garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
650550363df8778e4e3e47c3ec3cfd03d3eab12c
wpscan/data/plugin_vulns.xml
Charlie Eriksen 650550363d Fixing line ending 
This is getting annoying. But for some reason, my local line ending and
remote line ending were different. That's fixed now.
2013-01-12 17:06:25 +00:00

2996 lines
99 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!--
WPScan - WordPress Security Scanner
Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
ryandewhurst at gmail
This file contains vulnerabilities associated with WordPress plugins.
TYPE = ["SQLI", "MULTI", "REDIRECT", "RCE", "RFI", "LFI", "UPLOAD", "UNKNOWN", "XSS", "CSRF", "AUTHBYPASS", "FPD"]
<plugin name="">
<vulnerability>
<title></title>
<reference></reference>
<type></type>
</vulnerability>
</plugin>
-->
<vulnerabilities>
<plugin name="crayon-syntax-highlighter">
<vulnerability>
<title>Crayon Syntax Highlighter Remote File Inclusion</title>
<reference>http://secunia.com/advisories/50804/</reference>
<reference>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="ungallery">
<vulnerability>
<title>UnGallery Arbitrary Command Execution</title>
<reference>http://secunia.com/advisories/50875/</reference>
<reference>http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="thanks-you-counter-button">
<vulnerability>
<title>Thank You Counter Button XSS</title>
<reference>http://secunia.com/advisories/50977/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bookings">
<vulnerability>
<title>Bookings XSS</title>
<reference>http://secunia.com/advisories/50975/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cimy-user-manager">
<vulnerability>
<title>Cimy User Manager Arbitrary File Disclosure</title>
<reference>http://secunia.com/advisories/50834/</reference>
<reference>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="fs-real-estate-plugin">
<vulnerability>
<title>FireStorm Professional Real Estate Plugin Multiple SQL Injection</title>
<reference>http://secunia.com/advisories/50873/</reference>
<reference>http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp125">
<vulnerability>
<title>WP125 Multiple XSS</title>
<reference>http://secunia.com/advisories/50976/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="all-video-gallery">
<vulnerability>
<title>All Video Gallery </title>
<reference>http://secunia.com/advisories/50874/</reference>
<reference>http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="buddystream">
<vulnerability>
<title>BuddyStream XSS</title>
<reference>http://secunia.com/advisories/50972/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="post-views">
<vulnerability>
<title>post-views XSS</title>
<reference>http://secunia.com/advisories/50982/</reference>
<type>XS</type>
</vulnerability>
</plugin>
<plugin name="floating-social-media-links">
<vulnerability>
<title>Floating Social Media Links Remote File Inclusion</title>
<reference>http://secunia.com/advisories/51346/</reference>
<reference>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-forum">
<vulnerability>
<title>Zingiri Forum Arbitrary File Disclosure</title>
<reference>http://secunia.com/advisories/50833/</reference>
<reference>http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="google-document-embedder">
<vulnerability>
<title>Google Document Embedder Arbitrary File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/23970/</reference>
<reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="extended-user-profile">
<vulnerability>
<title>extended-user-profile Full Path Disclosure vulnerability</title>
<reference>http://1337day.com/exploit/20118</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="superslider-show">
<vulnerability>
<title>superslider-show Full Path Disclosure vulnerability</title>
<reference>http://1337day.com/exploit/20117</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wordpress-multibox-plugin">
<vulnerability>
<title>multibox plugin Full Path Disclosure vulnerability</title>
<reference>http://1337day.com/exploit/20119</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="contest/OpenInviter">
<vulnerability>
<title>OpenInviter Information Disclosure</title>
<reference>http://packetstormsecurity.com/files/119265/WordPress-OpenInviter-Information-Disclosure.html</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="RokBox">
<vulnerability>
<title>RokBox Multiple Vulnerabilities</title>
<reference>http://1337day.com/exploit/19981</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="grou-random-image-widget">
<vulnerability>
<title>grou-random-image-widget Full Path Disclosure</title>
<reference>http://1337day.com/exploit/20047</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="sintic_gallery">
<vulnerability>
<title>sintic_gallery Arbitrary File Upload Vulnerability</title>
<reference>http://1337day.com/exploit/19993</reference>
<!-- Metasploit : <reference>http://1337day.com/exploit/20065</reference> -->
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>sintic_gallery Path Disclosure Vulnerability</title>
<reference>http://1337day.com/exploit/20020</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wp-useronline">
<vulnerability>
<title>WP-UserOnline Full Path Disclosure</title>
<reference>http://seclists.org/fulldisclosure/2010/Jul/8</reference>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Wp-UserOnline &lt;= 0.62 Persistent XSS</title>
<reference>http://seclists.org/fulldisclosure/2010/Jul/8</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="levelfourstorefront">
<vulnerability>
<title>Shopping Cart 8.1.14 Shell Upload / SQL Injection</title>
<reference>http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="reflex-gallery">
<vulnerability>
<title>ReFlex Gallery &lt;= 1.4 Shell Upload</title>
<reference>http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="uploader">
<vulnerability>
<title>Uploader 1.0.4 Shell Upload</title>
<reference>http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="xerte-online">
<vulnerability>
<title>Xerte Online 0.32 Shell Upload</title>
<reference>http://packetstormsecurity.com/files/119220/wpxerteonline-shell.txt</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="advanced-custom-fields">
<vulnerability>
<title>Advanced Custom Fields &lt;= 3.5.1 Remote File Inclusion</title>
<reference>http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="sitepress-multilingual-cms">
<vulnerability>
<title>Wordpress sitepress-multilingual-cms Full Path Disclosure</title>
<reference>http://1337day.com/exploit/20067</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="asset-manager">
<vulnerability>
<title>WordPress plugin Asset manager upload.php Arbitrary Code Execution</title>
<reference>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="apptha-banner">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="apptha-slider-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="blaze-slide-show-for-wordpress">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="comment-extra-field">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-rich-inline-edit">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-pager">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-uploader">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-ui-options">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fresh-page">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mac-dock-photogallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pdw-file-browser">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="power-zoomer">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slide-show-pro">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="smart-slide-show">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="spotlightyour">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sprapid">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ultimate-tinymce">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-3dbanner-rotator">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-3dflick-slideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-bliss-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-carouselslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-dreamworkgallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-ecommerce-cvs-importer">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-extended">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-flipslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-homepage-slideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-image-news-slider">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-levoslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-matrix-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-powerplaygallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-royal-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-superb-slideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp superb Slideshow Full Path Disclosure</title>
