Bumps the version

Example output:
  1) XML content each plugin vuln needs a type node
     Failure/Error: @result.should have(0).items, "Items:\n#{@result.join("\n")}"
       Items:
       ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure
       Gallery Plugin 3.8.3 - gallery-plugin.php filename_1 Parameter Arbitrary File Access
       EZPZ One Click Backup <= 12.03.10 - OS Command Injection
       BulletProof Security - Security Log Script Insertion Vulnerability
       Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure
       HMS Testimonials 2.0.10 - CSRF
       HMS Testimonials 2.0.10 - XSS
       platinum_seo_pack.php - s Parameter Reflected XSS
       Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability

.travis.yml

@@ -5,7 +5,7 @@ rvm:
   - 2.0.0
   - 2.1.0
   - 2.1.1
-script: bundle exec rspec --format documentation
+script: bundle exec rspec
 notifications:
   email:
     - wpscanteam@gmail.com

Gemfile

@@ -4,7 +4,7 @@ gem "typhoeus", "~>0.6.8"
 gem "nokogiri"
 gem "json"
 gem "terminal-table"
-gem "ruby-progressbar", ">=1.2.0"
+gem "ruby-progressbar", "~>1.4.2"
 
 group :test do
   gem "webmock", ">=1.17.2"

README

@@ -35,6 +35,7 @@ ryandewhurst at gmail
    * Kali Linux
    * Pentoo
    * SamuraiWTF
+   * ArchAssault
 
   Prerequisites:
 
@@ -131,15 +132,15 @@ ryandewhurst at gmail
     ap       all plugins (can take a long time)
     tt       timthumbs
     t        themes
-    vp       only vulnerable themes
+    vt       only vulnerable themes
     at       all themes (can take a long time)
-  Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
-  If no option is supplied, the default is 'vt,tt,u,vp'
+  Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
+  If no option is supplied, the default is "vt,tt,u,vp"
 
---exclude-content-based '<regexp or string>'  Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
                                              You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
 
---config-file | -c <config file> Use the specified config file
+--config-file | -c <config file> Use the specified config file, see the example.conf.json
 
 --user-agent | -a <User-Agent> Use the specified User-Agent
 
@@ -154,28 +155,32 @@ ryandewhurst at gmail
 --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
                                  HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
 
---proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).
+--proxy-auth <username:password>  Supply the proxy login credentials.
 
---basic-auth <username:password>  Set the HTTP Basic authentication
+--basic-auth <username:password>  Set the HTTP Basic authentication.
 
 --wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
 
---threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+--threads  | -t <number of threads>  The number of threads to use when multi-threading requests.
 
 --username | -U <username>  Only brute force the supplied username.
 
---cache-ttl <cache-ttl>  Typhoeus cache TTL
+--cache-ttl <cache-ttl>  Typhoeus cache TTL.
 
---request-timeout <request-timeout>  Request Timeout
+--request-timeout <request-timeout>  Request Timeout.
 
---connect-timeout <connect-timeout>  Connect Timeout
+--connect-timeout <connect-timeout>  Connect Timeout.
 
---max-threads <max-threads>  Maximum Threads
+--max-threads <max-threads>  Maximum Threads.
 
 --help     | -h This help screen.
 
 --verbose  | -v Verbose output.
 
+--batch Never ask for user input, use the default behaviour.
+
+--no-color Do not use colors in the output.
+
 ==WPSCAN EXAMPLES==
 
 Do 'non-intrusive' checks...
@@ -212,17 +217,21 @@ Debug output...
 
 ==WPSTOOLS ARGUMENTS==
 
---help    | -h   This help screen.
---Verbose | -v   Verbose output.
---update  | -u   Update to the latest revision.
---generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
---gpl  Alias for --generate_plugin_list
---check-local-vulnerable-files | --clvf <local directory>  Perform a recursive scan in the <local directory> to find vulnerable files or shells
+-v, --verbose                                                Verbose output
+    --check-vuln-ref-urls, --cvru                            Check all the vulnerabilities reference urls for 404
+    --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY   Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
+    --generate-plugin-list, --gpl [NUMBER_OF_PAGES]          Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
+    --generate-full-plugin-list, --gfpl                      Generate a new full data/plugins.txt file
+    --generate-theme-list, --gtl [NUMBER_OF_PAGES]           Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)
+    --generate-full-theme-list, --gftl                       Generate a new full data/themes.txt file
+    --generate-all, --ga                                     Generate a new full plugins, full themes, popular plugins and popular themes list
+-s, --stats                                                  Show WpScan Database statistics
+    --spellcheck, --sc                                       Check all files for common spelling mistakes.
 
 ==WPSTOOLS EXAMPLES==
 
 - Generate a new 'most popular' plugin list, up to 150 pages ...
-ruby wpstools.rb --generate_plugin_list 150
+ruby wpstools.rb --generate-plugin-list 150
 
 - Locally scan a wordpress installation for vulnerable files or shells :
 ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/

README.md

@@ -30,6 +30,7 @@ WPScan comes pre-installed on the following Linux distributions:
 - [Kali Linux](http://www.kali.org/)
 - [Pentoo](http://www.pentoo.ch/)
 - [SamuraiWTF](http://samurai.inguardians.com/)
+- [ArchAssault](https://archassault.org/)
 
 Prerequisites:
 
@@ -147,13 +148,13 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
         t        themes
         vt       only vulnerable themes
         at       all themes (can take a long time)
-    Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
-    If no option is supplied, the default is 'vt,tt,u,vp'
+      Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
+      If no option is supplied, the default is "vt,tt,u,vp"
 
-    --exclude-content-based '<regexp or string>'  Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+    --exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
                                                  You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
 
-    --config-file | -c <config file> Use the specified config file
+    --config-file | -c <config file> Use the specified config file, see the example.conf.json
 
     --user-agent | -a <User-Agent> Use the specified User-Agent
 
@@ -168,28 +169,32 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
     --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
                                      HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
 
-    --proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).
+    --proxy-auth <username:password>  Supply the proxy login credentials.
 
-    --basic-auth <username:password>  Set the HTTP Basic authentication
+    --basic-auth <username:password>  Set the HTTP Basic authentication.
 
     --wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
 
-    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests.
 
     --username | -U <username>  Only brute force the supplied username.
 
-    --cache-ttl <cache-ttl>  Typhoeus cache TTL
+    --cache-ttl <cache-ttl>  Typhoeus cache TTL.
 
-    --request-timeout <request-timeout>  Request Timeout
+    --request-timeout <request-timeout>  Request Timeout.
 
-    --connect-timeout <connect-timeout>  Connect Timeout
+    --connect-timeout <connect-timeout>  Connect Timeout.
 
-    --max-threads <max-threads>  Maximum Threads
+    --max-threads <max-threads>  Maximum Threads.
 
     --help     | -h This help screen.
 
     --verbose  | -v Verbose output.
 
+    --batch Never ask for user input, use the default behaviour.
+
+    --no-color Do not use colors in the output.
+
 #### WPSCAN EXAMPLES
 
 Do 'non-intrusive' checks...
@@ -226,18 +231,23 @@ Debug output...
 
 #### WPSTOOLS ARGUMENTS
 
-    --help    | -h   This help screen.
-    --Verbose | -v   Verbose output.
-    --update  | -u   Update to the latest revision.
-    --generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
-    --gpl  Alias for --generate_plugin_list
-    --check-local-vulnerable-files | --clvf <local directory>  Perform a recursive scan in the <local directory> to find vulnerable files or shells
+    -v, --verbose                                                Verbose output
+        --check-vuln-ref-urls, --cvru                            Check all the vulnerabilities reference urls for 404
+        --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY   Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
+        --generate-plugin-list, --gpl [NUMBER_OF_PAGES]          Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
+        --generate-full-plugin-list, --gfpl                      Generate a new full data/plugins.txt file
+        --generate-theme-list, --gtl [NUMBER_OF_PAGES]           Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)
+        --generate-full-theme-list, --gftl                       Generate a new full data/themes.txt file
+        --generate-all, --ga                                     Generate a new full plugins, full themes, popular plugins and popular themes list
+    -s, --stats                                                  Show WpScan Database statistics.
+        --spellcheck, --sc                                       Check all files for common spelling mistakes.
+
 
 #### WPSTOOLS EXAMPLES
 
 Generate a new 'most popular' plugin list, up to 150 pages...
 
