if @theme_text_domain and verbose
+      puts " |  License: #@theme_license" if @theme_license and verbose
+      puts " |  License URI: #@theme_license_uri" if @theme_license_uri and verbose
+      puts " |  Tags: #@theme_tags" if @theme_tags and verbose
+      puts " |  Text Domain: #@theme_text_domain" if @theme_text_domain and verbose
     end
 
   end

lib/common/models/wp_version/output.rb

@@ -5,12 +5,12 @@ class WpVersion < WpItem
 
     def output(verbose = false)
       puts
-      puts green('[+]') + " WordPress version #{self.number} identified from #{self.found_from}"
+      puts "#{green('[+]')} WordPress version #{self.number} identified from #{self.found_from}"
 
       vulnerabilities = self.vulnerabilities
 
       unless vulnerabilities.empty?
-        puts red('[!]') + " #{vulnerabilities.size} vulnerabilities identified from the version number"
+        puts "#{red('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number"
 
         vulnerabilities.output
       end

lib/wpscan/wpscan_helper.rb

@@ -60,13 +60,12 @@ end
 def help
   puts 'Help :'
   puts
-  puts 'Some values are settable in conf/browser.conf.json :'
+  puts 'Some values are settable in a config file, see the example.conf.json'
-  puts '  user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'
   puts
-  puts '--update   Update to the latest revision'
+  puts '--update                            Update to the latest revision.'
-  puts '--url   | -u <target url>  The WordPress URL/domain to scan.'
+  puts '--url       | -u <target url>       The WordPress URL/domain to scan.'
-  puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.'
+  puts '--force     | -f                    Forces WPScan to not check if the remote site is running WordPress.'
-  puts '--enumerate | -e [option(s)]  Enumeration.'
+  puts '--enumerate | -e [option(s)]        Enumeration.'
   puts '  option :'
   puts '    u        usernames from id 1 to 10'
   puts '    u[10-20] usernames from id 10 to 20 (you must write [] chars)'
@@ -80,27 +79,31 @@ def help
   puts '  Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins'
   puts '  If no option is supplied, the default is "vt,tt,u,vp"'
   puts
-  puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied'
+  puts '--exclude-content-based "<regexp or string>"'
-  puts '                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'
+  puts '                                    Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied.'
-  puts '--config-file | -c <config file> Use the specified config file'
+  puts '                                    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).'
-  puts '--user-agent | -a <User-Agent> Use the specified User-Agent'
+  puts '--config-file  | -c <config file>   Use the specified config file, see the example.conf.json.'
-  puts '--random-agent | -r Use a random User-Agent'
+  puts '--user-agent   | -a <User-Agent>    Use the specified User-Agent.'
-  puts '--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
+  puts '--random-agent | -r                 Use a random User-Agent.'
-  puts '--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'
+  puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
-  puts '--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
+  puts '--batch                             Never ask for user input, use the default behaviour.'
-  puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).'
+  puts '--no-color                          Do not use colors in the output.'
-  puts '                                 HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'
+  puts '--wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it.'
-  puts '--proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).'
+  puts '                                    Subdirectories are allowed.'
-  puts '--basic-auth <username:password>  Set the HTTP Basic authentication'
+  puts '--wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.'
-  puts '--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.'
+  puts '                                    If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
-  puts '--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'
+  puts '--proxy <[protocol://]host:port>    Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported.'
-  puts '--username | -U <username>  Only brute force the supplied username.'
+  puts '                                    If no protocol is given (format host:port), HTTP will be used.'
-  puts '--cache-ttl <cache-ttl>  Typhoeus cache TTL'
+  puts '--proxy-auth <username:password>    Supply the proxy login credentials.'
-  puts '--request-timeout <request-timeout>  Request Timeout'
+  puts '--basic-auth <username:password>    Set the HTTP Basic authentication.'
-  puts '--connect-timeout <connect-timeout>  Connect Timeout'
+  puts '--wordlist | -w <wordlist>          Supply a wordlist for the password bruter and do the brute.'
-  puts '--max-threads <max-threads>  Maximum Threads'
+  puts '--username | -U <username>          Only brute force the supplied username.'
-  puts '--help     | -h This help screen.'
+  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
-  puts '--verbose  | -v Verbose output.'
+  puts '--cache-ttl       <cache-ttl>       Typhoeus cache TTL.'
-  puts '--batch Never ask for user input, use the default behaviour.'
+  puts '--request-timeout <request-timeout> Request Timeout.'
+  puts '--connect-timeout <connect-timeout> Connect Timeout.'
+  puts '--max-threads     <max-threads>     Maximum Threads.'
+  puts '--help     | -h                     This help screen.'
+  puts '--verbose  | -v                     Verbose output.'
   puts
 end

lib/wpscan/wpscan_options.rb

@@ -13,6 +13,7 @@ class WpscanOptions
     :enumerate_timthumbs,
     :enumerate_usernames,
     :enumerate_usernames_range,
+    :no_color,
     :proxy,
     :proxy_auth,
     :threads,
@@ -257,7 +258,8 @@ class WpscanOptions
       ['--request-timeout', GetoptLong::REQUIRED_ARGUMENT],
       ['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT],
       ['--max-threads', GetoptLong::REQUIRED_ARGUMENT],
-      ['--batch', GetoptLong::NO_ARGUMENT]
+      ['--batch', GetoptLong::NO_ARGUMENT],
+      ['--no-color', GetoptLong::NO_ARGUMENT]
     )
   end
 

lib/wpstools/plugins/stats/stats_plugin.rb

@@ -6,7 +6,7 @@ class StatsPlugin < Plugin
     super(author: 'WPScanTeam - Christian Mehlmauer')
 
     register_options(
-        ['--stats', '--s', 'Show WpScan Database statistics']
+        ['--stats', '-s', 'Show WpScan Database statistics.']
     )
   end
 