<reference>http://1337day.com/exploit/19979</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wp-vertical-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-yasslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cardoza-ajax-search">
<vulnerability>
<title>Ajax Post Search 1.1 Sql Injection</title>
<reference>http://seclists.org/bugtraq/2012/Nov/33</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="answer-my-question">
<vulnerability>
<title>Answer My Question 1.1 Multiple XSS</title>
<reference>http://www.securityfocus.com/archive/1/524625/30/0/threaded</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="catalog">
<vulnerability>
<title>Catalog HTML Code Injection and Cross-site scripting</title>
<reference>http://packetstormsecurity.org/files/117820/wpcatalog-xss.txt</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wordfence">
<vulnerability>
<title>Wordfence 3.3.5 XSS and IAA</title>
<reference>http://seclists.org/fulldisclosure/2012/Oct/139</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="slideshow-jquery-image-gallery">
<vulnerability>
<title>Slideshow jQuery Image Gallery Multiple Vulnerabilities</title>
<reference>http://www.waraxe.us/advisory-92.html</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="social-discussions">
<vulnerability>
<title>Social Discussions Multiple Vulnerabilities</title>
<reference>http://www.waraxe.us/advisory-93.html</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="abtest">
<vulnerability>
<title>ABtest Directory Traversal </title>
<reference>http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="bbpress">
<vulnerability>
<title>BBPress SQL Injection / Path Disclosure</title>
<reference>http://packetstormsecurity.org/files/116123</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="nextgen_cu3er_gallery">
<vulnerability>
<title>NextGen Cu3er Gallery Information Disclosure</title>
<reference>http://packetstormsecurity.org/files/116150</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="rich-widget">
<vulnerability>
<title>Rich Widget File Upload</title>
<reference>http://packetstormsecurity.org/files/115787/wprichwidget-shell.txt</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="monsters-editor-10-for-wp-super-edit">
<vulnerability>
<title>Monsters Editor Shell Upload</title>
<reference>http://packetstormsecurity.org/files/115788/wpmonsters-shell.txt</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="quick-post-widget">
<vulnerability>
<title>Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities</title>
<reference>http://seclists.org/bugtraq/2012/Aug/66</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="threewp-email-reflector">
<vulnerability>
<title>ThreeWP Email Reflector 1.13 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/20365/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-simplemail">
<vulnerability>
<title>SimpleMail 1.0.6 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/20361/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="postie">
<vulnerability>
<title>Postie 1.4.3 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/20360/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="rsvpmaker">
<vulnerability>
<title>RSVPMaker v2.5.4 Persistent XSS</title>
<reference>http://www.exploit-db.com/exploits/20474/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mz-jajak">
<vulnerability>
<title>Mz-jajak &lt;= 2.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/20416/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="resume-submissions-job-postings">
<vulnerability>
<title>Resume Submissions Job Posting v2.5.1 Unrestricted File Upload</title>
<reference>http://www.packetstormsecurity.org/files/114716</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-predict">
<vulnerability>
<title>WP-Predict v1.0 Blind SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/19715/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="backup">
<vulnerability>
<title>Backup Plugin 2.0.1 Information Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19524/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="moodthingy-mood-rating-widget">
<vulnerability>
<title>MoodThingy Widget v0.8.7 Blind SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/19572/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="paid-business-listings">
<vulnerability>
<title>Paid Business Listings v1.0.2 Blind SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/19481/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="website-faq">
<vulnerability>
<title>Website FAQ Plugin v1.0 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/19400/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="radykal-fancy-gallery">
<vulnerability>
<title>Fancy Gallery 1.2.4 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/114114/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="flipbook">
<vulnerability>
<title>Flip Book 1.0 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/114112/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="ajax_multi_upload">
<vulnerability>
<title>Ajax Multi Upload 1.1 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/114109/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="schreikasten">
<vulnerability>
<title>Schreikasten 0.14.13 XSS</title>
<reference>http://www.exploit-db.com/exploits/19294/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-automatic">
<vulnerability>
<title>Wordpress Automatic 2.0.3 CSRF</title>
<reference>http://packetstormsecurity.org/files/113763/</reference>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="videowhisper-video-conference-integration">
<vulnerability>
<title>VideoWhisper Video Conference
4.51 Arbitrary File Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/113580/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="auctionplugin">
<vulnerability>
<title>Auctions Plugin 2.0.1.3 Arbitrary
File Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/113568/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lb-mixed-slideshow">
<vulnerability>
<title>LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/113844/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lim4wp">
<vulnerability>
<title>Lim4wp 1.1.1 Arbitrary File Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/113846/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-imagezoom">
<vulnerability>
<title>Wp-ImageZoom 1.0.3 Remote File Disclosure</title>
<reference>http://packetstormsecurity.org/files/113845/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="invit0r">
<vulnerability>
<title>Invit0r 0.22 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/113639/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="announces">
<vulnerability>
<title>Annonces 1.2.0.1 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/113637/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="contus-video-galleryversion-10">
<vulnerability>
<title>Contus Video Gallery 1.3 Arbitrary
File Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/113571/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="contus-hd-flv-player">
<vulnerability>
<title>Contus HD FLV Player 1.7 Arbitrary
File Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/113570/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="user-meta">
<vulnerability>
<title>User Meta Version 1.1.1 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19052/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="topquark">
<vulnerability>
