garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
1f5cb4b0a067af80f242ef68541d6b2bf4868279
wpscan/data/plugin_vulns.xml
Christian Mehlmauer 1f5cb4b0a0 added cve tag to xml file
2013-08-23 14:02:09 +02:00

5117 lines
173 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vuln.xsd">
<plugin name="content-slide">
<vulnerability>
<title>Content Slide Plugin Cross-Site Requst Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/52949/</reference>
<reference>http://osvdb.org/93871</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wordpress-simple-paypal-shopping-cart">
<vulnerability>
<title>Simple Paypal Shopping Cart Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/52963/</reference>
<reference>http://osvdb.org/93953</reference>
<type>CSRF</type>
<fixed_in>3.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-sendsms">
<vulnerability>
<title>WP-SendSMS Plugin for WordPress Setting Manipulation CSRF</title>
<reference>http://secunia.com/advisories/53796/</reference>
<reference>http://osvdb.org/94209</reference>
<reference>http://www.exploit-db.com/exploits/26124</reference>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>WP-SendSMS Plugin for WordPress wp-admin/admin.php Multiple Parameter XSS</title>
<reference>http://osvdb.org/94210</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mail-subscribe-list">
<vulnerability>
<title>Mail Subscribe List Plugin Script Insertion Vulnerability</title>
<reference>http://secunia.com/advisories/53732/</reference>
<reference>http://osvdb.org/94197</reference>
<type>XSS</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="s3-video">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/53437/</reference>
<reference>http://seclists.org/fulldisclosure/2013/May/66</reference>
<type>XSS</type>
<fixed_in>0.98</fixed_in>
</vulnerability>
</plugin>
<plugin name="video-embed-thumbnail-generator">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/53426/</reference>
<reference>http://seclists.org/fulldisclosure/2013/May/66</reference>
<type>XSS</type>
<fixed_in>4.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="1player">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/53445/</reference>
<reference>http://seclists.org/fulldisclosure/2013/May/66</reference>
<type>XSS</type>
<fixed_in>1.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="external-video-for-everybody">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/53396/</reference>
<reference>http://seclists.org/fulldisclosure/2013/May/66</reference>
<type>XSS</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="EasySqueezePage">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<reference>http://seclists.org/fulldisclosure/2013/May/66</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="crayon-syntax-highlighter">
<vulnerability>
<title>Crayon Syntax Highlighter Remote File Inclusion</title>
<reference>http://secunia.com/advisories/50804/</reference>
<reference>
http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="ungallery">
<vulnerability>
<title>UnGallery plugin &lt;= 1.5.8 Local File Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17704/</reference>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>UnGallery Arbitrary Command Execution</title>
<reference>http://secunia.com/advisories/50875/</reference>
<reference>http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/</reference>
<type>RCE</type>
<fixed_in>2.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="thanks-you-counter-button">
<vulnerability>
<title>Thank You Counter Button XSS</title>
<reference>http://secunia.com/advisories/50977/</reference>
<type>XSS</type>
<fixed_in>1.8.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="bookings">
<vulnerability>
<title>Bookings XSS</title>
<reference>http://secunia.com/advisories/50975/</reference>
<type>XSS</type>
<fixed_in>1.8.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="cimy-user-manager">
<vulnerability>
<title>Cimy User Manager Arbitrary File Disclosure</title>
<reference>http://secunia.com/advisories/50834/</reference>
<reference>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="fs-real-estate-plugin">
<vulnerability>
<title>WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability</title>
<reference>http://secunia.com/advisories/51107/</reference>
<type>SQLI</type>
<fixed_in>2.06.04</fixed_in>
</vulnerability>
<vulnerability>
<title>FireStorm Professional Real Estate Plugin Multiple SQL Injection</title>
<reference>http://secunia.com/advisories/50873/</reference>
<reference>
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
</reference>
<type>SQLI</type>
<fixed_in>2.06.03</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp125">
<vulnerability>
<title>WP125 Multiple XSS</title>
<reference>http://secunia.com/advisories/50976/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress WP125 Plugin CSRF</title>
<reference>http://www.securityfocus.com/bid/58934</reference>
<type>CSRF</type>
<fixed_in>1.5.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="all-video-gallery">
<vulnerability>
<title>Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/50874/</reference>
<reference>http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="buddystream">
<vulnerability>
<title>BuddyStream XSS</title>
<reference>http://secunia.com/advisories/50972/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="post-views">
<vulnerability>
<title>post-views XSS</title>
<reference>http://secunia.com/advisories/50982/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="floating-social-media-links">
<vulnerability>
<title>Floating Social Media Links Remote File Inclusion</title>
<reference>http://secunia.com/advisories/51346/</reference>
<reference>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/
</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-forum">
<vulnerability>
<title>Zingiri Forum Arbitrary File Disclosure</title>
<reference>http://secunia.com/advisories/50833/</reference>
<reference>http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="google-document-embedder">
<vulnerability>
<title>Google Document Embedder Arbitrary File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/23970/</reference>
<reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
</reference>
<reference>http://secunia.com/advisories/50832/</reference>
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
<type>UNKNOWN</type>
<fixed_in>2.5.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="extended-user-profile">
<vulnerability>
<title>extended-user-profile Full Path Disclosure vulnerability</title>
<reference>http://1337day.com/exploit/20118</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="superslider-show">
<vulnerability>
<title>superslider-show Full Path Disclosure vulnerability</title>
<reference>http://1337day.com/exploit/20117</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wordpress-multibox-plugin">
<vulnerability>
<title>multibox plugin Full Path Disclosure vulnerability</title>
<reference>http://1337day.com/exploit/20119</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="contest/OpenInviter">
<vulnerability>
<title>OpenInviter Information Disclosure</title>
<reference>http://packetstormsecurity.com/files/119265/WordPress-OpenInviter-Information-Disclosure.html
</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="RokBox">
<vulnerability>
<title>RokBox Multiple Vulnerabilities</title>
<reference>http://1337day.com/exploit/19981</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="grou-random-image-widget">
<vulnerability>
<title>grou-random-image-widget Full Path Disclosure</title>
<reference>http://1337day.com/exploit/20047</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="sintic_gallery">
<vulnerability>
<title>sintic_gallery Arbitrary File Upload Vulnerability</title>
<reference>http://1337day.com/exploit/19993</reference>
<!-- Metasploit : <reference>http://1337day.com/exploit/20065</reference> -->
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>sintic_gallery Path Disclosure Vulnerability</title>
<reference>http://1337day.com/exploit/20020</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wp-useronline">
<vulnerability>
<title>WP-UserOnline Full Path Disclosure</title>
<reference>http://seclists.org/fulldisclosure/2010/Jul/8</reference>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Wp-UserOnline &lt;= 0.62 Persistent XSS</title>
<reference>http://seclists.org/fulldisclosure/2010/Jul/8</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="levelfourstorefront">
<vulnerability>
<title>Shopping Cart Shell Upload / SQL Injection</title>
<reference>http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt</reference>
<reference>http://secunia.com/advisories/51690/</reference>
<type>MULTI</type>
<fixed_in>8.1.15</fixed_in>
</vulnerability>
</plugin>
<plugin name="reflex-gallery">
<vulnerability>
<title>ReFlex Gallery Shell Upload</title>
<reference>http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="uploader">
<vulnerability>
<title>Uploader 1.0.4 Shell Upload</title>
<reference>http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="xerte-online">
<vulnerability>
<title>Xerte Online 0.32 Shell Upload</title>
<reference>http://packetstormsecurity.com/files/119220/wpxerteonline-shell.txt</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="advanced-custom-fields">
<vulnerability>
<title>Advanced Custom Fields &lt;= 3.5.1 Remote File Inclusion</title>
<reference>http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt</reference>
<reference>http://secunia.com/advisories/51037/</reference>
<metasploit>exploit/unix/webapp/wp_advanced_custom_fields_exec</metasploit>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="sitepress-multilingual-cms">
<vulnerability>
<title>Wordpress sitepress-multilingual-cms Full Path Disclosure</title>
<reference>http://1337day.com/exploit/20067</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="asset-manager">
<vulnerability>
<title>Asset Manager 0.2 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18993/</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>WordPress plugin Asset manager upload.php Arbitrary Code Execution</title>
<reference>
http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="apptha-banner">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="apptha-slider-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="blaze-slide-show-for-wordpress">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="comment-extra-field">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-rich-inline-edit">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-pager">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-uploader">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-ui-options">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fresh-page">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mac-dock-photogallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pdw-file-browser">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="power-zoomer">
<vulnerability>
<title>powerzoomer Arbitrary File Upload Vulnerability</title>
<reference>http://www.1337day.com/exploit/20253</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slide-show-pro">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="smart-slide-show">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="spotlightyour">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sprapid">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ultimate-tinymce">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<reference>http://secunia.com/advisories/51224/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-3dbanner-rotator">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-3dflick-slideshow">
<vulnerability>
<title>wp-3dflick-slideshow Arbitrary File Upload Vulnerability</title>
<reference>http://www.1337day.com/exploit/20255</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-bliss-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-carouselslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<reference>http://secunia.com/advisories/51250/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities</title>
<reference>http://secunia.com/advisories/50377/</reference>
<type>UNKNOWN</type>
<fixed_in>3.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-dreamworkgallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-ecommerce-cvs-importer">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-extended">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-flipslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-homepage-slideshow">
<vulnerability>
<title>wp-homepage-slideshow Arbitrary File Upload Vulnerability</title>
<reference>http://www.1337day.com/exploit/20260</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-image-news-slider">
<vulnerability>
<title>wp-image-news-slider Arbitrary File Upload Vulnerability</title>
<reference>http://www.1337day.com/exploit/20259</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Image News slider Plugin Unspecified Vulnerabilities</title>
<reference>http://secunia.com/advisories/50390/</reference>
<type>UNKNOWN</type>
<fixed_in>3.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-levoslideshow">
<vulnerability>
<title>wp-levoslideshow Arbitrary File Upload Vulnerability</title>
<reference>http://www.1337day.com/exploit/20250</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-matrix-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-powerplaygallery">
<vulnerability>
<title>wp-powerplaygallery Arbitrary File Upload Vulnerability</title>
<reference>http://www.1337day.com/exploit/20252</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-royal-gallery">
<vulnerability>
<title>wp-royal-gallery Arbitrary File Upload Vulnerability</title>
<reference>http://www.1337day.com/exploit/20261</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-superb-slideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp superb Slideshow Full Path Disclosure</title>
<reference>http://1337day.com/exploit/19979</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wp-vertical-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-yasslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cardoza-ajax-search">
<vulnerability>
<title>Ajax Post Search Sql Injection</title>
<reference>http://seclists.org/bugtraq/2012/Nov/33</reference>
<reference>http://secunia.com/advisories/51205/</reference>
<reference>http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html</reference>
<type>SQLI</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="answer-my-question">
<vulnerability>
<title>Answer My Question 1.1 Multiple XSS</title>
<reference>http://www.securityfocus.com/archive/1/524625/30/0/threaded</reference>
<reference>http://secunia.com/advisories/50655/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="catalog">
<vulnerability>
<title>Catalog HTML Code Injection and Cross-site scripting</title>
<reference>http://packetstormsecurity.org/files/117820/wpcatalog-xss.txt</reference>
<reference>http://secunia.com/advisories/51143/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WordPress Spider Catalog Plugin Multiple SQL Injection and Cross Site Scripting Vulnerabilities</title>