-```ruby wpstools.rb --generate_plugin_list 150```
+```ruby wpstools.rb --generate-plugin-list 150```
 
 Locally scan a wordpress installation for vulnerable files or shells :
 ```ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/```

data/plugin_vulns.xml

@@ -326,12 +326,17 @@
 
   <plugin name="zingiri-forum">
     <vulnerability>
-      <title>Zingiri Forum - Arbitrary File Disclosure</title>
+      <title>Zingiri Forum 1.4.2 - forum.php zing_forum_output Function url Parameter XSS</title>
       <references>
+        <osvdb>89069</osvdb>
+        <cve>2012-4920</cve>
         <secunia>50833</secunia>
+        <url>http://www.securityfocus.com/bid/57224</url>
+        <url>http://xforce.iss.net/xforce/xfdb/81156</url>
         <url>http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/</url>
       </references>
-      <type>UNKNOWN</type>
+      <type>XSS</type>
+      <fixed_in>1.4.4</fixed_in>
     </vulnerability>
   </plugin>
 
@@ -598,6 +603,7 @@
       <references>
         <osvdb>88869</osvdb>
       </references>
+      <type>FPD</type>
     </vulnerability>
     <vulnerability>
       <title>ReFlex Gallery 1.3 - Shell Upload</title>
@@ -620,6 +626,7 @@
       <title>Uploader 1.0.4 - notify.php blog Parameter XSS</title>
       <references>
         <osvdb>90840</osvdb>
+        <cve>2013-2287</cve>
         <secunia>52465</secunia>
       </references>
       <type>XSS</type>
@@ -2157,6 +2164,7 @@
         <url>http://www.securityfocus.com/bid/57256</url>
         <url>http://seclists.org/bugtraq/2013/Jan/45</url>
       </references>
+      <type>LFI</type>
     </vulnerability>
   </plugin>
 
@@ -2679,6 +2687,15 @@
   </plugin>
 
   <plugin name="ezpz-one-click-backup">
+    <vulnerability>
+      <title>EZPZ One Click Backup &lt;= 12.03.10 - OS Command Injection</title>
+      <references>
+        <osvdb>106511</osvdb>
+        <cve>2014-3114</cve>
+        <url>http://www.openwall.com/lists/oss-security/2014/05/01/11</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
     <vulnerability>
       <title>EZPZ One Click Backup &lt;= 12.03.10 - Cross Site Scripting</title>
       <references>
@@ -2815,6 +2832,7 @@
         <cve>2013-3487</cve>
         <secunia>53614</secunia>
       </references>
+      <type>XSS</type>
       <fixed_in>0.49</fixed_in>
     </vulnerability>
   </plugin>
@@ -3648,14 +3666,43 @@
 
   <plugin name="wp-ds-faq">
     <vulnerability>
-      <title>WP DS FAQ &lt;= 1.3.2 - SQL Injection Vulnerability</title>
+      <title>WP DS FAQ &lt;= 1.3.2 - ajax.php id Parameter SQL Injection</title>
       <references>
+        <osvdb>74574</osvdb>
+        <secunia>45640</secunia>
         <exploitdb>17683</exploitdb>
       </references>
       <type>SQLI</type>
     </vulnerability>
   </plugin>
 
+  <plugin name="wp-ds-faq-plus">
+    <vulnerability>
+      <title>WP DS FAQ Plus 1.0.12 - Multiple Unspecified Issues</title>
+      <references>
+        <osvdb>106614</osvdb>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>1.0.13</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>WP DS FAQ Plus 1.0.11 - Multiple Unspecified Issues</title>
+      <references>
+        <osvdb>106615</osvdb>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>1.0.12</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>WP DS FAQ Plus 1.0.3 - Multiple Unspecified CSRF</title>
+      <references>
+        <osvdb>106618</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.0.3</fixed_in>
+    </vulnerability>
+  </plugin>
+
   <plugin name="odihost-newsletter-plugin">
     <vulnerability>
       <title>OdiHost Newsletter &lt;= 1.0 - SQL Injection Vulnerability</title>
@@ -5978,6 +6025,7 @@
         <osvdb>98766</osvdb>
         <url>http://seclists.org/oss-sec/2013/q4/138</url>
       </references>
+      <type>FPD</type>
     </vulnerability>
     <vulnerability>
       <title>Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass</title>
@@ -6416,12 +6464,20 @@
 
   <plugin name="solvemedia">
     <vulnerability>
-      <title>SolveMedia 1.1.0 - CSRF Vulnerability</title>
+      <title>SolveMedia 1.1.0 - plugins.php API Key Manipulation CSRF</title>
       <references>
-        <exploitdb>24364</exploitdb>
         <osvdb>89585</osvdb>
-        <url>http://1337day.com/exploit/20222</url>
         <secunia>51927</secunia>
+        <exploitdb>24364</exploitdb>
+        <url>http://1337day.com/exploit/20222</url>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.1.1</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>SolveMedia 1.1.0 -  solvemedia.admin.inc Admin Options Page CSRF</title>
+      <references>
+        <osvdb>106320</osvdb>
       </references>
       <type>CSRF</type>
       <fixed_in>1.1.1</fixed_in>
@@ -8081,6 +8137,14 @@
   </plugin>
 
   <plugin name="syntaxhighlighter">
+    <vulnerability>
+      <title>SyntaxHighlighter Evolved 3.1.9 - Unspecified XSS</title>
+      <references>
+        <osvdb>106587</osvdb>
+      </references>
+      <type>XSS</type>
+      <fixed_in>3.1.10</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>SyntaxHighlighter Evolved 3.1.5 - clipboard.swf Unspecified XSS</title>
       <references>
@@ -8493,10 +8557,11 @@
 
   <plugin name="qtranslate">
     <vulnerability>
-      <title>qTranslate - Cross-Site Request Forgery Vulnerability</title>
+      <title>qTranslate 2.5.34 - Setting Manipulation CSRF</title>
       <references>
-        <secunia>53126</secunia>
         <osvdb>93873</osvdb>
+        <cve>2013-3251</cve>
+        <secunia>53126</secunia>
       </references>
       <type>CSRF</type>
     </vulnerability>
@@ -8733,6 +8798,7 @@
       <title>Stream Video Player &lt;= 1.4.0 - Setting Manipulation CSRF</title>
       <references>
         <osvdb>94466</osvdb>
+        <cve>2013-2706</cve>
         <secunia>52954</secunia>
       </references>
       <type>CSRF</type>
@@ -8832,6 +8898,7 @@
         <exploitdb>27531</exploitdb>
         <url>http://packetstormsecurity.com/files/122761/</url>
       </references>
+      <type>CSRF</type>
       <fixed_in>2.0.11</fixed_in>
     </vulnerability>
     <vulnerability>
@@ -8848,6 +8915,7 @@
         <exploitdb>27531</exploitdb>
         <url>http://packetstormsecurity.com/files/122761/</url>
       </references>
+      <type>XSS</type>
       <fixed_in>2.0.11</fixed_in>
     </vulnerability>
   </plugin>
@@ -8907,6 +8975,7 @@
         <osvdb>97263</osvdb>
       </references>
       <fixed_in>1.3.8</fixed_in>
+      <type>XSS</type>
     </vulnerability>
   </plugin>
 