<title>Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19053/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="sfbrowser">
<vulnerability>
<title>SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19054/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="pica-photo-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19055/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="mac-dock-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Mac Photo Gallery 2.7 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19056/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="drag-drop-file-uploader">
<vulnerability>
<title>drag and drop file upload 0.1 Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19057/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="custom-content-type-manager">
<vulnerability>
<title>Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19058/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-gpx-map">
<vulnerability>
<title>wp-gpx-max version 1.1.21 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19050/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="front-file-manager">
<vulnerability>
<title>Front File Manager Plugin 0.1 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19012/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="front-end-upload">
<vulnerability>
<title>Front End Upload 0.5.3 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19008/</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Front End Upload v0.5.4 Arbitrary PHP File Upload</title>
<reference>http://www.exploit-db.com/exploits/20083/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="omni-secure-files">
<vulnerability>
<title>Omni Secure Files 0.1.13 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19009/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="easy-contact-forms-exporter">
<vulnerability>
<title>Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19013/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="pica-photo-gallery">
<vulnerability>
<title>PICA Photo Gallery 1.0 Remote File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19016/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="plugin-newsletter">
<vulnerability>
<title>Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/19018/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="rbxgallery">
<vulnerability>
<title>RBX Gallery 2.1 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19019/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="simple-download-button-shortcode">
<vulnerability>
<title>Simple Download Button Shortcode 1.0 Remote File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19020/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="thinkun-remind">
<vulnerability>
<title>Thinkun Remind 1.1.3 Remote File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19021/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="tinymce-thumbnail-gallery">
<vulnerability>
<title>Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/19022/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wpstorecart">
<vulnerability>
<title>wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/19023/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="gallery-plugin">
<vulnerability>
<title>Gallery 3.06 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18998/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="font-uploader">
<vulnerability>
<title>Font Uploader 1.2.4 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18994/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-property">
<vulnerability>
<title>WP-Property 1.35.0 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18987/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wpmarketplace">
<vulnerability>
<title>WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18988/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="store-locator-le">
<vulnerability>
<title>Google Maps via Store Locator Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18989/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="html5avmanager">
<vulnerability>
<title>HTML5 AV Manager 0.2.7 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18990/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="foxypress">
<vulnerability>
<title>Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload</title>
<reference>http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/, http://www.exploit-db.com/exploits/19100/</reference>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection</title>
<reference>http://packetstormsecurity.org/files/117768</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="asset-manager">
<vulnerability>
<title>Asset Manager 0.2 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18993/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="track-that-stat">
<vulnerability>
<title>Track That Stat &lt;= 1.0.8 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112722/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-facethumb">
<vulnerability>
<title>WP-Facethumb Gallery &lt;= 0.1 Reflected Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112658/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-survey-and-quiz-tool">
<vulnerability>
<title>Survey And Quiz Tool &lt;= 2.9.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112685/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-statistics">
<vulnerability>
<title>WP Statistics &lt;= 2.2.4 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112686/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-easy-gallery">
<vulnerability>
<title>WP Easy Gallery &lt;= 1.7 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112687/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="subscribe2">
<vulnerability>
<title>Subscribe2 &lt;= 8.0 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112688/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="soundcloud-is-gold">
<vulnerability>
<title>Soundcloud Is Gold &lt;= 2.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112689/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sharebar">
<vulnerability>
<title>Sharebar &lt;= 1.2.1 SQL Injection / Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112690/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="share-and-follow">
<vulnerability>
<title>Share And Follow &lt;= 1.80.3 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112691/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sabre">
<vulnerability>
<title>SABRE &lt;= 1.2.0 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112692/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pretty-link">
<vulnerability>
<title>Pretty Link Lite &lt;= 1.5.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112693/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="newsletter-manager">
<vulnerability>
<title>Newsletter Manager &lt;= 1.0 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112694/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="network-publisher">
<vulnerability>
<title>Network Publisher &lt;= 5.0.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112695/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="leaguemanager">
<vulnerability>
<title>LeagueManager &lt;= 3.7 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112698/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="leaflet">
<vulnerability>
<title>Leaflet &lt;= 0.0.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112699/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="joliprint">
<vulnerability>
<title>PDF And Print Button Joliprint &lt;= 1.3.0 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112700/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="iframe-admin-pages">
<vulnerability>
<title>IFrame Admin Pages &lt;= 0.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112701/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ezpz-one-click-backup">
<vulnerability>
<title>EZPZ One Click Backup &lt;= 12.03.10 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112705/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dynamic-widgets">
<vulnerability>
<title>Dynamic Widgets &lt;= 1.5.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112706/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="download-monitor">