<reference>http://www.securityfocus.com/bid/60079/info</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wordfence">
<vulnerability>
<title>Wordfence 3.3.5 XSS and IAA</title>
<reference>http://seclists.org/fulldisclosure/2012/Oct/139</reference>
<reference>http://secunia.com/advisories/51055/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="slideshow-jquery-image-gallery">
<vulnerability>
<title>Slideshow jQuery Image Gallery Multiple Vulnerabilities</title>
<reference>http://www.waraxe.us/advisory-92.html</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities</title>
<reference>http://secunia.com/advisories/51135/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="social-discussions">
<vulnerability>
<title>Social Discussions Multiple Vulnerabilities</title>
<reference>http://www.waraxe.us/advisory-93.html</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="abtest">
<vulnerability>
<title>ABtest Directory Traversal</title>
<reference>
http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="bbpress">
<vulnerability>
<title>BBPress SQL Injection / Path Disclosure</title>
<reference>http://packetstormsecurity.org/files/116123</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="nextgen_cu3er_gallery">
<vulnerability>
<title>NextGen Cu3er Gallery Information Disclosure</title>
<reference>http://packetstormsecurity.org/files/116150</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="rich-widget">
<vulnerability>
<title>Rich Widget File Upload</title>
<reference>http://packetstormsecurity.org/files/115787/wprichwidget-shell.txt</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="monsters-editor-10-for-wp-super-edit">
<vulnerability>
<title>Monsters Editor Shell Upload</title>
<reference>http://packetstormsecurity.org/files/115788/wpmonsters-shell.txt</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="quick-post-widget">
<vulnerability>
<title>Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities</title>
<reference>http://seclists.org/bugtraq/2012/Aug/66</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="threewp-email-reflector">
<vulnerability>
<title>ThreeWP Email Reflector 1.13 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/20365/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-simplemail">
<vulnerability>
<title>SimpleMail 1.0.6 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/20361/</reference>
<reference>http://secunia.com/advisories/50208/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="postie">
<vulnerability>
<title>Postie 1.4.3 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/20360/</reference>
<reference>http://secunia.com/advisories/50207/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="rsvpmaker">
<vulnerability>
<title>RSVPMaker v2.5.4 Persistent XSS</title>
<reference>http://www.exploit-db.com/exploits/20474/</reference>
<reference>http://secunia.com/advisories/50289/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mz-jajak">
<vulnerability>
<title>Mz-jajak &lt;= 2.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/20416/</reference>
<reference>http://secunia.com/advisories/50217/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="resume-submissions-job-postings">
<vulnerability>
<title>Resume Submissions Job Posting v2.5.1 Unrestricted File Upload</title>
<reference>http://www.packetstormsecurity.org/files/114716</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-predict">
<vulnerability>
<title>WP-Predict v1.0 Blind SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/19715/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="backup">
<vulnerability>
<title>Backup Plugin Information Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19524/</reference>
<reference>http://secunia.com/advisories/50038/</reference>
<type>UNKNOWN</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="moodthingy-mood-rating-widget">
<vulnerability>
<title>MoodThingy Widget v0.8.7 Blind SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/19572/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="paid-business-listings">
<vulnerability>
<title>Paid Business Listings v1.0.2 Blind SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/19481/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="website-faq">
<vulnerability>
<title>Website FAQ Plugin v1.0 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/19400/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="radykal-fancy-gallery">
<vulnerability>
<title>Fancy Gallery 1.2.4 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/114114/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="flipbook">
<vulnerability>
<title>Flip Book 1.0 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/114112/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="ajax_multi_upload">
<vulnerability>
<title>Ajax Multi Upload 1.1 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/114109/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="schreikasten">
<vulnerability>
<title>Schreikasten 0.14.13 XSS</title>
<reference>http://www.exploit-db.com/exploits/19294/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-automatic">
<vulnerability>
<title>Wordpress Automatic 2.0.3 CSRF</title>
<reference>http://packetstormsecurity.org/files/113763/</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="videowhisper-video-conference-integration">
<vulnerability>
<title>VideoWhisper Video Conference
4.51 Arbitrary File Upload Vulnerability
</title>
<reference>http://packetstormsecurity.org/files/113580/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="auctionplugin">
<vulnerability>
<title>Auctions Plugin 2.0.1.3 Arbitrary
File Upload Vulnerability
</title>
<reference>http://packetstormsecurity.org/files/113568/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lb-mixed-slideshow">
<vulnerability>
<title>LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/113844/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lim4wp">
<vulnerability>
<title>Lim4wp 1.1.1 Arbitrary File Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/113846/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-imagezoom">
<vulnerability>
<title>Wp-ImageZoom 1.0.3 Remote File Disclosure</title>
<reference>http://packetstormsecurity.org/files/113845/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="invit0r">
<vulnerability>
<title>Invit0r 0.22 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/113639/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="announces">
<vulnerability>
<title>Annonces 1.2.0.1 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/113637/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="contus-video-galleryversion-10">
<vulnerability>
<title>Contus Video Gallery 1.3 Arbitrary
File Upload Vulnerability
</title>
<reference>http://packetstormsecurity.org/files/113571/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="contus-hd-flv-player">
<vulnerability>
<title>Contus HD FLV Player plugin &lt;= 1.3 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17678/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Contus HD FLV Player 1.7 Arbitrary
File Upload Vulnerability
</title>
<reference>http://packetstormsecurity.org/files/113570/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="user-meta">
<vulnerability>
<title>User Meta Version 1.1.1 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19052/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="topquark">
<vulnerability>
<title>Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19053/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="sfbrowser">
<vulnerability>
<title>SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19054/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="pica-photo-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19055/</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>PICA Photo Gallery 1.0 Remote File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19016/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="mac-dock-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues</title>
<reference>http://secunia.com/advisories/49923/</reference>
<type>AUTHBYPASS</type>
</vulnerability>
<vulnerability>
<title>WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities</title>
<reference>http://secunia.com/advisories/49836/</reference>
<type>XSS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
<vulnerability>
<title>Mac Photo Gallery 2.7 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19056/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="drag-drop-file-uploader">
<vulnerability>
<title>drag and drop file upload 0.1 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19057/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="custom-content-type-manager">
<vulnerability>
<title>Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19058/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-gpx-map">
<vulnerability>
<title>wp-gpx-max version 1.1.21 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19050/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="front-file-manager">
<vulnerability>
<title>Front File Manager Plugin 0.1 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19012/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="front-end-upload">
<vulnerability>
<title>Front End Upload 0.5.3 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19008/</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Front End Upload v0.5.4 Arbitrary PHP File Upload</title>
<reference>http://www.exploit-db.com/exploits/20083/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="omni-secure-files">
<vulnerability>
<title>Omni Secure Files 0.1.13 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19009/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="easy-contact-forms-exporter">
<vulnerability>
<title>Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19013/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="plugin-newsletter">
<vulnerability>
<title>Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19018/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="rbxgallery">
<vulnerability>
<title>RBX Gallery 2.1 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19019/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="simple-download-button-shortcode">
<vulnerability>
<title>Simple Download Button Shortcode 1.0 Remote File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19020/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="thinkun-remind">
<vulnerability>
<title>Thinkun Remind 1.1.3 Remote File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19021/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="tinymce-thumbnail-gallery">
<vulnerability>
<title>Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19022/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wpstorecart">
<vulnerability>
<title>wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19023/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="gallery-plugin">
<vulnerability>
<title>Gallery 3.06 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18998/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="font-uploader">
<vulnerability>
<title>Font Uploader 1.2.4 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18994/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-property">
<vulnerability>
<title>WP-Property 1.35.0 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18987/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wpmarketplace">
<vulnerability>
<title>WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18988/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="store-locator-le">
<vulnerability>
<title>Google Maps via Store Locator Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18989/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>store-locator-le SQL Injection</title>
<reference>http://secunia.com/advisories/51757/</reference>
<type>SQLI</type>
<fixed_in>3.8.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="html5avmanager">
<vulnerability>
<title>HTML5 AV Manager 0.2.7 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18990/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="foxypress">
<vulnerability>
<title>Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload</title>
<reference>http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/,
http://www.exploit-db.com/exploits/19100/
</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection</title>
<reference>http://packetstormsecurity.org/files/117768</reference>
<reference>http://secunia.com/advisories/51109/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="track-that-stat">
<vulnerability>
<title>Track That Stat &lt;= 1.0.8 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112722/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-facethumb">
<vulnerability>
<title>WP-Facethumb Gallery &lt;= 0.1 Reflected Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112658/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-survey-and-quiz-tool">
<vulnerability>
<title>Survey And Quiz Tool &lt;= 2.9.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112685/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-statistics">
<vulnerability>
<title>WP Statistics &lt;= 2.2.4 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112686/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-easy-gallery">
<vulnerability>
<title>WP Easy Gallery &lt;= 1.7 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112687/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Easy Gallery &lt;= 2.7 CSRF</title>
<reference>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=669527%40wp-easy-gallery&amp;new=669527%40wp-easy-gallery</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="subscribe2">
<vulnerability>
<title>Subscribe2 &lt;= 8.0 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112688/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="soundcloud-is-gold">
<vulnerability>
<title>Soundcloud Is Gold &lt;= 2.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112689/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sharebar">
<vulnerability>
<title>Sharebar &lt;= 1.2.5 Button Manipulation CSRF</title>
<reference>http://osvdb.org/94843</reference>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>Sharebar &lt;= 1.2.1 SQL Injection / Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112690/</reference>
<type>MULTI</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="share-and-follow">
<vulnerability>
<title>Share And Follow &lt;= 1.80.3 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112691/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sabre">
<vulnerability>
<title>SABRE &lt;= 1.2.0 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112692/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pretty-link">
<vulnerability>
<title>Pretty Link Lite &lt;= 1.5.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112693/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Pretty Link Lite &lt;= 1.6.1 Cross Site Scripting</title>
<reference>http://secunia.com/advisories/50980/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress pretty-link plugin XSS in SWF</title>