@@ -9355,6 +9424,7 @@
       <references>
         <url>http://www.securityfocus.com/bid/53850</url>
       </references>
+      <type>FPD</type>
     </vulnerability>
   </plugin>
 
@@ -10027,6 +10097,14 @@
   </plugin>
 
   <plugin name="connections">
+    <vulnerability>
+      <title>Connections Business Directory 0.7.9.3 - includes/template/class.template-parts.php Pagination URL Handling XSS</title>
+      <references>
+        <osvdb>106558</osvdb>
+      </references>
+      <type>XSS</type>
+      <fixed_in>0.7.9.4</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>Connections &lt;= 0.7.1.5 - Unspecified Security Vulnerability</title>
       <references>
@@ -12084,6 +12162,30 @@
   </plugin>
 
   <plugin name="springboard-video-quick-publish">
+    <vulnerability>
+      <title>Springboard Video Quick Publish 0.2.6 - videolist.php paged Parameter Reflected XSS</title>
+      <references>
+        <osvdb>105992</osvdb>
+      </references>
+      <type>XSS</type>
+      <fixed_in>0.2.7</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Springboard Video Quick Publish 0.2.6 - springboardvideo.php video_id Parameter XSS</title>
+      <references>
+        <osvdb>105993</osvdb>
+      </references>
+      <type>XSS</type>
+      <fixed_in>0.2.7</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Springboard Video Quick Publish 0.2.6 - sb_search.php paged Parameter Reflected XSS</title>
+      <references>
+        <osvdb>105994</osvdb>
+      </references>
+      <type>XSS</type>
+      <fixed_in>0.2.7</fixed_in>
+    </vulnerability>
     <vulnerability>
       <title>Springboard Video Quick Publish 0.2.4 - Unspecified Issue</title>
       <references>
@@ -12234,6 +12336,14 @@
       <type>UNKNOWN</type>
       <fixed_in>1.1.8</fixed_in>
     </vulnerability>
+    <vulnerability>
+      <title>Lazyest Gallery 0.10.4.3 - Multiple File/Directory Insecure Permissions Local Content Manipulation</title>
+      <references>
+        <osvdb>105818</osvdb>
+      </references>
+      <type>UNKNOWN</type>
+      <fixed_in>0.10.4.4</fixed_in>
+    </vulnerability>
   </plugin>
 
   <plugin name="post-expirator">
@@ -12249,12 +12359,29 @@
 
   <plugin name="quick-pagepost-redirect-plugin">
     <vulnerability>
-      <title>Quick Page Post Redirect - CSRF and stored XSS</title>
+      <title>Quick Page Post Redirect 5.0.4 - redirect-updates.php quickppr_redirects Parameter Stored XSS</title>
       <references>
-        <url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/</url>
+        <osvdb>105707</osvdb>
         <cve>2014-2598</cve>
+        <secunia>57883</secunia>
+        <exploitdb>32867</exploitdb>
+        <url>http://www.securityfocus.com/bid/66790</url>
+        <url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/</url>
       </references>
-      <type>MULTI</type>
+      <type>XSS</type>
+      <fixed_in>5.0.5</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Quick Page Post Redirect 5.0.4 - redirect-updates.php Multiple Admin Function CSRF</title>
+      <references>
+        <osvdb>105708</osvdb>
+        <cve>2014-2598</cve>
+        <secunia>57883</secunia>
+        <exploitdb>32867</exploitdb>
+        <url>http://www.securityfocus.com/bid/66790</url>
+        <url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/</url>
+      </references>
+      <type>CSRF</type>
       <fixed_in>5.0.5</fixed_in>
     </vulnerability>
   </plugin>
@@ -12308,4 +12435,141 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="liveoptim">
+    <vulnerability>
+      <title>LiveOptim 1.4.3 - Configuration Setting Manipulation CSRF</title>
+      <references>
+        <osvdb>105986</osvdb>
+        <secunia>57990</secunia>
+        <url>http://www.securityfocus.com/bid/66939</url>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.4.4</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="wp-conditional-captcha">
+    <vulnerability>
+      <title>Conditional CAPTCHA 3.6 - wp-conditional-captcha.php Settings Page CSRF</title>
+      <references>
+        <osvdb>106014</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>3.6.1</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="wp-js-external-link-info">
+    <vulnerability>
+      <title>JS External Link Info 1.21 - redirect.php blog Parameter XSS</title>
+      <references>
+        <osvdb>106125</osvdb>
+        <url>http://packetstormsecurity.com/files/126238/</url>
+        <url>http://www.securityfocus.com/bid/66999</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="simple-fields">
+    <vulnerability>
+      <title>Simple Fields 1.1.6 - inc-admin-options.php Admin Functions CSRF</title>
+      <references>
+        <osvdb>106316</osvdb>
+      </references>
+      <type>CSRF</type>
+      <fixed_in>1.2</fixed_in>
+    </vulnerability>
+    <vulnerability>
+      <title>Simple Fields 0.3.5 - simple_fields.php wp_abspath Parameter Remote File Inclusion</title>
+      <references>
+        <osvdb>106622</osvdb>
+      </references>
+      <type>RFI</type>
+      <fixed_in>0.3.6</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="work-the-flow-file-upload">
+    <vulnerability>
+      <title>Work The Flow File Upload 1.2.1 - wp-admin/admin-ajax.php accept_file_types Parameter Manipulation File Upload Restriction Bypass</title>
+      <references>
+        <osvdb>106366</osvdb>
+        <secunia>58216</secunia>
+        <url>http://www.securityfocus.com/bid/67083</url>
+        <url>http://packetstormsecurity.com/files/126333/</url>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="file-gallery">
+    <vulnerability>
+      <title>File Gallery 1.7.9 - Settings Page create_function Function Remote Command Execution</title>
+      <references>
+        <osvdb>106417</osvdb>
+        <cve>2014-2558</cve>
+        <secunia>58216</secunia>
+        <url>http://www.securityfocus.com/bid/67120</url>
+      </references>
+      <type>RCE</type>
+      <fixed_in>1.7.9.2</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="nextcellent-gallery-nextgen-legacy">
+    <vulnerability>
+      <title>NextCellent Gallery 1.9.13 - admin/manage-images.php Multiple Field Stored XSS Weakness</title>
+      <references>
+        <osvdb>106474</osvdb>
+        <url>http://www.securityfocus.com/bid/67085</url>
+      </references>
+      <type>XSS</type>
+      <fixed_in>1.9.18</fixed_in>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="wp-affiliate-platform">
+    <vulnerability>
+      <title>WP Affiliate Manager - login.php msg Parameter XSS</title>