<vulnerability>
<title>Download Monitor &lt;= 3.3.5.7 Cross Site Scripting</title>
<reference>http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Download Monitor &lt;= 3.3.5.4 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112707/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="download-manager">
<vulnerability>
<title>Download Manager &lt;= 2.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112708/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="codestyling-localization">
<vulnerability>
<title>Code Styling Localization &lt;= 1.99.16 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112709/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="catablog">
<vulnerability>
<title>Catablog &lt;= 1.6 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112619/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bad-behavior">
<vulnerability>
<title>Bad Behavior &lt;= 2.24 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112619/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bulletproof-security">
<vulnerability>
<title>BulletProof Security &lt;= 0.47 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112618/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="better-wp-security">
<vulnerability>
<title>Better WP Security v3.4.3</title>
<reference>http://seclists.org/bugtraq/2012/Oct/9</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Better WP Security &lt;= 3.2.4 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112617/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="custom-contact-forms">
<vulnerability>
<title>Custom Contact Forms &lt;= 5.0.0.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112616/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="2-click-socialmedia-button">
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.34 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112615/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.32.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112711/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="login-with-ajax">
<vulnerability>
<title>Login With Ajax plugin &lt; 3.0.4.1 Cross Site Scripting</title>
<reference>http://secunia.com/advisories/49013/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="media-library-categories">
<vulnerability>
<title>Media Library Categories plugin &lt;= 1.0.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17628/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Media Library Categories plugin &lt;= 1.1.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112697/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="deans-fckeditor-with-pwwangs-code-plugin-for-wordpress">
<vulnerability>
<title>FCKeditor Deans With Pwwangs Code &lt;= 1.0.0 Remote Shell Upload</title>
<reference>http://packetstormsecurity.org/files/111319/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-web-shop">
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.4.0 Multiple XSS Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18787/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.3.5 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112684/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop 2.4.3 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/113668/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="organizer">
<vulnerability>
<title>Organizer 1.2.1 Cross Site Scripting / Path Disclosure</title>
<reference>http://packetstormsecurity.org/files/112086, http://packetstormsecurity.org/files/113800</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-tickets">
<vulnerability>
<title>Zingiri Tickets plugin File Disclosure</title>
<reference>http://packetstormsecurity.org/files/111904</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="cms-tree-page-view">
<vulnerability>
<title>XSS vulnerability in CMS Tree Page View Plugin</title>
<reference>https://www.htbridge.com/advisory/HTB23083</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="all-in-one-event-calendar">
<vulnerability>
<title>Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress</title>
<reference>http://seclists.org/bugtraq/2012/Apr/70</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="buddypress">
<vulnerability>
<title>Buddypress &lt;= 1.5.5 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/18690/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="register-plus-redux">
<vulnerability>
<title>Register Plus Redux &lt;= 3.8.3 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/111367</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="magn-html5-drag-and-drop-media-uploader">
<vulnerability>
<title>Magn WP Drag and Drop &lt;= 1.1.4 Upload Shell Upload Vulnerability</title>
<reference>http://packetstormsecurity.org/files/110103</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="kish-guest-posting">
<vulnerability>
<title>Kish Guest Posting 1.0 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18412/</reference>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="allwebmenus-wordpress-menu-plugin">
<vulnerability>
<title>AllWebMenus Shell Upload &lt;= 1.1.9 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/108946/</reference>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>AllWebMenus 1.1.3 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17861/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php</uri>
<postdata>abspath=XXpathXX</postdata>
</vulnerability>
</plugin>
<plugin name="shortcode-redirect">
<vulnerability>
<title>Shortcode Redirect &lt;= 1.0.01 Stored Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/108914/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ucan-post">
<vulnerability>
<title>uCan Post plugin &lt;= 1.0.09 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/18390/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-cycle-playlist">
<vulnerability>
<title>WP Cycle Playlist plugin Multiple Vulnerabilities</title>
<reference>http://1337day.com/exploits/17396</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="myeasybackup">
<vulnerability>
<title>myEASYbackup 1.0.8.1 Directory Traversal</title>
<reference>http://packetstormsecurity.org/files/108711</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="count-per-day">
<vulnerability>
<title>Count Per Day 3.2.3 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/115904</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.1.1 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/114787/SSCHADV2012-015.txt</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day plugin &lt;= 3.1.1 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18355/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Count per Day plugin &lt;= 2.17 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17857/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-autoyoutube">
<vulnerability>
<title>WP-AutoYoutube plugin &lt;= 0.1 Blind SQL Injection Vulnerability</title>
<reference>http://1337day.com/exploits/17368</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="age-verification">
<vulnerability>
<title>Age Verification plugin &lt;= 0.4 Open Redirect</title>
<reference>http://www.exploit-db.com/exploits/18350</reference>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="yousaytoo-auto-publishing-plugin">
<vulnerability>
<title>Yousaytoo Auto Publishing &lt;= 1.0 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/108470</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pay-with-tweet">
<vulnerability>
<title>Pay With Tweet plugin &lt;= 1.1 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/18330/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-whois">
<vulnerability>
<title>Whois Search &lt;= 1.4.2 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/108271</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="upm-polls">
<vulnerability>
<title>BLIND SQL injection UPM-POLLS plugin 1.0.4</title>
<reference>http://www.exploit-db.com/exploits/18231/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="disqus-comment-system">
<vulnerability>
<title>Disqus Comment System &lt;= 2.68 Reflected Cross-Site Scripting (XSS)</title>
<reference>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-recaptcha">
<vulnerability>