<reference>http://seclists.org/bugtraq/2013/Feb/100</reference>
<reference>http://packetstormsecurity.com/files/120433/wpprettylink163-xss.txt</reference>
<cve>2013-1636</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="newsletter-manager">
<vulnerability>
<title>Newsletter Manager &lt;= 1.0 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112694/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="network-publisher">
<vulnerability>
<title>Network Publisher &lt;= 5.0.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112695/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="leaguemanager">
<vulnerability>
<title>LeagueManager &lt;= 3.7 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112698/</reference>
<reference>http://secunia.com/advisories/49949/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LeagueManager v3.8 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/24789/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="leaflet">
<vulnerability>
<title>Leaflet &lt;= 0.0.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112699/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="joliprint">
<vulnerability>
<title>PDF And Print Button Joliprint &lt;= 1.3.0 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112700/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="iframe-admin-pages">
<vulnerability>
<title>IFrame Admin Pages &lt;= 0.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112701/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ezpz-one-click-backup">
<vulnerability>
<title>EZPZ One Click Backup &lt;= 12.03.10 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112705/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dynamic-widgets">
<vulnerability>
<title>Dynamic Widgets &lt;= 1.5.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112706/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="download-monitor">
<vulnerability>
<title>Download Monitor &lt; 3.3.6.2 Cross Site Scripting</title>
<reference>http://www.securityfocus.com/bid/61407</reference>
<reference>http://secunia.com/advisories/53116</reference>
<cve>2013-5098</cve>
<cve>2013-3262</cve>
<type>XSS</type>
<fixed_in>3.3.6.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Download Monitor &lt;= 3.3.5.7 Cross Site Scripting</title>
<reference>http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html</reference>
<reference>http://secunia.com/advisories/50511/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Download Monitor &lt;= 3.3.5.4 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112707/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="download-manager">
<vulnerability>
<title>Download Manager &lt;= 2.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112708/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="codestyling-localization">
<vulnerability>
<title>Code Styling Localization &lt;= 1.99.16 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112709/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="catablog">
<vulnerability>
<title>Catablog &lt;= 1.6 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112619/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bad-behavior">
<vulnerability>
<title>Bad Behavior &lt;= 2.24 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112619/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bulletproof-security">
<vulnerability>
<title>BulletProof Security &lt;= 0.47 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112618/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="better-wp-security">
<vulnerability>
<title>Better WP Security &lt;= 3.5.3 Stored XSS</title>
<reference>https://github.com/wpscanteam/wpscan/issues/251</reference>
<reference>http://www.securityfocus.com/archive/1/527634/30/0/threaded</reference>
<reference>http://osvdb.org/95884</reference>
<type>XSS</type>
<fixed_in>3.5.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security v3.4.3 Multiple XSS</title>
<reference>http://seclists.org/bugtraq/2012/Oct/9</reference>
<type>XSS</type>
<fixed_in>3.4.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security &lt;= 3.2.4 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112617/</reference>
<type>XSS</type>
<fixed_in>3.2.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="custom-contact-forms">
<vulnerability>
<title>Custom Contact Forms &lt;= 5.0.0.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112616/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="2-click-socialmedia-button">
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.34 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112615/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.32.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112711/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="login-with-ajax">
<vulnerability>
<title>Login With Ajax plugin Cross Site Scripting</title>
<reference>http://secunia.com/advisories/49013/</reference>
<type>XSS</type>
<fixed_in>3.0.4.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress Login With Ajax Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/52950/</reference>
<type>CSRF</type>
<fixed_in>3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="media-library-categories">
<vulnerability>
<title>Media Library Categories plugin &lt;= 1.0.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17628/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Media Library Categories plugin &lt;= 1.1.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112697/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="deans-fckeditor-with-pwwangs-code-plugin-for-wordpress">
<vulnerability>
<title>FCKeditor Deans With Pwwangs Code &lt;= 1.0.0 Remote Shell Upload</title>
<reference>http://packetstormsecurity.org/files/111319/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-web-shop">
<vulnerability>
<title>WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability</title>
<reference>http://secunia.com/advisories/49398/</reference>
<type>SQLI</type>
<fixed_in>2.4.8</fixed_in>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.4.0 Multiple XSS Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18787/</reference>
<reference>http://secunia.com/advisories/48991/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.3.5 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112684/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop 2.4.3 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/113668/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="organizer">
<vulnerability>
<title>Organizer 1.2.1 Cross Site Scripting / Path Disclosure</title>
<reference>http://packetstormsecurity.org/files/112086, http://packetstormsecurity.org/files/113800</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-tickets">
<vulnerability>
<title>Zingiri Tickets plugin File Disclosure</title>
<reference>http://packetstormsecurity.org/files/111904</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="cms-tree-page-view">
<vulnerability>
<title>XSS vulnerability in CMS Tree Page View Plugin</title>
<reference>https://www.htbridge.com/advisory/HTB23083</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="all-in-one-event-calendar">
<vulnerability>
<title>Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress</title>
<reference>http://seclists.org/bugtraq/2012/Apr/70</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="buddypress">
<vulnerability>
<title>Buddypress &lt;= 1.5.5 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/18690/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="register-plus-redux">
<vulnerability>
<title>Register Plus Redux &lt;= 3.8.3 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/111367</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="magn-html5-drag-and-drop-media-uploader">
<vulnerability>
<title>Magn WP Drag and Drop &lt;= 1.1.4 Upload Shell Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/110103</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="kish-guest-posting">
<vulnerability>
<title>Kish Guest Posting 1.0 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18412/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="allwebmenus-wordpress-menu-plugin">
<vulnerability>
<title>AllWebMenus Shell Upload &lt;= 1.1.9 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/108946/</reference>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>AllWebMenus 1.1.3 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17861/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="shortcode-redirect">
<vulnerability>
<title>Shortcode Redirect &lt;= 1.0.01 Stored Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/108914/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ucan-post">
<vulnerability>
<title>uCan Post plugin &lt;= 1.0.09 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/18390/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-cycle-playlist">
<vulnerability>
<title>WP Cycle Playlist plugin Multiple Vulnerabilities</title>
<reference>http://1337day.com/exploits/17396</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="myeasybackup">
<vulnerability>
<title>myEASYbackup 1.0.8.1 Directory Traversal</title>
<reference>http://packetstormsecurity.org/files/108711</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="count-per-day">
<vulnerability>
<title>Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/24859/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.2.3 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/115904</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.1.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/114787/SSCHADV2012-015.txt</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day plugin &lt;= 3.1.1 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18355/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Count per Day plugin &lt;= 2.17 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17857/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-autoyoutube">
<vulnerability>
<title>WP-AutoYoutube plugin &lt;= 0.1 Blind SQL Injection Vulnerability</title>
<reference>http://1337day.com/exploits/17368</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="age-verification">
<vulnerability>
<title>Age Verification plugin &lt;= 0.4 Open Redirect</title>
<reference>http://www.exploit-db.com/exploits/18350</reference>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="yousaytoo-auto-publishing-plugin">
<vulnerability>
<title>Yousaytoo Auto Publishing &lt;= 1.0 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/108470</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pay-with-tweet">
<vulnerability>
<title>Pay With Tweet plugin &lt;= 1.1 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18330/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-whois">
<vulnerability>
<title>Whois Search &lt;= 1.4.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/108271</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="upm-polls">
<vulnerability>
<title>BLIND SQL injection UPM-POLLS plugin 1.0.4</title>
<reference>http://www.exploit-db.com/exploits/18231/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="disqus-comment-system">
<vulnerability>
<title>Disqus Comment System &lt;= 2.68 Reflected Cross-Site Scripting (XSS)</title>
<reference>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-recaptcha">
<vulnerability>
<title>Google reCAPTCHA &lt;= 3.1.3 Reflected XSS Vulnerability</title>
<reference>http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="link-library">
<vulnerability>
<title>Link Library plugin &lt;= 5.2.1 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17887/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cevhershare">
<vulnerability>
<title>CevherShare 2.0 plugin SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17891/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="meenews">
<vulnerability>
<title>meenews 5.1 plugin Cross-Site Scripting Vulnerabilities</title>
<reference>http://seclists.org/bugtraq/2011/Nov/151</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="clickdesk-live-support-chat">
<vulnerability>
<title>Click Desk Live Support Chat Cross Site Scripting Vulnerability</title>
<reference>http://seclists.org/bugtraq/2011/Nov/148</reference>
<type>XSS</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="adminimize">
<vulnerability>
<title>adminimize 1.7.21 Cross-Site Scripting Vulnerabilities</title>
<reference>http://seclists.org/bugtraq/2011/Nov/135</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="advanced-text-widget">
<vulnerability>
<title>Advanced Text Widget &lt;= 2.0.0 Cross Site Scripting Vulnerability</title>
<reference>http://seclists.org/bugtraq/2011/Nov/133</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mm-duplicate">
<vulnerability>
<title>MM Duplicate plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17707/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-menu-creator">
<vulnerability>
<title>Menu Creator plugin &lt;= 1.1.7 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17689/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="allow-php-in-posts-and-pages">
<vulnerability>
<title>Allow PHP in Posts and Pages plugin &lt;= 2.0.0.RC1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17688/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="global-content-blocks">
<vulnerability>
<title>Global Content Blocks plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17687/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ajaxgallery">
<vulnerability>
<title>Ajax Gallery plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17686/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-ds-faq">
<vulnerability>
<title>WP DS FAQ plugin &lt;= 1.3.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17683/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="odihost-newsletter-plugin">
<vulnerability>
<title>OdiHost Newsletter plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17681/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="easy-contact-form-lite">
<vulnerability>
<title>Easy Contact Form Lite plugin &lt;= 1.0.7 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17680/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-symposium">
<vulnerability>
<title>WP Symposium plugin &lt;= 0.64 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17679/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Symposium plugin &lt;= 12.12 Multiple SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/50674/</reference>
<reference>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress WP Symposium Plugin &quot;u&quot; XSS</title>
<reference>http://secunia.com/advisories/52864/</reference>
<type>XSS</type>
<fixed_in>13.04</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress WP Symposium Plugin &quot;u&quot; Redirection Weakness</title>
<reference>http://secunia.com/advisories/52925/</reference>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="file-groups">
<vulnerability>
<title>File Groups plugin &lt;= 1.1.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17677/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ip-logger">