+      <references>
+        <osvdb>106533</osvdb>
+        <url>http://packetstormsecurity.com/files/126424/</url>
+      </references>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="query-interface">
+    <vulnerability>
+      <title>Query Interface 1.1 - Multiple Unspecified Issues</title>
+      <references>
+        <osvdb>106642</osvdb>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>1.2</fixed_in>
+    </vulnerability>
+  </plugin>
+  
+  <plugin name="photo-gallery">
+    <vulnerability>
+      <title>Photo-Gallery - Cross Site Request Forgery</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/126521/</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="infusion4wp">
+    <vulnerability>
+     <title>iMember360is 3.9.001 - XSS / Disclosure / Code Execution</title>
+      <references>
+        <url>http://1337day.com/exploit/22184</url>
+      </references>
+      <type>MULTI</type>
+      <fixed_in>3.9.002</fixed_in>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

data/themes.txt

@@ -1,69 +1,60 @@
 aadya
 abaris
+academica
 adamos
-adaptive-flat
 adelle
-admired
 adventure
 advertica-lite
-albinomouse
 aldehyde
 alexandria
 analytical-lite
-anarcho-notepad
 apprise
 arcade-basic
-arunachala
-aspen
 asteria-lite
-asteroid
 atahualpa
 attitude
 base-wp
 beach
 bearded
-big-city
-bizantine
 bizark
 bizflare
 bizkit
 biznez-lite
-bizsphere
 bizstudio-lite
-bizway
 blackbird
 blankslate
-blogbox
-blogolife
 blox
-bluegray
 boldr-lite
 boot-store
 bootstrap-ultimate
 bouquet
 bresponzive
 brightnews
-bueno
+briks
 business-lite
+business-pro
 busiprof
+butterbelly
 buzz
 capture
+careta
 catch-box
 catch-everest
 catch-evolution
 catch-kathmandu
 celestial-lite
 chaostheory
-childishly-simple
 church
+circumference-lite
 cirrus
 clean-retina
-cleo
 coller
 colorway
 contango
 coraline
 corpo
+count-down
+crangasi
 custom-community
 customizr
 cyberchimps
@@ -75,7 +66,6 @@ desk-mess-mirrored
 destro
 discover
 dms
-drop
 duena
 dusk-to-dawn
 duster
@@ -83,10 +73,8 @@ dw-minion
 dw-timeline
 dw-wallpress
 eclipse
-elegantwhite
-elmax
 engrave-lite
-epic
+enough
 esell
 esplanade
 esquire
@@ -94,76 +82,87 @@ evolve
 expert
 expound
 family
+faq
+fashionistas
 fifteen
 fine
 firmasite
 flat
+flounder
 focus
 forever
 formation
 fresh-lite
+frisco-for-buddypress
 frontier
 fruitful
 gamepress
-gold
 govpress
 graphene
 graphy
-gridbulletin
-gridiculous
 gridster-lite
 hatch
 hazen
 health-center-lite
 hemingway
+hiero
 highwind
 hueman
 i-transform
 iconic-one
 ifeature
+ignite
 imprint
 independent-publisher
 infinite
 infoway
 inkness
 inkzine
+interface
 intuition
 invert-lite
-irex-lite
 iribbon
 isis
+italian-restaurant
 itek
+jbst
+jbst-masonary
+journal-lite
 justwrite
 kavya
 klasik
+landscape
 leatherdiary
 lingonberry
-linia-magazine
-luminescence-lite
+looki-lite
 lupercalia
+madeini
+magazine-basic
 magazine-style
 magazino
 mantra
 market
+marketer
 match
 matheson
 max-magazine
-maxflat-core
 meadowhill
 mesocolumn
 mh-magazine-lite
 midnightcity
+minima-lite
 minimatica
 minimize
 mn-flow
-modern-estate
+modern-business
 monaco
 montezuma
-multiloquent
-mywiki
+naturefox
+neighborly
 neuro
 newgamer
-newpro
+news-flash
+newspress-lite
 next-saturday
 nictitate
 omega
@@ -177,6 +176,7 @@ oxygen
 p2
 padhang
 pagelines
+papercuts
 parabola
 parallax
 parament
@@ -186,11 +186,13 @@ pilot-fish
 pinbin
 pinboard
 pink-touch-2
+pisces
 platform
 point
 portfolio-press
 pr-news
 preference-lite
+presentation-lite
 preus
 primo-lite
 promax
@@ -201,20 +203,24 @@ raindrops
 rambo
 raptor
 raven
-redesign
+ready-review
+resolution
 responsive
 restaurante
 restaurateur
 restimpo
-retention
 reviewgine-affiliate
+rewind
 ridizain
+road-fighter
 sampression-lite
-semper-fi-lite
+seismic-manhattan
 sensitive
 sequel
-serene
+shamatha
 shopping
+siempel
+silver-quantum
 simple-catch
 simply-vision
 singl
@@ -225,12 +231,14 @@ smpl-skeleton
 snaps
 snapshot
 sneak-lite
-socialize-lite
+sorbet
 spacious
+sparkling
 spartan
 spasalon
 sporty
 spun
+squirrel
 stairway
 stargazer
 start-point
@@ -241,14 +249,14 @@ suevafree
 suffusion
 sugar-and-spice
 sundance
-sunny-blue-sky
 sunrain
 sunspot
 superhero
 supernova
 surfarama
 swift-basic
-tanzanite
+taraza
+tatva-lite
 teal
 tempera
 temptation
@@ -256,8 +264,6 @@ terrifico
 the-newswire
 thematic
 theron-lite
-tiga
-timeturner
 tiny-forge
 tonal
 tonic
@@ -270,13 +276,11 @@ twentytwelve
 typal-makewp005
 unite
 untitled
-uu-2014
 vantage
 venom
 viper
 virtue
 vision
-visitpress
 visual
 vryn-restaurant
 ward
@@ -286,13 +290,10 @@ wp-creativix
 wp-opulus
 wp-simple
 wpchimp-countdown
+wpstart
 writr
 x2
+xin-magazine
 yoko
-zbench
 zeedynamic
 zeeflow
-zeeminty
-zeenoble
-zeestyle
-zeetasty

data/themes_full.txt

@@ -96,6 +96,7 @@ a-little-touch-of-purple
 a-new
 a-new-theme
 a-new-wordpress-theme
+a-piece-of-cake
 a-plus
 a-setting-sun
 a-shade-of-grey
@@ -385,6 +386,7 @@ anvil-theme
 anvys
 anya
 anypixelpixel中文版
+aocean
 aos-second-version
 apbt
 apelsin
@@ -433,6 +435,7 @@ arcus-blue
 ardeeest-personal-theme
 area-51
 arefly-v1
+arete
 argonia
 ari
 ari-p
@@ -587,6 +590,7 @@ bad-mojo
 bahama
 bakeroner
 bakes
+baleen
 balloonr
 balloonsongreen
 baltimore-phototheme
@@ -723,6 +727,7 @@ bikes
 bilej-jako-mliko
 billions
 billydroid
+bilqis-theme
 binary-stylo
 biotodoma
 birchware-kiss
@@ -852,6 +857,7 @@ blackypress
 blackzebra
 blagz-blog-magazine-theme
 blain
+blanc
 blank
 blank-page
 blank-theme
@@ -901,6 +907,7 @@ blogbox
 blogfolio
 bloggable
 bloggdesigns3
+blogger
 blogger-notes
 bloggering
 bloggermom
@@ -918,6 +925,7 @@ blogmor
 blognote
 blogolife
 blogotron
+blogpress
 blogsimplified
 blogsimplified-blackneon
 blogsimplified-three-column-adsense10
@@ -931,6 +939,7 @@ blogtxt
 blogwave
 blogwise
 blogx
+blogy
 blokeish-aries
 blood-red-flower
 blossom
@@ -1206,6 +1215,7 @@ briks
 brisk
 brochure-melbourne
 broent
+bromine
 brown
 brown-ish-grid
 brown-palm
@@ -1282,6 +1292,7 @@ business-casual
 business-casual-portfolio
 business-flick
 business-flick-theme
+business-guru
 business-lite
 business-lite-4
 business-meeting
@@ -1336,6 +1347,7 @@ bytetips-remix
 bywill
 byzero
 c
+cafe
 cakifo
 call-power
 callas
@@ -1385,6 +1397,7 @@ casino-red-theme
 casino-x
 casper
 casper-mobile
+cassie
 casual
 casual-blog
 casual-theme
@@ -1454,6 +1467,7 @@ checker
 cheer
 cheetah
 chemistry
+cherish
 cherry-blossom
 cherry-dreams
 cheshire
@@ -1503,6 +1517,7 @@ chunky
 church
 circa
 circle-free
+circle-lite