<title>Google reCAPTCHA &lt;= 3.1.3 Reflected XSS Vulnerability </title>
<reference>http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="link-library">
<vulnerability>
<title>Link Library plugin &lt;= 5.2.1 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17887/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cevhershare">
<vulnerability>
<title>CevherShare 2.0 plugin SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17891/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-glossary">
<vulnerability>
<title>WP Glossary plugin SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/18055/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="meenews">
<vulnerability>
<title>meenews 5.1 plugin Cross-Site Scripting Vulnerabilities</title>
<reference>http://seclists.org/bugtraq/2011/Nov/151</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="clickdesk-live-support-chat">
<vulnerability>
<title>Click Desk Live Support Chat &lt; 2.0 Cross Site Scripting Vulnerability</title>
<reference>http://seclists.org/bugtraq/2011/Nov/148</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="adminimize">
<vulnerability>
<title>adminimize 1.7.21 Cross-Site Scripting Vulnerabilities</title>
<reference>http://seclists.org/bugtraq/2011/Nov/135</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="advanced-text-widget">
<vulnerability>
<title>Advanced Text Widget &lt;= 2.0.0 Cross Site Scripting Vulnerability</title>
<reference>http://seclists.org/bugtraq/2011/Nov/133</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mm-duplicate">
<vulnerability>
<title>MM Duplicate plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17707/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ungallery">
<vulnerability>
<title>UnGallery plugin &lt;= 1.5.8 Local File Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17704/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="wp-menu-creator">
<vulnerability>
<title>Menu Creator plugin &lt;= 1.1.7 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17689/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="allow-php-in-posts-and-pages">
<vulnerability>
<title>Allow PHP in Posts and Pages plugin &lt;= 2.0.0.RC1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17688/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="global-content-blocks">
<vulnerability>
<title>Global Content Blocks plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17687/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ajaxgallery">
<vulnerability>
<title>Ajax Gallery plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17686/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-ds-faq">
<vulnerability>
<title>WP DS FAQ plugin &lt;= 1.3.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17683/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="odihost-newsletter-plugin">
<vulnerability>
<title>OdiHost Newsletter plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17681/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="easy-contact-form-lite">
<vulnerability>
<title>Easy Contact Form Lite plugin &lt;= 1.0.7 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17680/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-symposium">
<vulnerability>
<title>WP Symposium plugin &lt;= 0.64 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17679/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="contus-hd-flv-player">
<vulnerability>
<title>Contus HD FLV Player plugin &lt;= 1.3 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17678/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="file-groups">
<vulnerability>
<title>File Groups plugin &lt;= 1.1.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17677/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ip-logger">
<vulnerability>
<title>IP-Logger plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17673/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="beer-recipes">
<vulnerability>
<title>Beer Recipes v.1.0 XSS</title>
<reference>http://www.exploit-db.com/exploits/17453/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="is-human">
<vulnerability>
<title>Is-human &lt;=1.4.2 Remote Command Execution Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17299/</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="editormonkey">
<vulnerability>
<title>EditorMonkey plugin (FCKeditor) Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/17284/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="sermon-browser">
<vulnerability>
<title>SermonBrowser 0.43 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17214/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ajax-category-dropdown">
<vulnerability>
<title>Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/17207/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-custom-pages">
<vulnerability>
<title>WP Custom Pages 0.5.0.1 LFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17119/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="flash-album-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities</title>
<reference>http://packetstormsecurity.org/files/117665/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/16947/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery &lt;= 1.56 XSS Vulnerability</title>
<reference>http://seclists.org/bugtraq/2011/Nov/186</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery &lt;= 1.71 XSS Vulnerability</title>
<reference>http://packetstormsecurity.org/files/112704</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="php_speedy_wp">
<vulnerability>
<title>PHP Speedy &lt;= 0.5.2 (admin_container.php) Remote Code Exec Exploit</title>
<reference>http://www.exploit-db.com/exploits/16273/</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="old-post-spinner">
<vulnerability>
<title>OPS Old Post Spinner 2.2.1 LFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16251/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="jquery-mega-menu">
<vulnerability>
<title>jQuery Mega Menu 1.0 Local File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/16250/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="iwant-one-ihave-one">
<vulnerability>
<title>IWantOneButton 3.0.1 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/16236/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="forum-server">
<vulnerability>
<title>WP Forum Server 1.6.5 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16235/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server plugin &lt;= 1.7 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17828/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server plugin &lt;= 1.7.3 SQL Injection / XSS Vulnerabilities</title>
<reference>http://www.packetstormsecurity.org/files/112703</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="relevanssi">
<vulnerability>
<title>Relevanssi 2.7.2 Stored XSS Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16233/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="gigpress">
<vulnerability>
<title>GigPress 2.1.10 Stored XSS Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16232/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="comment-rating">
<vulnerability>
<title>Comment Rating 2.9.23 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/16221/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="z-vote">
<vulnerability>
<title>Z-Vote 1.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16218/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="user-photo">
<vulnerability>
<title>User Photo Component Remote File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/16181/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="enable-media-replace">
<vulnerability>
<title>Enable Media Replace Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/16144/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="mingle-forum">
<vulnerability>
<title>Mingle Forum &lt;= 1.0.32.1 Cross Site Scripting / SQL Injection</title>
<reference>http://packetstormsecurity.org/files/108915/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum plugin &lt;= 1.0.31 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17894/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum (Plugin) &lt;= 1.0.26 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/15943/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.33 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/112696/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="accept-signups">