<vulnerability>
<title>IP-Logger plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17673/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="beer-recipes">
<vulnerability>
<title>Beer Recipes v.1.0 XSS</title>
<reference>http://www.exploit-db.com/exploits/17453/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="is-human">
<vulnerability>
<title>Is-human &lt;=1.4.2 Remote Command Execution Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17299/</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="editormonkey">
<vulnerability>
<title>EditorMonkey plugin (FCKeditor) Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/17284/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="sermon-browser">
<vulnerability>
<title>SermonBrowser 0.43 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17214/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ajax-category-dropdown">
<vulnerability>
<title>Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/17207/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-custom-pages">
<vulnerability>
<title>WP Custom Pages 0.5.0.1 LFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17119/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="flash-album-gallery">
<vulnerability>
<title>WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities</title>
<reference>http://secunia.com/advisories/51100/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities</title>
<reference>http://packetstormsecurity.org/files/117665/</reference>
<reference>http://www.waraxe.us/advisory-94.html</reference>
<reference>http://secunia.com/advisories/51601/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/16947/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery &lt;= 1.56 XSS Vulnerability</title>
<reference>http://seclists.org/bugtraq/2011/Nov/186</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery &lt;= 1.71 XSS Vulnerability</title>
<reference>http://packetstormsecurity.org/files/112704</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability</title>
<reference>http://secunia.com/advisories/53356/</reference>
<type>SQLI</type>
<fixed_in>2.56</fixed_in>
</vulnerability>
<vulnerability>
<title>GRAND FlAGallery Plugin "s" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/53111/</reference>
<reference>http://osvdb.org/93714</reference>
<type>XSS</type>
<fixed_in>2.72</fixed_in>
</vulnerability>
</plugin>
<plugin name="php_speedy_wp">
<vulnerability>
<title>PHP Speedy &lt;= 0.5.2 (admin_container.php) Remote Code Exec Exploit</title>
<reference>http://www.exploit-db.com/exploits/16273/</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="old-post-spinner">
<vulnerability>
<title>OPS Old Post Spinner 2.2.1 LFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16251/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="jquery-mega-menu">
<vulnerability>
<title>jQuery Mega Menu 1.0 Local File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/16250/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="iwant-one-ihave-one">
<vulnerability>
<title>IWantOneButton 3.0.1 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/16236/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="forum-server">
<vulnerability>
<title>WP Forum Server 1.6.5 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16235/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server plugin &lt;= 1.7 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17828/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server plugin &lt;= 1.7.3 SQL Injection / XSS Vulnerabilities</title>
<reference>http://www.packetstormsecurity.org/files/112703</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="relevanssi">
<vulnerability>
<title>Relevanssi 2.7.2 Stored XSS Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16233/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="gigpress">
<vulnerability>
<title>GigPress 2.1.10 Stored XSS Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16232/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="comment-rating">
<vulnerability>
<title>WordPress Comment Rating 2.9.32 SQL Injection / Bypass</title>
<reference>http://packetstormsecurity.com/files/120569/wpcomment2932-sqlbypass.txt</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Comment Rating 2.9.23 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/16221/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="z-vote">
<vulnerability>
<title>Z-Vote 1.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16218/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="user-photo">
<vulnerability>
<title>User Photo Component Remote File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16181/</reference>
<reference>http://osvdb.org/71071</reference>
<type>UPLOAD</type>
<fixed_in>0.9.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="enable-media-replace">
<vulnerability>
<title>Enable Media Replace Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/16144/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="mingle-forum">
<vulnerability>
<title>Mingle Forum &lt;= 1.0.32.1 Cross Site Scripting / SQL Injection</title>
<reference>http://packetstormsecurity.org/files/108915/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum plugin &lt;= 1.0.31 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17894/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum (Plugin) &lt;= 1.0.26 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/15943/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.33 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112696/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.33.3 Multiple Parameter SQL Injection</title>
<reference>http://osvdb.org/90434</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="accept-signups">
<vulnerability>
<title>Accept Signups 0.1 XSS</title>
<reference>http://www.exploit-db.com/exploits/15808/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="events-manager-extended">
<vulnerability>
<title>Events Manager Extended Persistent XSS Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/14923/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="nextgen-smooth-gallery">
<vulnerability>
<title>NextGEN Smooth Gallery Blind SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/14541/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mylinksdump">
<vulnerability>
<title>myLDlinker SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/14441/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="firestats">
<vulnerability>
<title>Firestats Remote Configuration File Download</title>
<reference>http://www.exploit-db.com/exploits/14308/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="simple-press">
<vulnerability>
<title>Simple:Press SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/14198/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cimy-counter">
<vulnerability>
<title>Vulnerabilities in Cimy Counter for WordPress</title>
<reference>http://www.exploit-db.com/exploits/14057/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="nextgen-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<reference>http://secunia.com/advisories/51271/</reference>
<type>XSS</type>
<fixed_in>1.9.8</fixed_in>
</vulnerability>
<vulnerability>
<title>XSS in NextGEN Gallery &lt;= 1.5.1</title>
<reference>http://www.exploit-db.com/exploits/12098/</reference>
<type>XSS</type>
<fixed_in>1.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>swfupload.swf Multiple Cross Site Scripting Vulnerabilities</title>
<reference>http://www.securityfocus.com/bid/60433</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery 1.9.12 Arbitrary File Upload</title>
<reference>http://wordpress.org/plugins/nextgen-gallery/changelog/</reference>
<reference>http://osvdb.org/94232</reference>
<cve>2013-3684</cve>
<type>UPLOAD</type>
<fixed_in>1.9.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="cpl">
<vulnerability>
<title>Copperleaf Photolog SQL injection</title>
<reference>http://www.exploit-db.com/exploits/11458/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="events-calendar">
<vulnerability>
<title>Events SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/10929/</reference>
<reference>http://osvdb.org/95677</reference>
<type>SQLI</type>
<fixed_in>6.7.10</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Events Calendar wp-admin/admin.php EC_id Parameter XSS</title>
<reference>http://osvdb.org/74705</reference>
<type>XSS</type>
<fixed_in>6.7.12a</fixed_in>
</vulnerability>
</plugin>
<plugin name="ImageManager">
<vulnerability>
<title>Image Manager Plugins Shell Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/10325/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-cumulus">
<vulnerability>
<title>Vulnerabilities in WP-Cumulus &lt;= 1.20 for WordPress</title>
<reference>http://www.exploit-db.com/exploits/10228/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WP-Cumulus Cross Site Scripting Vulnerabily</title>
<reference>http://seclists.org/fulldisclosure/2011/Nov/340</reference>
<type>XSS</type>
<fixed_in>1.23</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-syntax">
<vulnerability>
<title>WP-Syntax &lt;= 0.9.1 Remote Command Execution</title>
<reference>http://www.exploit-db.com/exploits/9431/</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="my-category-order">
<vulnerability>
<title>My Category Order &lt;= 2.8 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/9150/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="related-sites">
<vulnerability>
<title>Related Sites 2.1 Blind SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/9054/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dm-albums">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>DM Albums 1.9.2 Remote File Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/9048/</reference>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>DM Albums 1.9.2 Remote File Inclusion Vuln</title>
<reference>http://www.exploit-db.com/exploits/9043/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="photoracer">
<vulnerability>
<title>Photoracer 1.0 (id) SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/8961/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Photoracer plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17720/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Photoracer plugin &lt;= 1.0 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/17731/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-lytebox">
<vulnerability>
<title>Lytebox (wp-lytebox) Local File Inclusion Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/8791/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="fmoblog">
<vulnerability>
<title>fMoblog 2.1 (id) SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/8229/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="page-flip-image-gallery">
<vulnerability>
<title>Page Flip Image Gallery &lt;= 0.2.2 Remote FD Vuln</title>
<reference>http://www.exploit-db.com/exploits/7543/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="wp-shopping-cart">
<vulnerability>
<title>e-Commerce &lt;= 3.4 Arbitrary File Upload Exploit</title>
<reference>http://www.exploit-db.com/exploits/6867/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="downloads-manager">
<vulnerability>
<title>Download Manager 0.2 Arbitrary File Upload Exploit</title>
<reference>http://www.exploit-db.com/exploits/6127/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wpSS">
<vulnerability>
<title>Spreadsheet &lt;= 0.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5486/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-download">
<vulnerability>
<title>Download (dl_id) SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5326/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sniplets">
<vulnerability>
<title>Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/5194/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-photo-album">
<vulnerability>
<title>Photo album Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5135/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sf-forum">
<vulnerability>
<title>Simple Forum 2.0-2.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5126/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Simple Forum 1.10-1.11 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5127/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="st_newsletter">
<vulnerability>
<title>st_newsletter Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5053/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>st_newsletter (stnl_iframe.php) SQL Injection Vuln</title>
<reference>http://www.exploit-db.com/exploits/6777/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wordspew">
<vulnerability>
<title>Wordspew Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5039/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dmsguestbook">
<vulnerability>
<title>dmsguestbook 1.7.0 Multiple Remote Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/5035/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wassup">
<vulnerability>
<title>WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/5017/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-adserve">
<vulnerability>
<title>Adserve 0.2 adclick.php SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/5013/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="fgallery">
<vulnerability>
<title>plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4993/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-cal">
<vulnerability>
<title>WP-Cal 0.3 editevent.php SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4992/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wpforum">
<vulnerability>
<title>plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4939/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/7738/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-filemanager">
<vulnerability>
<title>Wp-FileManager 1.2 Remote Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4844/</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>WordPress wp-FileManager File Download Vulnerability</title>
<reference>http://secunia.com/advisories/53421/</reference>
<type>UNKNOWN</type>
<fixed_in>1.4.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="pictpress">
<vulnerability>
<title>PictPress &lt;= 0.91 Remote File Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4695/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="backupwordpress">
<vulnerability>
<title>BackUp &lt;= 0.4.2b RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4593/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="myflash">
<vulnerability>
<title>plugin myflash &lt;= 1.00 (wppath) RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3828/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wordtube">
<vulnerability>
<title>plugin wordTube &lt;= 1.43 (wpPATH) RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3825/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wp-table">
<vulnerability>
<title>plugin wp-Table &lt;= 1.43 (inc_dir) RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3824/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="mygallery">