 circles
 circumference-lite
 cirkle
@@ -1830,9 +1845,11 @@ cosmos
 cosplayfu
 count-down
 countdown
+counterpoint
 counterstrike
 coupler-simple-lite
 coupler-simple-theme-lite
+courier
 cover-wp
 covera-lite
 coverht-wp
@@ -1842,6 +1859,7 @@ cp-minimal
 crafty
 crafty-business
 crafty-cart
+crangasi
 crater
 crates
 crazy-colors
@@ -1959,6 +1977,7 @@ daily-minefield
 dailygood-theme
 dailymaker
 dailypost
+daisy-blue
 daisy-gray
 daivu
 daleri-selection
@@ -2043,6 +2062,7 @@ ddjogja
 de-base
 de-base-responsive-framework
 de-minimalist
+de-naani
 deadwood
 dear-diary
 debase
@@ -2147,6 +2167,7 @@ df-penguin
 df-rocker
 dfalls
 dfblog
+dgdeveloper
 dharma-initiative-theme
 di-the-writer
 diablo-blaze
@@ -2184,6 +2205,7 @@ digu
 dillon
 dimenzion
 dine-with-me
+dinhan94
 dinky
 director-theme
 directory
@@ -2198,6 +2220,7 @@ disconnected
 discoteque-theme
 discover
 discover-simple-theme
+discovery
 discussion
 discuzhome-1-0
 disney-world
@@ -2341,6 +2364,7 @@ ecologist
 ecommerce
 economist
 ecowp
+ecrivain-wp
 ectopudding
 edans-theme
 edegree
@@ -2496,6 +2520,7 @@ evo4-cms
 evocraft
 evolve
 evolved
+evoque
 evr-green
 ewul
 ex-astris
@@ -2504,6 +2529,7 @@ exagone
 exceptional
 excess
 exciter
+exclusive
 excursion
 excursion-1-1
 excursions
@@ -2518,6 +2544,7 @@ exoteric
 experia-adsense-optimizer-theme
 expert
 expound
+express
 expresscurate
 expressionblue
 expressions
@@ -2602,8 +2629,10 @@ fd
 fearful-jesuit
 feather-pen
 featuring
+fed-front-end-design
 feed-me-seymour
 feed-them
+felicity
 female
 feminine
 femme-flora
@@ -2616,6 +2645,7 @@ fetherweight
 feya
 fhi-zin
 fiber-instrumental-free
+fictive
 fidi
 fidi-2
 field
@@ -2647,6 +2677,7 @@ firmasite
 firmasite-geo
 firmasite-social
 first-boot
+first-edition
 first-lego-league-official
 first-love
 firstyme
@@ -2672,11 +2703,13 @@ flat-bootstrap-by-xtremelysocial
 flat-bootstrap-child
 flat-bootstrap-developer
 flat-bootstrap-pratt
+flat-bootstrap-spot
 flat-portfolio
 flat-portfolio-bootstrap
 flatblog
 flatiron
 flatland
+flatmag
 flato
 flatty
 flensa
@@ -2711,6 +2744,7 @@ florida-blog-theme
 floristica
 flounder
 flow
+flower
 flower-fairy-wordpress-theme-1
 flower-lust
 flower-power
@@ -2743,6 +2777,7 @@ foliocollage
 foliogrid
 foliogrid-dark
 folioville-theme-base
+follet
 follow-me-darling
 fondbox
 fontella
@@ -2751,6 +2786,7 @@ food-diet
 food-italian
 food-recipe
 foodblog
+foodeez-lite
 foolmatik
 football-mania
 football-wordpress-theme
@@ -2758,6 +2794,7 @@ for-blogger
 for-fashion
 for-women-female
 forbs-studio-chocolate-wordppress
+forceful-lite
 ford-mustang
 fordreporter
 forestly
@@ -2784,6 +2821,7 @@ frame
 framework
 france
 frank
+franklin
 franklin-street
 frantic
 frau
@@ -2797,6 +2835,7 @@ freedesign
 freedream
 freedream2010
 freemason-theme-black
+freemium
 freeside
 freetrafficsystemcom-serious-stuff-theme
 freetypo
@@ -2915,6 +2954,7 @@ gemini
 gen-blue
 generate
 generated-with-lubith
+generatepress
 generation
 generic-design
 generic-framework
@@ -2953,6 +2993,7 @@ girly
 girly-cloud-nine
 giroshi
 gitem
+gitsta
 glam-theme
 glamosense
 glass
@@ -3055,6 +3096,7 @@ gray-lines
 gray-lines-3
 gray-modern
 gray-pearl
+gray-square
 gray-texture
 gray-theme
 gray-white
@@ -3076,6 +3118,7 @@ green-city
 green-eye
 green-flowers
 green-fun
+green-garden
 green-grass
 green-grey-wide
 green-helium
@@ -3103,6 +3146,7 @@ green-view
 green-web-sign
 green-yellow
 green_1
+greenage-vegetarian-fresh-organic-blog-by-bestwebsoft
 greenandblack
 greenback
 greenblog
@@ -3295,6 +3339,7 @@ high-technologies
 highdef
 highschool
 highsense
+hightide
 highwind
 highwind-light
 hijau-itu-indah
@@ -3511,6 +3556,7 @@ infinitano
 infinite
 infinity
 infinity-and-beyond
+infiword
 influencers
 info-notes
 info-technology
@@ -3555,6 +3601,7 @@ instructor-lead-online-tutoring-system
 intaglio
 integrati
 intention
+interface
 internet
 internet-center
 internet-center-3-columns
@@ -3652,6 +3699,7 @@ jatri
 jaxjam
 jazz-cafe
 jbst
+jbst-1pxdeep
 jbst-masonary
 jc-one-lite
 jcblackone
@@ -3715,6 +3763,7 @@ jour-dhiver
 journal
 journal-blogazine
 journal-box
+journal-lite
 journal-theme
 journalism
 journalist
@@ -3750,6 +3799,7 @@ just-enough-is-more-single-author
 just-for-october
 just-grey
 just-kite-it
+just-landing-page
 just-pink
 just-simple
 just-theme-framework-light
@@ -3780,6 +3830,7 @@ karakuri
 karappo-style
 karsho-simple
 karsho-simple-theme
+kasa
 kasrod
 kastelgreen
 katarina-dark
@@ -3811,6 +3862,7 @@ kiloalpha
 kimono
 kind-of-business
 kindo
+king-church-theme
 king51
 kingdom
 kinyonga
@@ -3920,6 +3972,7 @@ layout-engine-base
 layout-engine-theme
 lazy-sunday
 lazyday
+lazyprof
 lb-mint
 lb-projects
 lb-spring-2009
@@ -3931,6 +3984,7 @@ le-redditor
 leaf
 leaf-butterfly
 leafwall
+lean
 lean-and-clean
 lean-and-clean-arizona
 leapwing
@@ -3947,6 +4001,7 @@ lelci
 lemming
 lemon-lemon
 lemosstyle
+lemuralia
 lenen
 leniy-radius
 lenora
@@ -3959,6 +4014,7 @@ less-is-more
 less-less-less
 let-them-eat-marie
 letspanic
+letterhead
 leviathan
 lform-simple-theme
 lias-card-games
@@ -4138,6 +4194,7 @@ macpress
 mad-meg
 made-for-small-business
 made-for-you
+madeini
 madiha
 madina
 madinasyedan
@@ -4155,6 +4212,7 @@ magazine-three-column
 magazino
 magazinstyle-ter
 magic-beauty
+magic-corp
 magic-dust
 magic-tree
 magicbackground
@@ -4179,6 +4237,7 @@ majapahit
 majestic
 major
 major-media
+make
 make-money-online-theme
 make-money-online-theme-1
 make-money-online-theme-2
@@ -4280,6 +4339,7 @@ media-maven
 media-pressroom-theme
 mediaandme-cherry-theme
 medical
+medical-center
 medical-practice-101
 medical-theme
 medicine
@@ -4719,6 +4779,7 @@ naked
 namib
 nano-blogger
 nanoplex
+narcissism
 narcissus
 narga
 narrownplain
@@ -4729,6 +4790,7 @@ native-1-0
 nattywp
 natura
 naturaagro
+natural
 natural-beauty
 natural-magazine
 natural-remedy-blog-theme
@@ -4757,6 +4819,7 @@ needle
 needles
 neewee
 neewee-wordpress-theme
+neighborly
 nelson
 nemezisproject-toolbox
 neni
@@ -4792,6 +4855,7 @@ neverballium
 new-arabic-theme
 new-balance-of-blue
 new-contemporary
+new-era
 new-fresh
 new-golden-gray
 new-green-natural-living-ngnl
@@ -4804,6 +4868,7 @@ new-visions
 new-web
 new-york
 new-york-black-and-white
+newave
 newbar
 newblog
 newdark
@@ -4823,6 +4888,7 @@ news-leak
 news-magazine-theme-640
 news-print
 news-print-v20
+news-real-estate
 news-tfi
 newsbeat
 newschannel
@@ -4833,6 +4899,7 @@ newsmin
 newspaper
 newspaper-theme
 newspress
+newspress-lite
 newspring
 newsprint
 newstheme
@@ -4888,6 +4955,7 @@ njobsboard