<vulnerability>
<title>Accept Signups 0.1 XSS</title>
<reference>http://www.exploit-db.com/exploits/15808/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="events-manager-extended">
<vulnerability>
<title>Events Manager Extended Persistent XSS Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/14923/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="nextgen-smooth-gallery">
<vulnerability>
<title>NextGEN Smooth Gallery Blind SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/14541/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mylinksdump">
<vulnerability>
<title>myLDlinker SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/14441/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="firestats">
<vulnerability>
<title>Firestats Remote Configuration File Download</title>
<reference>http://www.exploit-db.com/exploits/14308/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="simple-press">
<vulnerability>
<title>Simple:Press SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/14198/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cimy-counter">
<vulnerability>
<title>Vulnerabilities in Cimy Counter for WordPress</title>
<reference>http://www.exploit-db.com/exploits/14057/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="nextgen-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>XSS in NextGEN Gallery &lt;= 1.5.1</title>
<reference>http://www.exploit-db.com/exploits/12098/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cpl">
<vulnerability>
<title>Copperleaf Photolog SQL injection</title>
<reference>http://www.exploit-db.com/exploits/11458/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="events-calendar">
<vulnerability>
<title>Events SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/10929/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ImageManager">
<vulnerability>
<title>Image Manager Plugins Shell Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/10325/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-cumulus">
<vulnerability>
<title>Vulnerabilities in WP-Cumulus &lt;= 1.20 for WordPress</title>
<reference>http://www.exploit-db.com/exploits/10228/</reference>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WP-Cumulus &lt; 1.23 Cross Site Scripting Vulnerabily</title>
<reference>http://seclists.org/fulldisclosure/2011/Nov/340</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-syntax">
<vulnerability>
<title>WP-Syntax &lt;= 0.9.1 Remote Command Execution</title>
<reference>http://www.exploit-db.com/exploits/9431/</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="my-category-order">
<vulnerability>
<title>My Category Order &lt;= 2.8 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/9150/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="related-sites">
<vulnerability>
<title>Related Sites 2.1 Blind SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/9054/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dm-albums">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>DM Albums 1.9.2 Remote File Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/9048/</reference>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>DM Albums 1.9.2 Remote File Inclusion Vuln</title>
<reference>http://www.exploit-db.com/exploits/9043/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="photoracer">
<vulnerability>
<title>Photoracer 1.0 (id) SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/8961/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Photoracer plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17720/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Photoracer plugin &lt;= 1.0 Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/17731/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-lytebox">
<vulnerability>
<title>Lytebox (wp-lytebox) Local File Inclusion Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/8791/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="fmoblog">
<vulnerability>
<title>fMoblog 2.1 (id) SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/8229/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="page-flip-image-gallery">
<vulnerability>
<title>Page Flip Image Gallery &lt;= 0.2.2 Remote FD Vuln</title>
<reference>http://www.exploit-db.com/exploits/7543/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="wp-shopping-cart">
<vulnerability>
<title>e-Commerce &lt;= 3.4 Arbitrary File Upload Exploit</title>
<reference>http://www.exploit-db.com/exploits/6867/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="downloads-manager">
<vulnerability>
<title>Download Manager 0.2 Arbitrary File Upload Exploit</title>
<reference>http://www.exploit-db.com/exploits/6127/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wpSS">
<vulnerability>
<title>Spreadsheet &lt;= 0.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5486/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-download">
<vulnerability>
<title>Download (dl_id) SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5326/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sniplets">
<vulnerability>
<title>Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/5194/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-photo-album">
<vulnerability>
<title>Photo album Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5135/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sf-forum">
<vulnerability>
<title>Simple Forum 2.0-2.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5126/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Simple Forum 1.10-1.11 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5127/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="st_newsletter">
<vulnerability>
<title>st_newsletter Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5053/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>st_newsletter (stnl_iframe.php) SQL Injection Vuln</title>
<reference>http://www.exploit-db.com/exploits/6777/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wordspew">
<vulnerability>
<title>Wordspew Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/5039/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dmsguestbook">
<vulnerability>
<title>dmsguestbook 1.7.0 Multiple Remote Vulnerabilities</title>
<reference>http://www.exploit-db.com/exploits/5035/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wassup">
<vulnerability>
<title>WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/5017/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-adserve">
<vulnerability>
<title>Adserve 0.2 adclick.php SQL Injection Exploit</title>
<reference>http://www.exploit-db.com/exploits/5013/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="fgallery">
<vulnerability>
<title>plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4993/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-cal">
<vulnerability>
<title>WP-Cal 0.3 editevent.php SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4992/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wpforum">
<vulnerability>
<title>plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4939/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/7738/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-filemanager">
<vulnerability>
<title>Wp-FileManager 1.2 Remote Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4844/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="pictpress">
<vulnerability>
<title>PictPress &lt;= 0.91 Remote File Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4695/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="backupwordpress">
<vulnerability>
<title>BackUp&lt;= 0.4.2b RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/4593/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/BackUp/Archive.php?bkpwp_plugin_path=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="myflash">
<vulnerability>
<title>plugin myflash &lt;= 1.00 (wppath) RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3828/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/myflash/myflash-button.php?wpPATH=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="wordtube">