<vulnerability>
<title>myGallery &lt;= 1.4b4 Remote File Inclusion Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3814/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="sendit">
<vulnerability>
<title>SendIt plugin &lt;= 1.5.9 Blind SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17716/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="js-appointment">
<vulnerability>
<title>Js-appointment plugin &lt;= 1.5 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17724/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mm-forms-community">
<vulnerability>
<title>MM Forms Community &lt;= 1.2.3 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17725/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>MM Forms Community 2.2.6 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18997/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="super-captcha">
<vulnerability>
<title>Super CAPTCHA plugin &lt;= 2.2.4 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17728/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="collision-testimonials">
<vulnerability>
<title>Collision Testimonials plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17729/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="oqey-headers">
<vulnerability>
<title>Oqey Headers plugin &lt;= 0.3 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17730/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="fbpromotions">
<vulnerability>
<title>Facebook Promotions plugin &lt;= 1.3.3 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17737/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="evarisk">
<vulnerability>
<title>Evarisk plugin &lt;= 5.1.3.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17738/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Evarisk 5.1.5.4 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/113638/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="profiles">
<vulnerability>
<title>Profiles plugin &lt;= 2.0 RC1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17739/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mystat">
<vulnerability>
<title>mySTAT plugin &lt;= 2.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17740/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sh-slideshow">
<vulnerability>
<title>SH Slideshow plugin &lt;= 3.1.4 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17748/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="copyright-licensing-tools">
<vulnerability>
<title>iCopyright(R) Article Tools plugin &lt;= 1.1.4 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17749/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="advertizer">
<vulnerability>
<title>Advertizer plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17750/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="event-registration">
<vulnerability>
<title>Event Registration plugin &lt;= 5.44 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17814/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Event Registration plugin &lt;= 5.43 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17751/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Event Registration 5.32 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/15513/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="crawlrate-tracker">
<vulnerability>
<title>Craw Rate Tracker plugin &lt;= 2.0.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17755/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-audio-gallery-playlist">
<vulnerability>
<title>wp audio gallery playlist plugin &lt;= 0.12 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17756/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="yolink-search">
<vulnerability>
<title>WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/52030/</reference>
<type>XSS</type>
<fixed_in>2.6</fixed_in>
</vulnerability>
<vulnerability>
<title>yolink Search plugin &lt;= 1.1.4 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17757/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="pure-html">
<vulnerability>
<title>PureHTML plugin &lt;= 1.0.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17758/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="couponer">
<vulnerability>
<title>Couponer plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17759/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="grapefile">
<vulnerability>
<title>grapefile plugin &lt;= 1.1 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/17760/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="image-gallery-with-slideshow">
<vulnerability>
<title>image-gallery-with-slideshow plugin &lt;= 1.5 Arbitrary File Upload / SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17761/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg">
<vulnerability>
<title>Donation plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17763/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-bannerize">
<vulnerability>
<title>WP Bannerize plugin &lt;= 2.8.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17764/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Bannerize plugin &lt;= 2.8.7 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17906/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="search-autocomplete">
<vulnerability>
<title>SearchAutocomplete plugin &lt;= 1.0.8 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17767/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="videowhisper-video-presentation">
<vulnerability>
<title>VideoWhisper Video Presentation plugin &lt;= 1.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17771/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="facebook-opengraph-meta-plugin">
<vulnerability>
<title>Facebook Opengraph Meta plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17773/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="zotpress">
<vulnerability>
<title>Zotpress plugin &lt;= 4.4 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17778/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="oqey-gallery">
<vulnerability>
<title>oQey Gallery plugin &lt;= 0.4.8 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17779/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="tweet-old-post">
<vulnerability>
<title>Tweet Old Post plugin &lt;= 3.2.5 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17789/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="post-highlights">
<vulnerability>
<title>post highlights plugin &lt;= 2.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17790/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="knr-author-list-widget">
<vulnerability>
<title>KNR Author List Widget plugin &lt;= 2.0.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17791/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="scormcloud">
<vulnerability>
<title>SCORM Cloud plugin &lt;= 1.0.6.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17793/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="eventify">
<vulnerability>
<title>Eventify - Simple Events plugin &lt;= 1.7.f SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17794/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="paid-downloads">
<vulnerability>
<title>Paid Downloads plugin &lt;= 2.01 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17797/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="community-events">
<vulnerability>
<title>Community Events plugin &lt;= 1.2.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17798/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="1-flash-gallery">
<vulnerability>
<title>1-flash-gallery &lt;= 1.9.0 XSS in ZeroClipboard.swf</title>
<reference>http://1337day.com/exploit/20396</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>1 Flash Gallery Arbiraty File Upload Exploit (MSF)</title>
<reference>http://www.exploit-db.com/exploits/17801/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-filebase">
<vulnerability>
<title>WP-Filebase Download Manager plugin &lt;= 0.2.9 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17808/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress WP-Filebase Plugin Unspecified Vulnerabilities</title>
<reference>http://secunia.com/advisories/51269/</reference>
<type>UNKNOWN</type>
<fixed_in>0.2.9.25</fixed_in>
</vulnerability>
</plugin>
<plugin name="a-to-z-category-listing">
<vulnerability>
<title>A to Z Category Listing plugin &lt;= 1.3 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17809/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce">
<vulnerability>
<title>WP e-Commerce plugin &lt;= 3.8.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17832/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP-e-Commerce plugin v3.8.9.5 Cross Site Scripting Vulnerability</title>
<reference>http://1337day.com/exploit/20517</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="filedownload">
<vulnerability>
<title>Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17858/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="thecartpress">
<vulnerability>
<title>TheCartPress &lt;= 1.6 Cross Site Sripting</title>
<reference>http://packetstormsecurity.org/files/108272/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>TheCartPress 1.1.1 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17860/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wpeasystats">
<vulnerability>
<title>WPEasyStats 1.8 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17862/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="annonces">
<vulnerability>
<title>Annonces 1.2.0.0 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17863/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="livesig">
<vulnerability>
<title>Livesig 0.4 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17864/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="disclosure-policy-plugin">
<vulnerability>
<title>Disclosure Policy 1.0 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17865/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="mailz">
<vulnerability>
<title>Mailing List 1.3.2 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17866/</reference>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Mailing List Arbitrary file download</title>
<reference>http://www.exploit-db.com/exploits/18276/</reference>
<type>UNKNOWN</type>
<fixed_in>1.4.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="g-web-shop">
<vulnerability>
<title>Zingiri Web Shop 2.2.0 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17867/</reference>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.2.3 Remote Code Execution</title>
<reference>http://www.exploit-db.com/exploits/18111/</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="mini-mail-dashboard-widget">
<vulnerability>
<title>Mini Mail Dashboard Widget 1.36 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17868/</reference>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Mini Mail Dashboard Widget 1.42 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/20358/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="relocate-upload">
<vulnerability>
<title>Relocate Upload 0.14 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17869/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="category-grid-view-gallery">
<vulnerability>
<title>Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title> Category Grid View Gallery CatGridPost.php ID Parameter XSS</title>
<reference>http://osvdb.org/94805</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="auto-attachments">
<vulnerability>
<title>Auto Attachments plugin 0.2.9 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-marketplace">
<vulnerability>
<title>WP Marketplace plugin 1.1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="dp-thumbnail">
<vulnerability>
<title>DP Thumbnail plugin 1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="vk-gallery">
<vulnerability>
<title>Vk Gallery plugin 1.1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="rekt-slideshow">
<vulnerability>
<title>Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cac-featured-content">
<vulnerability>
<title>CAC Featured Content plugin 0.8 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="rent-a-car">
<vulnerability>
<title>Rent A Car plugin 1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lisl-last-image-slider">
<vulnerability>
<title>LISL Last Image Slider plugin 1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="islidex">
<vulnerability>
<title>Islidex plugin 2.7 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="kino-gallery">
<vulnerability>
<title>Kino Gallery plugin 1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cms-pack-cache">
<vulnerability>
<title>Cms Pack plugin 1.3 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="a-gallery">
<vulnerability>
<title>A Gallery plugin 0.9 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="category-list-portfolio-page">
<vulnerability>
<title>Category List Portfolio Page plugin 0.9 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="really-easy-slider">
<vulnerability>
<title>Really Easy Slider plugin 0.1 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="verve-meta-boxes">
<vulnerability>
<title>Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="user-avatar">
<vulnerability>
<title>User Avatar plugin 1.3.7 shell upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="extend-wordpress">
<vulnerability>
<title>Extend plugin 1.3.7 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="adrotate">
<vulnerability>
<title>AdRotate plugin &lt;= 3.6.5 SQL Injection Vulnerability</title>
<reference>http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>AdRotate plugin &lt;= 3.6.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/18114/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-spamfree">
<vulnerability>
<title>WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17970/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="gd-star-rating">
<vulnerability>
<title>WordPress GD Star Rating Plugin Export Security Bypass Security Issue</title>
<reference>http://secunia.com/advisories/49850/</reference>
<type>AUTHBYPASS</type>
<fixed_in>1.9.19</fixed_in>
</vulnerability>
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.16 Cross Site Scripting</title>
<reference>http://www.packetstormsecurity.org/files/112702</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.10 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17973/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="contact-form-wordpress">
<vulnerability>
<title>Contact Form plugin &lt;= 2.7.5 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17980/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-photo-album-plus">
<vulnerability>
<title>WP Photo Album Plus &lt;= 4.1.1 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17983/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus &lt;= 4.8.12 Cross-Site Scripting</title>
<reference>http://secunia.com/advisories/51679/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus Full Path Disclosure</title>
<reference>http://1337day.com/exploit/20125</reference>
<type>FPD</type>
<fixed_in>4.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus XSS</title>