 no-frills
 no-image-theme
 no-name-yet
+no-newz
 noble
 nobyebye-theme
 nocss
@@ -4983,6 +5051,7 @@ old-style
 oldblog
 oldgreen-and-grey
 olingo
+oliva
 olive
 olive-todd
 olivia
@@ -5233,6 +5302,7 @@ pemilu
 pemimpin
 pencil-draw
 penguin-2-0
+penny
 penumbra
 people-silhouettes
 pep
@@ -5272,6 +5342,7 @@ phire
 phloggin
 phobos-wp-theme
 phoenix
+phogra
 phoney
 phonix
 photo-addict
@@ -5314,6 +5385,7 @@ picolight
 picomol
 picomol-theme
 pictorial
+pictorico
 picture-perfect
 picturesque
 pieces
@@ -5322,6 +5394,7 @@ piggie-bank
 pigmented
 pilcrow
 pilot-fish
+pinado
 pinbin
 pinblack
 pinblue
@@ -5369,6 +5442,7 @@ pinzolo
 piratenkleider
 piratenpartei-deutschland
 pisces
+pistacia
 pitch
 pitch-premium
 pitter
@@ -5395,6 +5469,7 @@ plainmagic
 plainscape
 plainscape-dark-mod
 plaintxtblog
+planc
 planetemo
 plantiversum
 planu
@@ -5482,6 +5557,7 @@ premium-violet
 premium-wp-blog
 prequel
 present
+presentation-lite
 press3
 pressplay
 presswork
@@ -5519,6 +5595,7 @@ probluezine
 proclouds
 produccion-musical
 producer
+product
 productive
 professional-blog
 professional-business-magazine
@@ -5600,6 +5677,7 @@ qawker
 qawker-by-skatter-tech
 qore-press-premium-q-theme
 quadra
+quality
 quality-control
 quantum
 quantus
@@ -5626,6 +5704,7 @@ rabbit-hole
 rachel
 ractopress
 ractors-wordpress-theme
+radar
 radiant
 radiate
 radioactive-wordpress-theme
@@ -5687,6 +5766,7 @@ realify
 reality
 realizare-site
 realizare-site-web
+realm
 rebar
 reborn
 recipes-blog-by-accuwebhostingcom
@@ -5839,6 +5919,7 @@ retrosp3ct
 retrospective
 retweet
 reuben
+reveal-pro
 review
 review-press
 reviewgine-affiliate
@@ -5992,6 +6073,7 @@ sandy-beach
 sangsaka-20
 sanguinaire
 sans
+santiagum
 santra
 sapphire
 sapphire-stretch
@@ -6066,6 +6148,7 @@ selalu-ceria
 self
 selfish-jerk
 selfish-jerk-3
+selfword
 semper-fi
 semper-fi-lite
 semplice
@@ -6194,6 +6277,7 @@ silver-corp
 silver-dreams
 silver-mag-lite
 silver-platinum
+silver-quantum
 silver-simplicity
 silver-spot
 silvera
@@ -6206,6 +6290,7 @@ simba
 simger
 simobile
 simon-wp-framework
+simone
 simpcalar
 simple
 simple-and-clean
@@ -6233,6 +6318,7 @@ simple-dark-theme
 simple-dia
 simple-dream
 simple-flow
+simple-gold-one
 simple-golden-black
 simple-gray
 simple-green
@@ -6260,6 +6346,7 @@ simple-pro
 simple-property
 simple-red
 simple-red-theme
+simple-responsive
 simple-round
 simple-search
 simple-sophisticated
@@ -6634,6 +6721,7 @@ spun2
 square-splatter
 squared
 squares
+squeezeme
 squeezepage
 squirrel
 squoze
@@ -6668,6 +6756,7 @@ start-news
 start-point
 started
 starter
+starter-layout-1
 starterleft
 starterright
 startpoint
@@ -6685,6 +6774,7 @@ status
 staycool
 staypressed
 stealth-gray-mix-red-251
+steampuff
 steampunk
 steampunk-x2-v11
 steamy-heatmap-theme
@@ -6961,6 +7051,8 @@ tectale-sunset
 tectale-tweety
 tedxwc
 teerex
+tehno-njuz
+tehnonjuz
 teki-theme
 tellypress
 tema-882-nb
@@ -7112,6 +7204,7 @@ themetastico
 themetiger-fashion
 themia-lite
 themia-pro
+themify-base
 themingpress-skeleton
 themolio
 theophilus
@@ -7152,6 +7245,7 @@ thurs
 thursdays-women
 tibelat
 tickled-pink
+tidy
 tidy-focus
 tiga
 tiger
@@ -7227,6 +7321,7 @@ tp-iphone
 tp-purpure
 tpbb
 tpsunrise
+tracks
 traction
 traffica
 traffica-theme
@@ -7260,6 +7355,7 @@ travel-is-my-life
 travel-is-my-life2
 travel-lite
 travel-log-by-taddeiweb
+travel-planet
 travel-power
 travelblog
 traveler-blog
@@ -7299,10 +7395,13 @@ trueblood
 trulyminimal
 trvl
 tryitfree
+ts-365-taraba-software
 tsokolate
+tsw
 tsw-plain
 tsw_plain
 tswplain
+tswwide
 ttblog
 ttblog-theme
 ttnews
@@ -7412,6 +7511,9 @@ twittress
 two-birds
 twocolors
 twordder
+twwenty-twelve
+twwwenty-twelve
+tycoon
 tydskrif
 tylan
 tyler
@@ -7499,6 +7601,7 @@ urwahl3000
 usa-management
 usable-l-c-r
 usama
+usertheme
 utheme
 utieletronica
 utility
@@ -7593,6 +7696,7 @@ virtual-sightseeing
 virtue
 vision
 visitpress
+viso
 viso-theme
 vista
 vista-like
@@ -7602,6 +7706,7 @@ visual
 visual-sense-light
 visual-violent
 vita
+vivacity
 vivid-night
 vk-style-for-wp
 vnotebook
@@ -7674,6 +7779,7 @@ watercolor
 waternymph-and-dolphin
 waterside
 watson
+wau-comunicacion
 wavefront
 wbhosts
 wbox
@@ -7744,7 +7850,9 @@ white-on-blue
 white-orange
 white-pad
 white-paper
+white-premium
 white-queen
+white-spektrum
 white-structure-blue-version
 white-themes
 white-top-show
@@ -7967,6 +8075,7 @@ wp-red-post-news-elegant
 wp-rootstrap
 wp-sanda
 wp-simple
+wp-simple-one
 wp-soul
 wp-sponge-bob
 wp-strap
@@ -7981,6 +8090,7 @@ wp-swing
 wp-themes-blogger
 wp-themes-blue
 wp-themes-magazine
+wp-themingstrap
 wp-thevalley
 wp-tiles
 wp-times

data/wp_versions.xml

@@ -11,6 +11,9 @@
              xsi:noNamespaceSchemaLocation="wp_versions.xsd">
 
   <file src="readme.html">
+    <hash md5="cdbf9b18e3729b3553437fc4e9b6baad">
+      <version>3.9.1</version>
+    </hash>
     <hash md5="84b54c54aa48ae72e633685c17e67457">
       <version>3.9</version>
     </hash>
@@ -62,15 +65,18 @@
   </file>
 
   <file src="wp-includes/css/buttons-rtl.css">
-    <hash md5="d24d1d1eb3a4b9a4998e4df1761f8b9e">
-      <version>3.9</version>
-    </hash>
     <hash md5="71c13ab1693b45fb3d7712e540c4dfe0">
       <version>3.8</version>
     </hash>
   </file>
 
   <file src="wp-includes/js/tinymce/wp-tinymce.js.gz">
+    <hash md5="de42820ca28cfc889f428dbef29621c3">
+      <version>3.9.1</version>
+    </hash>
+    <hash md5="1d52314b1767c557b7232ae192c80318">
+      <version>3.9</version>
+    </hash>
     <!-- Note: 3.7.1 has no unique file (the hash below is the same than the 3.7.2) -->
     <hash md5="44d281b0d84cc494e2b095a6d2202f4d">
       <version>3.7.1</version>

lib/common/common_helper.rb

@@ -34,7 +34,7 @@ WP_VERSIONS_XSD     = DATA_DIR + '/wp_versions.xsd'
 LOCAL_FILES_XSD     = DATA_DIR + '/local_vulnerable_files.xsd'
 USER_AGENTS_FILE    = DATA_DIR + '/user-agents.txt'
 
-WPSCAN_VERSION       = '2.4'
+WPSCAN_VERSION       = '2.4.1'
 
 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -95,6 +95,35 @@ def version
   REVISION ? "v#{WPSCAN_VERSION}r#{REVISION}" : "v#{WPSCAN_VERSION}"
 end
 
+# Define colors
+def colorize(text, color_code)
+  if $COLORSWITCH
+    "#{text}"
+  else
+    "\e[#{color_code}m#{text}\e[0m"
+  end
+end
+
+def bold(text)
+  colorize(text, 1)
+end
+
+def red(text)
+  colorize(text, 31)
+end
+
+def green(text)
+  colorize(text, 32)
+end
+
+def amber(text)
+  colorize(text, 33)
+end
+
+def blue(text)
+  colorize(text, 34)
+end
+
 # our 1337 banner
 def banner
   puts '_______________________________________________________________'