<vulnerability>
<title>plugin wordTube &lt;= 1.43 (wpPATH) RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3825/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/wordtube/wordtube-button.php?wpPATH=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="wp-table">
<vulnerability>
<title>plugin wp-Table &lt;= 1.43 (inc_dir) RFI Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3824/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="mygallery">
<vulnerability>
<title>myGallery &lt;= 1.4b4 Remote File Inclusion Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/3814/</reference>
<type>RFI</type>
<uri>/mygallery/myfunctions/mygallerybrowser.php?myPath=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="sendit">
<vulnerability>
<title>SendIt plugin &lt;= 1.5.9 Blind SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17716/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="js-appointment">
<vulnerability>
<title>Js-appointment plugin &lt;= 1.5 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17724/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mm-forms-community">
<vulnerability>
<title>MM Forms Community &lt;= 1.2.3 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17725/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>MM Forms Community 2.2.6 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/18997/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="super-captcha">
<vulnerability>
<title>Super CAPTCHA plugin &lt;= 2.2.4 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17728/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="collision-testimonials">
<vulnerability>
<title>Collision Testimonials plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17729/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="oqey-headers">
<vulnerability>
<title>Oqey Headers plugin &lt;= 0.3 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17730/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="fbpromotions">
<vulnerability>
<title>Facebook Promotions plugin &lt;= 1.3.3 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17737/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="evarisk">
<vulnerability>
<title>Evarisk plugin &lt;= 5.1.3.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17738/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Evarisk 5.1.5.4 Shell Upload</title>
<reference>http://packetstormsecurity.org/files/113638/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="profiles">
<vulnerability>
<title>Profiles plugin &lt;= 2.0 RC1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17739/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mystat">
<vulnerability>
<title>mySTAT plugin &lt;= 2.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17740/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sh-slideshow">
<vulnerability>
<title>SH Slideshow plugin &lt;= 3.1.4 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17748/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="copyright-licensing-tools">
<vulnerability>
<title>iCopyright(R) Article Tools plugin &lt;= 1.1.4 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17749/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="advertizer">
<vulnerability>
<title>Advertizer plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17750/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="event-registration">
<vulnerability>
<title>Event Registration plugin &lt;= 5.44 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17814/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Event Registration plugin &lt;= 5.43 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17751/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Event Registration 5.32 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/15513/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="crawlrate-tracker">
<vulnerability>
<title>Craw Rate Tracker plugin &lt;= 2.0.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17755/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-audio-gallery-playlist">
<vulnerability>
<title>wp audio gallery playlist plugin &lt;= 0.12 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17756/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="yolink-search">
<vulnerability>
<title>yolink Search plugin &lt;= 1.1.4 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17757/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="pure-html">
<vulnerability>
<title>PureHTML plugin &lt;= 1.0.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17758/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="couponer">
<vulnerability>
<title>Couponer plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17759/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="grapefile">
<vulnerability>
<title>grapefile plugin &lt;= 1.1 Arbitrary File Upload</title>
<reference>http://www.exploit-db.com/exploits/17760/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="image-gallery-with-slideshow">
<vulnerability>
<title>image-gallery-with-slideshow plugin &lt;= 1.5 Arbitrary File Upload / SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17761/</reference>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg">
<vulnerability>
<title>Donation plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17763/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-bannerize">
<vulnerability>
<title>WP Bannerize plugin &lt;= 2.8.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17764/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Bannerize plugin &lt;= 2.8.7 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17906/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="search-autocomplete">
<vulnerability>
<title>SearchAutocomplete plugin &lt;= 1.0.8 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17767/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="videowhisper-video-presentation">
<vulnerability>
<title>VideoWhisper Video Presentation plugin &lt;= 1.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17771/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="facebook-opengraph-meta-plugin">
<vulnerability>
<title>Facebook Opengraph Meta plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17773/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="zotpress">
<vulnerability>
<title>Zotpress plugin &lt;= 4.4 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17778/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="oqey-gallery">
<vulnerability>
<title>oQey Gallery plugin &lt;= 0.4.8 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17779/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="tweet-old-post">
<vulnerability>
<title>Tweet Old Post plugin &lt;= 3.2.5 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17789/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="post-highlights">
<vulnerability>
<title>post highlights plugin &lt;= 2.2 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17790/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="knr-author-list-widget">
<vulnerability>
<title>KNR Author List Widget plugin &lt;= 2.0.0 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17791/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="scormcloud">
<vulnerability>
<title>SCORM Cloud plugin &lt;= 1.0.6.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17793/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="eventify">
<vulnerability>
<title>Eventify - Simple Events plugin &lt;= 1.7.f SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17794/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="paid-downloads">
<vulnerability>
<title>Paid Downloads plugin &lt;= 2.01 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17797/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="community-events">
<vulnerability>
<title>Community Events plugin &lt;= 1.2.1 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17798/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="1-flash-gallery">
<vulnerability>
<title>1 Flash Gallery Arbiraty File Upload Exploit (MSF)</title>
<reference>http://www.exploit-db.com/exploits/17801/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-filebase">