<reference>http://secunia.com/advisories/51829/</reference>
<type>XSS</type>
<fixed_in>4.9.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus XSS</title>
<reference>http://secunia.com/advisories/51669/</reference>
<type>XSS</type>
<fixed_in>4.9.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress WP Photo Album Plus Plugin "commentid" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/53105/</reference>
<type>XSS</type>
<fixed_in>5.0.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS</title>
<reference>http://osvdb.org/94465</reference>
<type>XSS</type>
<fixed_in>5.0.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="backwpup">
<vulnerability>
<title>BackWPUp 2.1.4 Code Execution</title>
<reference>http://www.exploit-db.com/exploits/17987/</reference>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>plugin BackWPup 1.5.2, 1.6.1, 1.7.1 Remote and Local Code Execution Vulnerability</title>
<reference>http://osvdb.org/71481</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="portable-phpmyadmin">
<vulnerability>
<title>portable-phpMyAdmin Authentication Bypass</title>
<reference>http://www.exploit-db.com/exploits/23356</reference>
<reference>http://secunia.com/advisories/51520/</reference>
<type>AUTHBYPASS</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="super-refer-a-friend">
<vulnerability>
<title>super-refer-a-friend Full Path Disclosure</title>
<reference>http://1337day.com/exploit/20126</reference>
<type>FPD</type>
<fixed_in>1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="w3-total-cache">
<vulnerability>
<title>W3-Total-Cache Username and Hash Extract</title>
<reference>http://seclists.org/fulldisclosure/2012/Dec/242</reference>
<reference>https://github.com/FireFart/W3TotalCacheExploit</reference>
<metasploit>auxiliary/gather/wp_w3_total_cache_hash_extract</metasploit>
<type>UNKNOWN</type>
<fixed_in>0.9.2.5</fixed_in>
</vulnerability>
<vulnerability>
<title>W3-Total-Cache Remote Code Execution</title>
<reference>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</reference>
<reference>http://wordpress.org/support/topic/pwn3d</reference>
<reference>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</reference>
<metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
<type>RCE</type>
<fixed_in>0.9.2.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-super-cache">
<vulnerability>
<title>WP-Super-Cache Remote Code Execution</title>
<reference>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</reference>
<reference>http://wordpress.org/support/topic/pwn3d</reference>
<reference>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</reference>
<type>RCE</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="ripe-hd-player">
<vulnerability>
<title>ripe-hd-player 1.0 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/24229/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>ripe-hd-player 1.0 Full Path Disclosure</title>
<reference>http://www.exploit-db.com/exploits/24229/</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="floating-tweets">
<vulnerability>
<title>floating-tweets persistent XSS</title>
<reference>http://packetstormsecurity.com/files/119499/floatingtweets-xsstraversal.txt</reference>
<reference>http://websecurity.com.ua/6023/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>floating-tweets directory traversal</title>
<reference>http://packetstormsecurity.com/files/119499/floatingtweets-xsstraversal.txt</reference>
<reference>http://websecurity.com.ua/6023/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="ipfeuilledechou">
<vulnerability>
<title>ipfeuilledechou SQL Injection Vulnerability</title>
<reference>http://www.exploit4arab.com/exploits/377</reference>
<reference>http://1337day.com/exploits/20206</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="simple-login-log">
<vulnerability>
<title>Simple Login Log Plugin XSS</title>
<reference>http://secunia.com/advisories/51780/</reference>
<type>XSS</type>
<fixed_in>0.9.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Simple Login Log Plugin SQL Injection</title>
<reference>http://secunia.com/advisories/51780/</reference>
<type>SQLI</type>
<fixed_in>0.9.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-slimstat">
<vulnerability>
<title>wp-slimstat XSS</title>
<reference>http://secunia.com/advisories/51721/</reference>
<type>XSS</type>
<fixed_in>2.8.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="browser-rejector">
<vulnerability>
<title>browser-rejector Remote and Local File Inclusion</title>
<reference>http://secunia.com/advisories/51739/</reference>
<type>LFI</type>
<fixed_in>2.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-file-uploader">
<vulnerability>
<title>WordPress File Uploader Plugin PHP File Upload Vulnerability</title>
<reference>http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cardoza-wordpress-poll">
<vulnerability>
<title>WordPress Poll Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/51925/</reference>
<type>CSRF</type>
<fixed_in>34.06</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin</title>
<reference>http://secunia.com/advisories/51942/</reference>
<reference>http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html</reference>
<reference>http://seclists.org/bugtraq/2013/Jan/86</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress Poll Plugin Multiple SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/50910/</reference>
<type>SQLI</type>
<fixed_in>33.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="devformatter">
<vulnerability>
<title>Wordpress Developer Formatter CSRF and XSS Vulnerability</title>
<reference>http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt</reference>
<reference>http://1337day.com/exploits/20210</reference>
<reference>http://secunia.com/advisories/51912/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="dvs-custom-notification">
<vulnerability>
<title>WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/51531/</reference>
<type>CSRF</type>
<fixed_in>1.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="events-manager">
<vulnerability>
<title>WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities</title>
<reference>http://secunia.com/advisories/51869/</reference>
<type>XSS</type>
<fixed_in>5.3.4</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress Events Manager Multiple Cross Site Scripting Vulnerabilities</title>
<reference>http://www.securityfocus.com/bid/60078</reference>
<reference>http://secunia.com/advisories/53478/</reference>
<reference>http://osvdb.org/93558</reference>
<type>XSS</type>
<fixed_in>5.3.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="solvemedia">
<vulnerability>
<title>WordPress SolveMedia CSRF Vulnerability</title>
<reference>http://1337day.com/exploit/20222</reference>
<reference>http://secunia.com/advisories/51927/</reference>
<type>CSRF</type>
<fixed_in>1.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="usc-e-shop">
<vulnerability>
<title>WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities</title>
<reference>http://secunia.com/advisories/51581/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="knews">
<vulnerability>
<title>WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/51543/</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="video-lead-form">
<vulnerability>
<title>WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/51419/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="woocommerce-predictive-search">
<vulnerability>
<title>WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/51385/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="woocommerce">
<vulnerability>
<title> WooCommerce index.php calc_shipping_state Parameter XSS</title>
<reference>http://osvdb.org/95480</reference>
<type>XSS</type>
<fixed_in>2.0.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce-predictive-search">
<vulnerability>
<title>WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/51384/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-tiger">
<vulnerability>
<title>WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability</title>
<reference>http://secunia.com/advisories/51305/</reference>
<type>UNKNOWN</type>
<fixed_in>1.1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-postviews">
<vulnerability>
<title>WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/50982/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/53127/</reference>
<type>CSRF</type>
<fixed_in>1.63</fixed_in>
</vulnerability>
</plugin>
<plugin name="dx-contribute">
<vulnerability>
<title>WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/51082/</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wysija-newsletters">
<vulnerability>
<title>SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin</title>
<reference>https://www.htbridge.com/advisory/HTB23140</reference>
<reference>http://packetstormsecurity.com/files/120089/wpwysijanl-sql.txt</reference>
<reference>http://seclists.org/bugtraq/2013/Feb/29</reference>
<reference>http://cxsecurity.com/issue/WLB-2013020039</reference>
<type>SQLI</type>
<fixed_in>2.2.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/51249/</reference>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
<fixed_in>2.1.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="hitasoft_player">
<vulnerability>
<title>WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability</title>
<reference>http://secunia.com/advisories/51179/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="spider-calendar">
<vulnerability>
<title>WordPress Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/50981/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dynamic-font-replacement-4wp">
<vulnerability>
<title>Wordpress Dynamic Font Replacement 1.3 plugin SQL Injection Vulnerability</title>
<reference>http://1337day.com/exploit/20239</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="form">
<vulnerability>
<title>WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/50983/</reference>
<type>XSS</type>
<fixed_in>1.2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="white-label-cms">
<vulnerability>
<title>WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/50487/</reference>
<type>CSRF</type>
<fixed_in>1.5.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="download-shortcode">
<vulnerability>
<title>Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability</title>
<reference>http://secunia.com/advisories/50924/</reference>
<type>LFI</type>
<fixed_in>0.2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="crayon-syntax-hightlighter">
<vulnerability>
<title>WordPress Crayon Syntax Highlighter Plugin "wp_load" Remote File Inclusion Vulnerability</title>
<reference>http://secunia.com/advisories/50804/</reference>
<type>RFI</type>
<fixed_in>1.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="eshop-magic">
<vulnerability>
<title>WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability</title>
<reference>http://secunia.com/advisories/50933/</reference>
<type>LFI</type>
<fixed_in>0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="pinterest-pin-it-button">
<vulnerability>
<title>WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities</title>
<reference>http://secunia.com/advisories/50868/</reference>
<type>MULTI</type>
<fixed_in>1.4.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="css-plus">
<vulnerability>
<title>WordPress CSS Plus Plugin Unspecified Vulnerabilities</title>
<reference>http://secunia.com/advisories/50793/</reference>
<type>UNKNOWN</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="multisite-plugin-manager">
<vulnerability>
<title>WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities</title>
<reference>http://secunia.com/advisories/50762/</reference>
<type>XSS</type>
<fixed_in>3.1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="abc-test">
<vulnerability>
<title>WordPress ABC Test Plugin "id" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/50608/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="token-manager">
<vulnerability>
<title>Wordpress Token Manager Plugin "tid" Cross-Site Scripting Vulnerabilities</title>
<reference>http://secunia.com/advisories/50722/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sexy-add-template">
<vulnerability>
<title>WordPress Sexy Add Template Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/50709/</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="notices">
<vulnerability>
<title>WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/50717/</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mf-gig-calendar">
<vulnerability>
<title>WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/50571/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-topbar">
<vulnerability>
<title>wp-topbar &lt;= 3.04 XSS in ZeroClipboard.swf</title>
<reference>http://1337day.com/exploit/20396</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/50693/</reference>
<type>CSRF</type>
<fixed_in>4.0.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="webplayer">
<vulnerability>
<title>WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/50466/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cloudsafe365-for-wp">
<vulnerability>
<title>WordPress Cloudsafe365 Plugin Multiple Vulnerabilities</title>
<reference>http://secunia.com/advisories/50392/</reference>
<type>MULTI</type>
<fixed_in>1.47</fixed_in>
</vulnerability>
</plugin>
<plugin name="vitamin">
<vulnerability>
<title>WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities</title>
<reference>http://secunia.com/advisories/50176/</reference>
<type>LFI</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="featured-post-with-thumbnail">
<vulnerability>
<title>WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability</title>
<reference>http://secunia.com/advisories/50161/</reference>
<type>UNKNOWN</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-effective-lead-management">
<vulnerability>
<title>WordPress WP Lead Management Plugin Script Insertion Vulnerabilities</title>
<reference>http://secunia.com/advisories/50166/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xve-various-embed">
<vulnerability>
<title>WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities
</title>
<reference>http://secunia.com/advisories/50173/</reference>
<type>XSS</type>
<fixed_in>1.0.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="g-lock-double-opt-in-manager">
<vulnerability>
<title>WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities</title>
<reference>http://secunia.com/advisories/50100/</reference>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="kau-boys-backend-localization">
<vulnerability>
<title>WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities</title>
<reference>http://secunia.com/advisories/50099/</reference>
<type>XSS</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="flexi-quote-rotator">
<vulnerability>
<title>WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/49910/</reference>
<type>MULTI</type>
<fixed_in>0.9.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="gotmls">
<vulnerability>
<title>WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/50030/</reference>