@@ -26,8 +26,13 @@ class StatsPlugin < Plugin
       puts "[#] Total vulnerable themes:   #{vuln_theme_count}"
       puts
       puts "[#] Total version vulnerabilities: #{version_vulns_count}"
+      puts "[#] Total fixed vulnerabilities:   #{fix_version_count}"
+      puts
       puts "[#] Total plugin vulnerabilities:  #{plugin_vulns_count}"
+      puts "[#] Total fixed vulnerabilities:   #{fix_plugin_count}"
+      puts
       puts "[#] Total theme vulnerabilities:   #{theme_vulns_count}"
+      puts "[#] Total fixed vulnerabilities:   #{fix_theme_count}"
       puts
       puts "[#] Total plugins to enumerate:  #{total_plugins}"
       puts "[#] Total themes to enumerate:   #{total_themes}"
@@ -57,15 +62,26 @@ class StatsPlugin < Plugin
   def version_vulns_count(file=WP_VULNS_FILE)
     xml(file).xpath('count(//vulnerability)').to_i
   end
+  def fix_version_count(file=WP_VULNS_FILE)
+    xml(file).xpath('count(//fixed_in)').to_i
+  end
 
   def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
     xml(file).xpath('count(//vulnerability)').to_i
   end
 
+  def fix_plugin_count(file=PLUGINS_VULNS_FILE)
+    xml(file).xpath('count(//fixed_in)').to_i
+  end
+
   def theme_vulns_count(file=THEMES_VULNS_FILE)
     xml(file).xpath('count(//vulnerability)').to_i
   end
 
+  def fix_theme_count(file=THEMES_VULNS_FILE)
+    xml(file).xpath('count(//fixed_in)').to_i
+  end
+
   def total_plugins(file=PLUGINS_FULL_FILE)
     lines_in_file(file)
   end

spec/xml_checks_spec.rb

@@ -77,3 +77,38 @@ describe 'Well formed XML checks' do
     @file = LOCAL_FILES_FILE
   end
 end
+
+describe 'XML content' do
+  before :all do
+    @vuln_plugins = xml(PLUGINS_VULNS_FILE)
+    @vuln_themes = xml(THEMES_VULNS_FILE)
+  end
+
+  after :each do
+    @result.should have(0).items, "Items:\n#{@result.join("\n")}"
+  end
+
+  it 'each plugin vuln needs a type node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
+  end
+
+  it 'each theme vuln needs a type node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
+  end
+
+  it 'each plugin vuln needs a title node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(title)]/../@name').map(&:text)
+  end
+
+  it 'each theme vuln needs a title node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(title)]/../@name').map(&:text)
+  end
+
+  it 'each plugin vuln needs a references node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
+  end
+
+  it 'each theme vuln needs a references node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
+  end
+end

wpscan.rb

@@ -18,6 +18,9 @@ def main
       raise('No argument supplied')
     end
 
+    # Define a global variable
+    $COLORSWITCH = wpscan_options.no_color
+
     if wpscan_options.help
       help()
       usage()
@@ -38,8 +41,8 @@ def main
         end
         puts @updater.update()
       else
-        puts 'Svn / Git not installed, or wpscan has not been installed with one of them.'
+        puts '[i] Svn / Git not installed, or wpscan has not been installed with one of them.'
-        puts 'Update aborted'
+        puts "#{red('[!]')} Update aborted"
       end
       exit(0)
     end
@@ -63,14 +66,14 @@ def main
       end
     end
 
+    # Remote website has a redirection?
     if (redirection = wp_target.redirection)
       if wpscan_options.follow_redirection
         puts "Following redirection #{redirection}"
       else
-        puts "The remote host redirects to: #{redirection}"
+        puts "#{blue('[i]')} The remote host tried to redirect to: #{redirection}"
-        puts '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
+        print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
       end
-
       if wpscan_options.follow_redirection || !wpscan_options.batch
         if wpscan_options.follow_redirection || (input = Readline.readline) =~ /^y/i
           wpscan_options.url = redirection
@@ -91,7 +94,7 @@ def main
     # Remote website is wordpress?
     unless wpscan_options.force
       unless wp_target.wordpress?
-        raise 'The remote website is up, but does not seem to be running WordPress.'
+        raise "#{red('[!]')} The remote website is up, but does not seem to be running WordPress."
       end
     end
 
@@ -140,7 +143,7 @@ def main
     end
 
     wp_target.config_backup.each do |file_url|
-      puts red("[!] A wp-config.php backup file has been found in: '#{file_url}'")
+      puts "#{red('[!]')} A wp-config.php backup file has been found in: '#{file_url}'"
     end
 
     if wp_target.search_replace_db_2_exists?
@@ -184,7 +187,7 @@ def main
 
     enum_options = {
       show_progression: true,
-      exclude_content:  wpscan_options.exclude_content_based
+      exclude_content: wpscan_options.exclude_content_based
     }
 
     if wp_version = wp_target.version(WP_VERSIONS_FILE)
@@ -214,7 +217,7 @@ def main
 
       wp_plugins = WpPlugins.passive_detection(wp_target)
       if !wp_plugins.empty?
-        puts " |  #{wp_plugins.size} plugins found:"
+        puts " | #{wp_plugins.size} plugins found:"
 
         wp_plugins.output(wpscan_options.verbose)
       else
@@ -379,6 +382,11 @@ def main
       puts red(e.backtrace.join("\n"))
     end
     exit(1)
+  ensure
+    # Ensure a clean abort of Hydra
+    # See https://github.com/wpscanteam/wpscan/issues/461#issuecomment-42735615
+    Browser.instance.hydra.abort
+    Browser.instance.hydra.run
   end
 end