<vulnerability>
<title>WP-Filebase Download Manager plugin &lt;= 0.2.9 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17808/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="a-to-z-category-listing">
<vulnerability>
<title>A to Z Category Listing plugin &lt;= 1.3 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17809/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce">
<vulnerability>
<title>WP e-Commerce plugin &lt;= 3.8.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17832/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="filedownload">
<vulnerability>
<title>Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17858/</reference>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="thecartpress">
<vulnerability>
<title>TheCartPress &lt;= 1.6 Cross Site Sripting</title>
<reference>http://packetstormsecurity.org/files/108272/</reference>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>TheCartPress 1.1.1 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17860/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/thecartpress/checkout/CheckoutEditor.php?tcp_save_fields=true&amp;tcp_class_name=asdf&amp;tcp_class_path=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="wpeasystats">
<vulnerability>
<title>WPEasyStats 1.8 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17862/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/wpeasystats/export.php?homep=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="annonces">
<vulnerability>
<title>Annonces 1.2.0.0 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17863/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php?abspath=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="livesig">
<vulnerability>
<title>Livesig 0.4 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17864/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/livesig/livesig-ajax-backend.php</uri>
<postdata>wp-root=XXpathXX&amp;action=asdf</postdata>
</vulnerability>
</plugin>
<plugin name="disclosure-policy-plugin">
<vulnerability>
<title>Disclosure Policy 1.0 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17865/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&amp;blogUrl=asdf&amp;abspath=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="mailz">
<vulnerability>
<title>Mailing List 1.3.2 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17866/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/mailz/lists/config/config.php?wpabspath=XXpathXX</uri>
</vulnerability>
<vulnerability>
<title>Mailing List &lt; 1.4.1 Arbitrary file download</title>
<reference>http://www.exploit-db.com/exploits/18276/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="g-web-shop">
<vulnerability>
<title>Zingiri Web Shop 2.2.0 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17867/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/g-web-shop/fws/ajax/init.inc.php?wpabspath=XXpathXX</uri>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.2.3 Remote Code Execution</title>
<reference>http://www.exploit-db.com/exploits/18111/</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="mini-mail-dashboard-widget">
<vulnerability>
<title>Mini Mail Dashboard Widget 1.36 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17868/</reference>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Mini Mail Dashboard Widget 1.42 Stored XSS</title>
<reference>http://www.exploit-db.com/exploits/20358/</reference>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="relocate-upload">
<vulnerability>
<title>Relocate Upload 0.14 Remote File Inclusion</title>
<reference>http://www.exploit-db.com/exploits/17869/</reference>
<type>RFI</type>
<uri>/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&amp;abspath=XXpathXX</uri>
</vulnerability>
</plugin>
<plugin name="category-grid-view-gallery">
<vulnerability>
<title>Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="auto-attachments">
<vulnerability>
<title>Auto Attachments plugin 0.2.9 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-marketplace">
<vulnerability>
<title>WP Marketplace plugin 1.1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="dp-thumbnail">
<vulnerability>
<title>DP Thumbnail plugin 1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="vk-gallery">
<vulnerability>
<title>Vk Gallery plugin 1.1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="rekt-slideshow">
<vulnerability>
<title>Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cac-featured-content">
<vulnerability>
<title>CAC Featured Content plugin 0.8 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="rent-a-car">
<vulnerability>
<title>Rent A Car plugin 1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lisl-last-image-slider">
<vulnerability>
<title>LISL Last Image Slider plugin 1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="islidex">
<vulnerability>
<title>Islidex plugin 2.7 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="kino-gallery">
<vulnerability>
<title>Kino Gallery plugin 1.0 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cms-pack-cache">
<vulnerability>
<title>Cms Pack plugin 1.3 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="a-gallery">
<vulnerability>
<title>A Gallery plugin 0.9 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="category-list-portfolio-page">
<vulnerability>
<title>Category List Portfolio Page plugin 0.9 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="really-easy-slider">
<vulnerability>
<title>Really Easy Slider plugin 0.1 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="verve-meta-boxes">
<vulnerability>
<title>Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="user-avatar">
<vulnerability>
<title>User Avatar plugin 1.3.7 shell upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="extend-wordpress">
<vulnerability>
<title>Extend plugin 1.3.7 Shell Upload vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17872/</reference>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="adrotate">
<vulnerability>
<title>AdRotate plugin &lt;= 3.6.5 SQL Injection Vulnerability</title>
<reference>http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>AdRotate plugin &lt;= 3.6.6 SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/18114/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-spamfree">
<vulnerability>
<title>WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/17970/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="gd-star-rating">
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.10 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17973/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.16 Cross Site Scripting</title>
<reference>http://www.packetstormsecurity.org/files/112702</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="contact-form-wordpress">
<vulnerability>
<title>Contact Form plugin &lt;= 2.7.5 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17980/</reference>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-photo-album-plus">
<vulnerability>
<title>WP Photo Album Plus &lt;= 4.1.1 SQL Injection</title>
<reference>http://www.exploit-db.com/exploits/17983/</reference>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus &lt; 4.9.1 Full Path Disclosure</title>
<reference>http://1337day.com/exploit/20125</reference>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="backwpup">
<vulnerability>
<title>BackWPUp 2.1.4 Code Execution</title>
<reference>http://www.exploit-db.com/exploits/17987/</reference>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>plugin BackWPup 1.5.2, 1.6.1, 1.7.1 Remote and Local Code Execution Vulnerability</title>
<reference>http://osvdb.org/show/osvdb/71481</reference>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="portable-phpmyadmin">
<vulnerability>
<title>portable-phpMyAdmin &lt; 1.3.1 Authentication Bypass</title>
<reference>http://www.exploit-db.com/exploits/23356</reference>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="super-refer-a-friend">
<vulnerability>
<title>super-refer-a-friend &lt; 1.0 Full Path Disclosure</title>
<reference>http://1337day.com/exploit/20126</reference>
<type>FPD</type>
</vulnerability>
</plugin>
</vulnerabilities>
Reference in New Issue View Git Blame Copy Permalink