<type>XSS</type>
<fixed_in>1.2.07.20</fixed_in>
</vulnerability>
</plugin>
<plugin name="cimy-user-extra-fields">
<vulnerability>
<title>WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability</title>
<reference>http://secunia.com/advisories/49975/</reference>
<type>UPLOAD</type>
<fixed_in>2.3.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="nmedia-user-file-uploader">
<vulnerability>
<title>WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability</title>
<reference>http://secunia.com/advisories/49996/</reference>
<type>UPLOAD</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-explorer-gallery">
<vulnerability>
<title>wp-explorer-gallery Arbitrary File Upload Vulnerability</title>
<reference>http://www.1337day.com/exploit/20251</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="accordion">
<vulnerability>
<title>accordion Arbitrary File Upload Vulnerability</title>
<reference>http://www.1337day.com/exploit/20254</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-catpro">
<vulnerability>
<title>wp-catpro Arbitrary File Upload Vulnerability</title>
<reference>http://www.1337day.com/exploit/20256</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="RLSWordPressSearch">
<vulnerability>
<title>Wordpress RLSWordPressSearch plugin SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/24440/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wordpress-simple-shout-box">
<vulnerability>
<title>wordpress-simple-shout-box Plugin SQL Injection</title>
<reference>http://cxsecurity.com/issue/WLB-2013010235</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="portfolio-slideshow-pro">
<vulnerability>
<title>Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection </title>
<reference>http://cxsecurity.com/issue/WLB-2013010236</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="simple-history">
<vulnerability>
<title>WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness</title>
<reference>http://secunia.com/advisories/51998/</reference>
<type>UNKNOWN</type>
<fixed_in>1.0.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="p1m-media-manager">
<vulnerability>
<title>WordPress p1m media manager plugin SQL Injection Vulnerability</title>
<reference>http://www.1337day.com/exploit/20270</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-table-reloaded">
<vulnerability>
<title>wp-table-reloaded &lt;= 1.9.3 XSS in ZeroClipboard.swf</title>
<reference>http://1337day.com/exploit/20396</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Wordpress wp-table-reloaded plugin cross-site scripting in SWF</title>
<reference>http://packetstormsecurity.com/files/119968/wptablereloaded-xss.txt</reference>
<reference>http://secunia.com/advisories/52027/</reference>
<reference>http://seclists.org/bugtraq/2013/Feb/28</reference>
<type>XSS</type>
<fixed_in>1.9.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-gallery">
<vulnerability>
<title>WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability</title>
<reference>http://secunia.com/advisories/51347/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="forumconverter">
<vulnerability>
<title>Wordpress plugins ForumConverter SQL Injection Vulnerability</title>
<reference>http://www.1337day.com/exploit/20275</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="newsletter">
<vulnerability>
<title>WordPress plugins Newsletter SQL Injection Vulnerability</title>
<reference>http://www.1337day.com/exploit/20287</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress Newsletter Plugin "alert" Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/53398/</reference>
<reference>http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php</reference>
<type>XSS</type>
<fixed_in>3.2.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="commentluv">
<vulnerability>
<title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin</title>
<reference>https://www.htbridge.com/advisory/HTB23138</reference>
<reference>http://packetstormsecurity.com/files/120090/wpcommentluv-xss.txt</reference>
<reference>http://seclists.org/bugtraq/2013/Feb/30</reference>
<reference>http://cxsecurity.com/issue/WLB-2013020040</reference>
<reference>http://secunia.com/advisories/52092/</reference>
<type>XSS</type>
<fixed_in>2.92.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-forum">
<vulnerability>
<title>Wordpress wp-forum plugin SQL Injection</title>
<reference>http://cxsecurity.com/issue/WLB-2013020035</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-ecommerce-shop-styling">
<vulnerability>
<title>WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability</title>
<reference>http://secunia.com/advisories/51707/</reference>
<type>RFI</type>
<fixed_in>1.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="audio-player">
<vulnerability>
<title>Wordpress Audio Player Plugin XSS in SWF</title>
<reference>http://seclists.org/bugtraq/2013/Feb/35</reference>
<reference>http://secunia.com/advisories/52083/</reference>
<type>XSS</type>
<fixed_in>2.0.4.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="ckeditor-for-wordpress">
<vulnerability>
<title>Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit</title>
<reference>http://1337day.com/exploit/20318</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="myftp-ftp-like-plugin-for-wordpress">
<vulnerability>
<title>wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection</title>
<reference>http://cxsecurity.com/issue/WLB-2013020061</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-online-store">
<vulnerability>
<title>WordPress WP Online Store Plugin 1.3.1 downloaded before 2013-01-17 File Disclosure and File Inclusion Vulnerabilities</title>
<reference>http://secunia.com/advisories/50836/</reference>
<reference>http://ceriksen.com/2013/02/18/wordpress-online-store-arbitrary-file-disclosure/</reference>
<reference>http://ceriksen.com/2013/02/18/wordpress-online-store-local-file-inclusion-vulnerability/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="password-protected">
<vulnerability>
<title>Password Protected 1.4 Login Process redirect_to Parameter Arbitrary Site Redirect</title>
<reference>http://osvdb.org/90559</reference>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="contact-form-plugin">
<vulnerability>
<title>Contact Form Plugin XSS</title>
<reference>http://osvdb.org/90503</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="smart-flv">
<vulnerability>
<title>smart-flv jwplayer.swf XSS</title>
<reference>http://www.openwall.com/lists/oss-security/2013/02/24/7</reference>
<reference>http://packetstormsecurity.com/files/115100/jwplayer-xss.txt</reference>
<reference>http://osvdb.org/90606</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="GoogleAlertandtwitterplugin">
<vulnerability>
<title>Google Alert And Twitter v.3.1.5 XSS Exploit, SQL Injection</title>
<reference>http://1337day.com/exploits/20433</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="php-shell">
<vulnerability>
<title>PHP Shell Plugin</title>
<reference>https://github.com/wpscanteam/wpscan/issues/138</reference>
<reference>http://plugins.svn.wordpress.org/php-shell/trunk/shell.php</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="marekkis-watermark">
<vulnerability>
<title>Marekkis Watermark Cross Site Scripting</title>
<reference>http://packetstormsecurity.com/files/120378/wpmarekkiswatermark-xss.txt</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="responsive-logo-slideshow">
<vulnerability>
<title>Responsive Logo Slideshow Cross Site Scripting</title>
<reference>http://packetstormsecurity.com/files/120379/wpresponsivelogo-xss.txt</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="zopim-live-chat">
<vulnerability>
<title>zopim-live-chat &lt;= 1.2.5 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ed2k-link-selector">
<vulnerability>
<title>ed2k-link-selector &lt;= 1.1.7 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wppygments">
<vulnerability>
<title>wppygments &lt;= 0.3.2 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="copy-in-clipboard">
<vulnerability>
<title>copy-in-clipboard &lt;= 0.8 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="search-and-share">
<vulnerability>
<title>search-and-share &lt;= 0.9.3 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="placester">
<vulnerability>
<title>placester &lt;= 0.3.12 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="drp-coupon">
<vulnerability>
<title>drp-coupon &lt;= 2.1 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="coupon-code-plugin">
<vulnerability>
<title>coupon-code-plugin &lt;= 2.1 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="q2w3-inc-manager">
<vulnerability>
<title>q2w3-inc-manager &lt;= 2.3.1 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="scorerender">
<vulnerability>
<title>scorerender &lt;= 0.3.4 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-link-to-us">
<vulnerability>
<title>wp-link-to-us &lt;= 2.0 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="buckets">
<vulnerability>
<title>buckets &lt;= 0.1.9.2 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="java-trackback">
<vulnerability>
<title>java-trackback &lt;= 0.2 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slidedeck2">
<vulnerability>
<title>slidedeck2 &lt;= 2.1.20130228 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-clone-by-wp-academy">
<vulnerability>
<title>wp-clone-by-wp-academy &lt;= 2.1.1 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="tiny-url">
<vulnerability>
<title>tiny-url &lt;= 1.3.2 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="thethe-layout-grid">
<vulnerability>
<title>thethe-layout-grid &lt;= 1.0.0 XSS in ZeroClipboard.</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="paypal-digital-goods-monetization-powered-by-cleeng">
<vulnerability>
<title>paypal-digital-goods-monetization-powered-by-cleeng &lt;= 2.2.13 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mobileview">
<vulnerability>
<title>mobileview &lt;= 1.0.7 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="jaspreetchahals-coupons-lite">
<vulnerability>
<title>jaspreetchahals-coupons-lite &lt;= 2.1 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="geshi-source-colorer">
<vulnerability>
<title>geshi-source-colorer &lt;= 0.13 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="click-to-copy-grab-box">
<vulnerability>
<title>click-to-copy-grab-box &lt;= 0.1.1 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cleeng">
<vulnerability>
<title>cleeng &lt;= 2.3.2 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bp-code-snippets">
<vulnerability>
<title>bp-code-snippets &lt;= 2.0 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="snazzy-archives">
<vulnerability>
<title>snazzy-archives &lt;= 1.7.1 XSS vulnerability</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/3</reference>
<cve>2009-4168</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="vkontakte-api">
<vulnerability>
<title>vkontakte-api XSS vulnerability</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/11/1</reference>
<cve>2009-4168</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="terillion-reviews">
<vulnerability>
<title>Terillion Reviews Cross Site Scripting</title>
<reference>http://packetstormsecurity.com/files/120730/wpterillionreviews-xss.txt</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="o2s-gallery">
<vulnerability>
<title>o2s-gallery plugin Cross Site Scripting Vulnerability</title>
<reference>http://1337day.com/exploit/20516</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bp-gallery">
<vulnerability>
<title>bp-gallery plugin v1.2.5 Cross Site Scripting Vulnerability</title>
<reference>http://1337day.com/exploit/20518</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simply-poll">
<vulnerability>
<title>Simply Poll Plugin 1.4.1 - Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/24850/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="occasions">
<vulnerability>
<title>Occasions Plugin 1.0.4 - CSRF Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/24858/</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mathjax-latex">
<vulnerability>
<title>Mathjax Latex 1.1 CSRF Vulnerability</title>
<reference>http://1337day.com/exploit/20566</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wp-banners-lite">
<vulnerability>
<title>XSS vulnerability on WP-Banners-Lite</title>
<reference>http://seclists.org/fulldisclosure/2013/Mar/209</reference>
<reference>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="backupbuddy">
<vulnerability>
<title>Backupbuddy - sensitive data exposure in importbuddy.php</title>
<reference>http://seclists.org/fulldisclosure/2013/Mar/206</reference>
<reference>http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wp-funeral-press">
<vulnerability>
<title>WP FuneralPress - Stored XSS in Guestbook</title>
<reference>http://seclists.org/fulldisclosure/2013/Mar/282</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="chikuncount">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/24492/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="open-flash-chart-core-wordpress-plugin">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/24492/</reference>
<reference>http://secunia.com/advisories/37903</reference>
<cve>2009-4140</cve>
<type>UPLOAD</type>
<fixed_in>0.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="spamtask">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/24492/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="php-analytics">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/24492/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="seo-spy-google-wordpress-plugin">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/24492/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-seo-spy-google">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/24492/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="podpress">
<vulnerability>
<title>podPress 8.8.10.13 Cross Site Scripting</title>
<reference>http://packetstormsecurity.com/files/121011/WordPress-podPress-8.8.10.13-Cross-Site-Scripting.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fbsurveypro">
<vulnerability>
<title>fbsurveypro XSS Vulnerability</title>
<reference>http://1337day.com/exploit/20623</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="timelineoptinpro">
<vulnerability>
<title>timelineoptinpro XSS Vulnerability</title>
<reference>http://1337day.com/exploit/20620</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="kioskprox">
<vulnerability>
<title>kioskprox XSS Vulnerability</title>
<reference>http://1337day.com/exploit/20624</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bigcontact">
<vulnerability>
<title>bigcontact SQLI</title>
<reference>http://plugins.trac.wordpress.org/changeset/689798</reference>
<type>SQLI</type>
<fixed_in>1.4.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="drawblog">
<vulnerability>
<title>drawblog CSRF</title>
<reference>http://plugins.trac.wordpress.org/changeset/691178</reference>
<type>CSRF</type>
<fixed_in>0.81</fixed_in>
</vulnerability>
</plugin>
<plugin name="social-media-widget">
<vulnerability>
<title>social-media-widget malicious code</title>
<reference>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</reference>