@@ -118,18 +147,6 @@ def banner
   puts
 end
 
-def colorize(text, color_code)
-  "\e[#{color_code}m#{text}\e[0m"
-end
-
-def red(text)
-  colorize(text, 31)
-end
-
-def green(text)
-  colorize(text, 32)
-end
-
 def xml(file)
   Nokogiri::XML(File.open(file)) do |config|
     config.noblanks

lib/common/models/vulnerability/output.rb

@@ -5,17 +5,17 @@ class Vulnerability
 
     # output the vulnerability
     def output(verbose = false)
-      puts ' |'
-      puts ' | ' + red("* Title: #{title}")
+      puts
+      puts "#{red('[!]')} Title: #{title}"
       references.each do |key, urls|
         methodname = "url_#{key}"
         urls.each do |u|
           url = send(methodname, u)
-          puts ' | ' + red("* Reference: #{url}") if url
+          puts "    Reference: #{url}" if url
         end
       end
       if !fixed_in.empty?
-         puts " | * Fixed in: #{fixed_in}"
+         puts "#{blue('[i]')} Fixed in: #{fixed_in}"
       end
     end
   end

lib/common/models/wp_item/output.rb

@@ -6,13 +6,13 @@ class WpItem
     # @return [ Void ]
     def output(verbose = false)
       puts
-      puts " | Name: #{self}" #this will also output the version number if detected
+      puts "#{green('[+]')} Name: #{self}" #this will also output the version number if detected
       puts " |  Location: #{url}"
       #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
       puts " |  Readme: #{readme_url}" if has_readme?
       puts " |  Changelog: #{changelog_url}" if has_changelog?
-      puts " | " + red('[!]') + " Directory listing is enabled: #{url}" if has_directory_listing?
-      puts " | " + red('[!]') + " An error_log file has been found: #{error_log_url}" if has_error_log?
+      puts "#{red('[!]')} Directory listing is enabled: #{url}" if has_directory_listing?
+      puts "#{red('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log?
 
       additional_output(verbose) if respond_to?(:additional_output)
 

lib/common/models/wp_theme/output.rb

@@ -5,10 +5,10 @@ class WpTheme
 
     # @return [ Void ]
     def additional_output(verbose = false)
+      theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
       puts " |  Style URL: #{style_url}"
       puts " |  Theme Name: #@theme_name" if @theme_name
       puts " |  Theme URI: #@theme_uri" if @theme_uri
-      theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
       puts " |  Description: #{theme_desc}"
       puts " |  Author: #@theme_author" if @theme_author
       puts " |  Author URI: #@theme_author_uri" if @theme_author_uri

lib/common/models/wp_version/output.rb

@@ -5,12 +5,12 @@ class WpVersion < WpItem
 
     def output(verbose = false)
       puts
-      puts green('[+]') + " WordPress version #{self.number} identified from #{self.found_from}"
+      puts "#{green('[+]')} WordPress version #{self.number} identified from #{self.found_from}"
 
       vulnerabilities = self.vulnerabilities
 
       unless vulnerabilities.empty?
-        puts red('[!]') + " #{vulnerabilities.size} vulnerabilities identified from the version number"
+        puts "#{red('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number"
 
         vulnerabilities.output
       end

lib/wpscan/wpscan_helper.rb

@@ -60,10 +60,9 @@ end
 def help
   puts 'Help :'
   puts
-  puts 'Some values are settable in conf/browser.conf.json :'
-  puts '  user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'
+  puts 'Some values are settable in a config file, see the example.conf.json'
   puts
-  puts '--update   Update to the latest revision'
+  puts '--update                            Update to the latest revision.'
   puts '--url       | -u <target url>       The WordPress URL/domain to scan.'
   puts '--force     | -f                    Forces WPScan to not check if the remote site is running WordPress.'
   puts '--enumerate | -e [option(s)]        Enumeration.'
@@ -80,27 +79,31 @@ def help
   puts '  Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins'
   puts '  If no option is supplied, the default is "vt,tt,u,vp"'
   puts
-  puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied'
-  puts '                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'
-  puts '--config-file | -c <config file> Use the specified config file'
-  puts '--user-agent | -a <User-Agent> Use the specified User-Agent'
-  puts '--random-agent | -r Use a random User-Agent'
+  puts '--exclude-content-based "<regexp or string>"'
+  puts '                                    Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied.'
+  puts '                                    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).'
+  puts '--config-file  | -c <config file>   Use the specified config file, see the example.conf.json.'
+  puts '--user-agent   | -a <User-Agent>    Use the specified User-Agent.'
+  puts '--random-agent | -r                 Use a random User-Agent.'
   puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
-  puts '--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'
-  puts '--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
-  puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).'
-  puts '                                 HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'
-  puts '--proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).'
-  puts '--basic-auth <username:password>  Set the HTTP Basic authentication'
+  puts '--batch                             Never ask for user input, use the default behaviour.'
+  puts '--no-color                          Do not use colors in the output.'
+  puts '--wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it.'
+  puts '                                    Subdirectories are allowed.'
+  puts '--wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.'
+  puts '                                    If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
+  puts '--proxy <[protocol://]host:port>    Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported.'
+  puts '                                    If no protocol is given (format host:port), HTTP will be used.'
+  puts '--proxy-auth <username:password>    Supply the proxy login credentials.'
+  puts '--basic-auth <username:password>    Set the HTTP Basic authentication.'
   puts '--wordlist | -w <wordlist>          Supply a wordlist for the password bruter and do the brute.'
-  puts '--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'
   puts '--username | -U <username>          Only brute force the supplied username.'