<reference>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</reference>
<type>UNKNOWN</type>
<fixed_in>4.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="facebook-members">
<vulnerability>
<title>facebook-members CSRF</title>
<reference>https://secunia.com/advisories/52962/</reference>
<cve>2013-2703</cve>
<type>CSRF</type>
<fixed_in>5.0.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="foursquare-checkins">
<vulnerability>
<title>foursquare-checkins CSRF</title>
<reference>https://secunia.com/advisories/53151/</reference>
<cve>2013-2709</cve>
<type>CSRF</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="formidable">
<vulnerability>
<title>formidable Pro Unspecified Vulnerabilities</title>
<reference>https://secunia.com/advisories/53121/</reference>
<type>UNKNOWN</type>
<fixed_in>1.06.09</fixed_in>
</vulnerability>
</plugin>
<plugin name="all-in-one-webmaster">
<vulnerability>
<title>all-in-one-webmaster CSRF</title>
<reference>https://secunia.com/advisories/52877/</reference>
<cve>2013-2696</cve>
<type>CSRF</type>
<fixed_in>8.2.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="background-music">
<vulnerability>
<title>background-music 1.0 jPlayer.swf XSS</title>
<reference>https://secunia.com/advisories/53057/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="haiku-minimalist-audio-player">
<vulnerability>
<title>haiku-minimalist-audio-player &lt;= 1.0.0 jPlayer.swf XSS</title>
<reference>https://secunia.com/advisories/51336/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="jammer">
<vulnerability>
<title>jammer &lt;= 0.2 jPlayer.swf XSS</title>
<reference>https://secunia.com/advisories/53106/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="syntaxhighlighter">
<vulnerability>
<title>syntaxhighlighter clipboard.swf XSS</title>
<reference>https://secunia.com/advisories/53235/</reference>
<type>XSS</type>
<fixed_in>3.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="top-10">
<vulnerability>
<title>top-10 CSRF</title>
<reference>https://secunia.com/advisories/53205/</reference>
<type>CSRF</type>
<fixed_in>1.9.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="easy-adsense-lite">
<vulnerability>
<title>easy-adsense-lite CSRF</title>
<reference>https://secunia.com/advisories/52953/</reference>
<cve>2013-2702</cve>
<type>CSRF</type>
<fixed_in>6.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="uk-cookie">
<vulnerability>
<title>uk-cookie plugin XSS</title>
<reference>http://osvdb.org/87561</reference>
<reference>http://seclists.org/bugtraq/2012/Nov/50</reference>
<cve>2012-5856</cve>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>uk-cookie CSRF</title>
<reference>http://www.openwall.com/lists/oss-security/2013/06/06/10</reference>
<reference>http://osvdb.org/94032</reference>
<cve>2013-2180</cve>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wp-cleanfix">
<vulnerability>
<title>wp-cleanfix Remote Command Execution, CSRF and XSS</title>
<reference>https://github.com/wpscanteam/wpscan/issues/186</reference>
<reference>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</reference>
<reference>http://osvdb.org/93450</reference>
<reference>http://secunia.com/advisories/53395/</reference>
<reference>http://osvdb.org/93468</reference>
<cve>2013-2108</cve>
<cve>2013-2109</cve>
<type>MULTI</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="mail-on-update">
<vulnerability>
<title>mail-on-update plugin CSRF</title>
<reference>http://secunia.com/advisories/53449/</reference>
<reference>http://www.openwall.com/lists/oss-security/2013/05/16/8</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="advanced-xml-reader">
<vulnerability>
<title>Advanced XML Reader Plugin for WordPress XML External Entity (XXE) Data Parsing Arbitrary File Disclosure</title>
<reference>http://seclists.org/bugtraq/2013/May/5</reference>
<reference>http://osvdb.org/92904</reference>
<type>XXE</type>
</vulnerability>
</plugin>
<plugin name="related-posts-by-zemanta">
<vulnerability>
<title>WordPress Related Posts by Zemanta Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/53321/</reference>
<type>CSRF</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-23-related-posts-plugin">
<vulnerability>
<title>WordPress WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/53279/</reference>
<type>CSRF</type>
<fixed_in>2.6.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="related-posts">
<vulnerability>
<title>WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/53122/</reference>
<type>CSRF</type>
<fixed_in>2.7.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-print-friendly">
<vulnerability>
<title>WordPress WP Print Friendly Plugin Security Bypass Vulnerability</title>
<reference>http://secunia.com/advisories/53371/</reference>
<type>UNKNOWN</type>
<fixed_in>0.5.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="contextual-related-posts">
<vulnerability>
<title>WordPress Contextual Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/52960/</reference>
<type>CSRF</type>
<fixed_in>1.8.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="calendar">
<vulnerability>
<title>WordPress Calendar Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/52841/</reference>
<type>CSRF</type>
<fixed_in>1.3.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="feedweb">
<vulnerability>
<title>WordPress Feedweb Plugin 'wp_post_id' Parameter XSS</title>
<reference>http://www.securityfocus.com/bid/58771</reference>
<type>XSS</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-print">
<vulnerability>
<title>WordPress WP-Print Plugin CSRF</title>
<reference>http://www.securityfocus.com/bid/58900</reference>
<type>CSRF</type>
<fixed_in>2.52</fixed_in>
</vulnerability>
</plugin>
<plugin name="trafficanalyzer">
<vulnerability>
<title>WordPress WP-Print Plugin CSRF</title>
<reference>http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-download-manager">
<vulnerability>
<title>WordPress WP-DownloadManager Plugin CSRF</title>
<reference>http://www.securityfocus.com/bid/58937</reference>
<type>CSRF</type>
<fixed_in>1.61</fixed_in>
</vulnerability>
</plugin>
<plugin name="digg-digg">
<vulnerability>
<title>Digg Digg CSRF</title>
<reference>http://wordpress.org/plugins/digg-digg/changelog/</reference>
<reference>http://secunia.com/advisories/53120/</reference>
<reference>http://osvdb.org/93544</reference>
<type>CSRF</type>
<fixed_in>5.3.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="ssquiz">
<vulnerability>
<title>SS Quiz Plugin Multiple Unspecified Vulnerabilities</title>
<reference>http://wordpress.org/plugins/ssquiz/changelog/</reference>
<reference>http://secunia.com/advisories/53378/</reference>
<reference>http://osvdb.org/93531</reference>
<type>UNKNOWN</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="funcaptcha">
<vulnerability>
<title>FunCaptcha CSRF</title>
<reference>http://wordpress.org/extend/plugins/funcaptcha/changelog/</reference>
<type>UNKNOWN</type>
<fixed_in>0.33</fixed_in>
</vulnerability>
</plugin>
<plugin name="xili-language">
<vulnerability>
<title>xili-language XSS</title>
<reference>http://wordpress.org/plugins/xili-language/changelog/</reference>
<type>XSS</type>
<fixed_in>2.8.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-seo">
<vulnerability>
<title>Security issue which allowed any user to reset settings</title>
<reference>http://wordpress.org/plugins/wordpress-seo/changelog/</reference>
<type>UNKNOWN</type>
<fixed_in>1.4.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="underconstruction">
<vulnerability>
<title>CSRF in WordPress underConstruction plugin</title>
<reference>http://wordpress.org/plugins/underconstruction/changelog/</reference>
<reference>http://secunia.com/advisories/52881/</reference>
<reference>http://osvdb.org/93857</reference>
<cve>2013-2699</cve>
<type>CSRF</type>
<fixed_in>1.09</fixed_in>
</vulnerability>
</plugin>
<plugin name="adif-log-search-widget">
<vulnerability>
<title>ADIF Log Search Widget XSS Arbitrary Vulnerability</title>
<reference>http://packetstormsecurity.com/files/121777/ADIF-Log-Search-Widget-1.0e-Cross-Site-Scripting.html</reference>
<reference>http://secunia.com/advisories/53599/</reference>
<reference>http://osvdb.org/93721</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="exploit-scanner">
<vulnerability>
<title>FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress</title>
<reference>http://seclists.org/fulldisclosure/2013/May/216</reference>
<reference>http://osvdb.org/93799</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="ga-universal">
<vulnerability>
<title>FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress</title>
<reference>http://wordpress.org/plugins/ga-universal/changelog/</reference>
<type>XSS</type>
<fixed_in>1.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="export-to-text">
<vulnerability>
<title>Remote File Inclusion Vulnerability</title>
<reference>http://secunia.com/advisories/51348/</reference>
<reference>http://osvdb.org/93715</reference>
<type>RFI</type>
<fixed_in>2.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="qtranslate">
<vulnerability>
<title>WordPress qTranslate Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/53126/</reference>
<reference>http://osvdb.org/93873</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="image-slider-with-description">
<vulnerability>
<title>Image slider with description Plugin Unspecified Vulnerability</title>
<reference>http://secunia.com/advisories/53588/</reference>
<reference>http://osvdb.org/93691</reference>
<type>UNKNOWN</type>
<fixed_in>7.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="user-role-editor">
<vulnerability>
<title>User Role Editor Plugin Cross-Site Request Forgery Vulnerability</title>
<reference>http://secunia.com/advisories/53593/</reference>
<reference>http://osvdb.org/93699</reference>
<reference>http://www.exploit-db.com/exploits/25721</reference>
<type>CSRF</type>
<fixed_in>3.14</fixed_in>
</vulnerability>
</plugin>
<plugin name="eelv-newsletter">
<vulnerability>
<title>EELV Newsletter Plugin Cross-Site Scripting Vulnerability</title>
<reference>http://secunia.com/advisories/53546/</reference>
<reference>http://osvdb.org/93685</reference>
<type>XSS</type>
<fixed_in>3.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="frontier-post">
<vulnerability>
<title>Frontier Post Plugin Publishing Posts Security Bypass</title>
<reference>http://secunia.com/advisories/53474/</reference>
<reference>http://osvdb.org/93639</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="spider-catalog">
<vulnerability>
<title>Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities</title>
<reference>http://secunia.com/advisories/53491/</reference>
<reference>http://osvdb.org/93591</reference>
<reference>http://osvdb.org/93593</reference>
<reference>http://osvdb.org/93594</reference>
<reference>http://osvdb.org/93595</reference>
<reference>http://osvdb.org/93596</reference>
<reference>http://osvdb.org/93597</reference>
<reference>http://osvdb.org/93598</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="spider-event-calendar">
<vulnerability>
<title>Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities</title>
<reference>http://secunia.com/advisories/53481/</reference>
<reference>http://osvdb.org/93584</reference>
<reference>http://osvdb.org/93585</reference>
<reference>http://osvdb.org/93586</reference>
<reference>http://osvdb.org/93587</reference>
<reference>http://osvdb.org/93588</reference>
<reference>http://osvdb.org/93582</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="antivirus">
<vulnerability>
<title>FPD and Security bypass vulnerabilities in AntiVirus for WordPress</title>
<reference>http://seclists.org/fulldisclosure/2013/Jun/0</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-maintenance-mode">
<vulnerability>
<title>WP Maintenance Mode Setting Manipulation CSRF</title>
<reference>http://osvdb.org/94450</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="ultimate-auction">
<vulnerability>
<title>ultimate Auction Auction Creation CSRF</title>
<reference>http://osvdb.org/94407</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mapsmarker">
<vulnerability>
<title>Leaflet Maps Marker Tag Multiple Parameter SQL Injection</title>
<reference>http://osvdb.org/94388</reference>
<type>SQLI</type>
<fixed_in>3.5.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="xorbin-analog-flash-clock">
<vulnerability>
<title>Xorbin Analog Flash Clock 1.0 Flash-based XSS</title>
<reference>http://advisory.prakharprasad.com/xorbin_afc_wp.txt</reference>
<cve>2013-4692</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xorbin-digital-flash-clock">
<vulnerability>
<title>Xorbin Digital Flash Clock 1.0 Flash-based XSS</title>
<reference>http://advisory.prakharprasad.com/xorbin_dfc_wp.txt</reference>
<cve>2013-4693</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dropdown-menu-widget">
<vulnerability>
<title>Dropdown Menu Widget Script Insertion CSRF</title>
<reference>http://osvdb.org/94771</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="buddypress-extended-friendship-request">
<vulnerability>
<title>BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS</title>
<reference>http://osvdb.org/94807</reference>
<type>XSS</type>
<fixed_in>1.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-private-messages">
<vulnerability>
<title>wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection</title>
<reference>http://osvdb.org/94702</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="stream-video-player">
<vulnerability>
<title>Stream Video Player Plugin for WordPress Setting Manipulation CSRF</title>
<reference>http://osvdb.org/94466</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="duplicator">
<vulnerability>
<title>Duplicator installer.cleanup.php package Parameter XSS</title>
<reference>http://osvdb.org/95627</reference>
<cve>2013-4625</cve>
<type>XSS</type>
<fixed_in>0.4.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="citizen-space">
<vulnerability>
<title>Citizen Space Script Insertion CSRF</title>
<reference>http://osvdb.org/95570</reference>
<type>CSRF</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="spicy-blogroll">
<vulnerability>
<title>Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
<reference>http://osvdb.org/95557</reference>
<reference>www.exploit-db.com/exploits/26804</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="pie-register">
<vulnerability>
<title>Pie Register wp-login.php Multiple Parameter XSS</title>
<reference>http://osvdb.org/95160</reference>
<type>XSS</type>
<fixed_in>1.31</fixed_in>
</vulnerability>
</plugin>
<plugin name="xhanch-my-twitter">
<vulnerability>
<title>CSRF in admin/setting.php in Xhanch</title>
<reference>http://secunia.com/advisories/53133</reference>
<cve>2013-3253</cve>
<type>CSRF</type>
<fixed_in>2.7.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="sexybookmarks">
<vulnerability>
<title>CSRF in sexybookmarks</title>
<reference>http://wordpress.org/plugins/sexybookmarks/changelog/</reference>
<cve>2013-3256</cve>
<type>CSRF</type>
<fixed_in>6.1.5.0</fixed_in>
</vulnerability>
</plugin>
</vulnerabilities>
Reference in New Issue View Git Blame Copy Permalink