-  puts '--cache-ttl <cache-ttl>  Typhoeus cache TTL'
-  puts '--request-timeout <request-timeout>  Request Timeout'
-  puts '--connect-timeout <connect-timeout>  Connect Timeout'
-  puts '--max-threads <max-threads>  Maximum Threads'
+  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
+  puts '--cache-ttl       <cache-ttl>       Typhoeus cache TTL.'
+  puts '--request-timeout <request-timeout> Request Timeout.'
+  puts '--connect-timeout <connect-timeout> Connect Timeout.'
+  puts '--max-threads     <max-threads>     Maximum Threads.'
   puts '--help     | -h                     This help screen.'
   puts '--verbose  | -v                     Verbose output.'
-  puts '--batch Never ask for user input, use the default behaviour.'
   puts
 end

lib/wpscan/wpscan_options.rb

@@ -13,6 +13,7 @@ class WpscanOptions
     :enumerate_timthumbs,
     :enumerate_usernames,
     :enumerate_usernames_range,
+    :no_color,
     :proxy,
     :proxy_auth,
     :threads,
@@ -257,7 +258,8 @@ class WpscanOptions
       ['--request-timeout', GetoptLong::REQUIRED_ARGUMENT],
       ['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT],
       ['--max-threads', GetoptLong::REQUIRED_ARGUMENT],
-      ['--batch', GetoptLong::NO_ARGUMENT]
+      ['--batch', GetoptLong::NO_ARGUMENT],
+      ['--no-color', GetoptLong::NO_ARGUMENT]
     )
   end
 

lib/wpstools/plugins/stats/stats_plugin.rb

@@ -6,7 +6,7 @@ class StatsPlugin < Plugin
     super(author: 'WPScanTeam - Christian Mehlmauer')
 
     register_options(
-        ['--stats', '--s', 'Show WpScan Database statistics']
+        ['--stats', '-s', 'Show WpScan Database statistics.']
     )
   end
 
@@ -26,8 +26,13 @@ class StatsPlugin < Plugin
       puts "[#] Total vulnerable themes:   #{vuln_theme_count}"
       puts
       puts "[#] Total version vulnerabilities: #{version_vulns_count}"
+      puts "[#] Total fixed vulnerabilities:   #{fix_version_count}"
+      puts
       puts "[#] Total plugin vulnerabilities:  #{plugin_vulns_count}"
+      puts "[#] Total fixed vulnerabilities:   #{fix_plugin_count}"
+      puts
       puts "[#] Total theme vulnerabilities:   #{theme_vulns_count}"
+      puts "[#] Total fixed vulnerabilities:   #{fix_theme_count}"
       puts
       puts "[#] Total plugins to enumerate:  #{total_plugins}"
       puts "[#] Total themes to enumerate:   #{total_themes}"
@@ -57,15 +62,26 @@ class StatsPlugin < Plugin
   def version_vulns_count(file=WP_VULNS_FILE)
     xml(file).xpath('count(//vulnerability)').to_i
   end
+  def fix_version_count(file=WP_VULNS_FILE)
+    xml(file).xpath('count(//fixed_in)').to_i
+  end
 
   def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
     xml(file).xpath('count(//vulnerability)').to_i
   end
 
+  def fix_plugin_count(file=PLUGINS_VULNS_FILE)
+    xml(file).xpath('count(//fixed_in)').to_i
+  end
+
   def theme_vulns_count(file=THEMES_VULNS_FILE)
     xml(file).xpath('count(//vulnerability)').to_i
   end
 
+  def fix_theme_count(file=THEMES_VULNS_FILE)
+    xml(file).xpath('count(//fixed_in)').to_i
+  end
+
   def total_plugins(file=PLUGINS_FULL_FILE)
     lines_in_file(file)
   end

spec/xml_checks_spec.rb

@@ -77,3 +77,38 @@ describe 'Well formed XML checks' do
     @file = LOCAL_FILES_FILE
   end
 end
+
+describe 'XML content' do
+  before :all do
+    @vuln_plugins = xml(PLUGINS_VULNS_FILE)
+    @vuln_themes = xml(THEMES_VULNS_FILE)
+  end
+
+  after :each do
+    @result.should have(0).items, "Items:\n#{@result.join("\n")}"
+  end
+
+  it 'each plugin vuln needs a type node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
+  end
+
+  it 'each theme vuln needs a type node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
+  end
+
+  it 'each plugin vuln needs a title node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(title)]/../@name').map(&:text)
+  end
+
+  it 'each theme vuln needs a title node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(title)]/../@name').map(&:text)
+  end
+
+  it 'each plugin vuln needs a references node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
+  end
+
+  it 'each theme vuln needs a references node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
+  end
+end

wpscan.rb

@@ -18,6 +18,9 @@ def main
       raise('No argument supplied')
     end
 
+    # Define a global variable
+    $COLORSWITCH = wpscan_options.no_color
+
     if wpscan_options.help
       help()
       usage()
@@ -38,8 +41,8 @@ def main
         end
         puts @updater.update()
       else
-        puts 'Svn / Git not installed, or wpscan has not been installed with one of them.'
-        puts 'Update aborted'
+        puts '[i] Svn / Git not installed, or wpscan has not been installed with one of them.'
+        puts "#{red('[!]')} Update aborted"
       end
       exit(0)
     end
@@ -63,14 +66,14 @@ def main
       end
     end
 
+    # Remote website has a redirection?
     if (redirection = wp_target.redirection)
       if wpscan_options.follow_redirection
         puts "Following redirection #{redirection}"
       else
-        puts "The remote host redirects to: #{redirection}"
-        puts '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
+        puts "#{blue('[i]')} The remote host tried to redirect to: #{redirection}"
+        print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
       end
-
       if wpscan_options.follow_redirection || !wpscan_options.batch
         if wpscan_options.follow_redirection || (input = Readline.readline) =~ /^y/i
           wpscan_options.url = redirection
@@ -91,7 +94,7 @@ def main
     # Remote website is wordpress?
     unless wpscan_options.force
       unless wp_target.wordpress?
-        raise 'The remote website is up, but does not seem to be running WordPress.'
+        raise "#{red('[!]')} The remote website is up, but does not seem to be running WordPress."
       end
     end
 
@@ -140,7 +143,7 @@ def main
     end
 
     wp_target.config_backup.each do |file_url|
-      puts red("[!] A wp-config.php backup file has been found in: '#{file_url}'")
+      puts "#{red('[!]')} A wp-config.php backup file has been found in: '#{file_url}'"
     end
 
     if wp_target.search_replace_db_2_exists?
@@ -379,6 +382,11 @@ def main
       puts red(e.backtrace.join("\n"))
     end
     exit(1)
+  ensure
+    # Ensure a clean abort of Hydra
+    # See https://github.com/wpscanteam/wpscan/issues/461#issuecomment-42735615
+    Browser.instance.hydra.abort
+    Browser.instance.hydra.run
   end
 end