garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
6716de6635e6dd3e3a22e52501656e2ecac07423
wpscan/data/plugin_vulns.xml
Peter 6716de6635 Fix merge conflict
2014-07-31 13:27:30 +02:00

13847 lines
425 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vuln.xsd">
<plugin name="theme-my-login">
<vulnerability>
<title>Theme My Login 6.3.9 - Local File Inclusion</title>
<references>
<osvdb>108517</osvdb>
<url>http://packetstormsecurity.com/files/127302/</url>
<url>http://seclists.org/fulldisclosure/2014/Jun/172</url>
<url>http://www.securityfocus.com/bid/68254</url>
<url>https://security.dxw.com/advisories/lfi-in-theme-my-login/</url>
</references>
<type>LFI</type>
<fixed_in>6.3.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="login-rebuilder">
<vulnerability>
<title>Login Rebuilder &lt; 1.2.0 - Cross Site Request Forgery Vulnerability</title>
<references>
<osvdb>108364</osvdb>
<cve>2014-3882</cve>
</references>
<type>CSRF</type>
<fixed_in>1.2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="simple-share-buttons-adder">
<vulnerability>
<title>Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF</title>
<references>
<osvdb>108444</osvdb>
<cve>2014-4717</cve>
<exploitdb>33896</exploitdb>
<url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/</url>
<url>http://packetstormsecurity.com/files/127238/</url>
</references>
<type>CSRF</type>
<fixed_in>4.5</fixed_in>
</vulnerability>
<vulnerability>
<title>Simple Share Buttons Adder 4.4 - options-general.php ssba_share_text Parameter Stored XSS Weakness</title>
<references>
<osvdb>108445</osvdb>
<exploitdb>33896</exploitdb>
<url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/</url>
<url>http://packetstormsecurity.com/files/127238/</url>
</references>
<type>XSS</type>
<fixed_in>4.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="content-slide">
<vulnerability>
<title>Content Slide &lt;= 1.4.2 - Cross Site Request Forgery Vulnerability</title>
<references>
<osvdb>93871</osvdb>
<cve>2013-2708</cve>
<secunia>52949</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wp-cron-dashboard">
<vulnerability>
<title>WP Cron DashBoard &lt;= 1.1.5 - wp-cron-dashboard.php procname Parameter Reflected XSS</title>
<references>
<osvdb>100660</osvdb>
<cve>2013-6991</cve>
<url>http://packetstormsecurity.com/files/124602/</url>
<url>https://www.htbridge.com/advisory/HTB23189</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wordpress-simple-paypal-shopping-cart">
<vulnerability>
<title>Simple Paypal Shopping Cart 3.5 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>93953</osvdb>
<cve>2013-2705</cve>
<secunia>52963</secunia>
</references>
<type>CSRF</type>
<fixed_in>3.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-sendsms">
<vulnerability>
<title>WP-SendSMS 1.0 - Setting Manipulation CSRF</title>
<references>
<osvdb>94209</osvdb>
<secunia>53796</secunia>
<exploitdb>26124</exploitdb>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>WP-SendSMS 1.0 - wp-admin/admin.php Multiple Parameter XSS</title>
<references>
<osvdb>94210</osvdb>
<exploitdb>26124</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mail-subscribe-list">
<vulnerability>
<title>Mail Subscribe List - Script Insertion Vulnerability</title>
<references>
<secunia>53732</secunia>
<osvdb>94197</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="s3-video">
<vulnerability>
<title>S3 Video &lt;= 0.97 - VideoJS Cross Site Scripting Vulnerability</title>
<references>
<secunia>53437</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>0.98</fixed_in>
</vulnerability>
<vulnerability>
<title>S3 Video 0.982 - preview_video.php base Parameter XSS</title>
<references>
<osvdb>101388</osvdb>
<secunia>56167</secunia>
<cve>2013-7279</cve>
</references>
<type>XSS</type>
<fixed_in>0.983</fixed_in>
</vulnerability>
</plugin>
<plugin name="video-embed-thumbnail-generator">
<vulnerability>
<title>VideoJS Cross - Site Scripting Vulnerability</title>
<references>
<secunia>53426</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>4.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="1player">
<vulnerability>
<title>VideoJS Cross - Site Scripting Vulnerability</title>
<references>
<secunia>53445</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>1.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="external-video-for-everybody">
<vulnerability>
<title>VideoJS Cross - Site Scripting Vulnerability</title>
<references>
<secunia>53396</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="EasySqueezePage">
<vulnerability>
<title>VideoJS Cross - Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="crayon-syntax-highlighter">
<vulnerability>
<title>Crayon Syntax Highlighter - Remote File Inclusion Vulnerability</title>
<references>
<osvdb>86255</osvdb>
<osvdb>86256</osvdb>
<secunia>50804</secunia>
<url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/</url>
</references>
<type>RFI</type>
<fixed_in>1.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="ungallery">
<vulnerability>
<title>UnGallery &lt;= 1.5.8 - Local File Disclosure Vulnerability</title>
<references>
<exploitdb>17704</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>UnGallery - Arbitrary Command Execution</title>
<references>
<secunia>50875</secunia>
<url>http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/</url>
</references>
<type>RCE</type>
<fixed_in>2.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="thanks-you-counter-button">
<vulnerability>
<title>Thank You Counter Button 1.8.7 - wp-admin/options.php Multiple Parameter Stored XSS</title>
<references>
<osvdb>103778</osvdb>
<url>http://packetstormsecurity.com/files/125397/</url>
<url>http://www.securityfocus.com/bid/65805</url>
<cve>2014-2315</cve>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Thank You Counter Button &lt;= 1.8.2 - XSS</title>
<references>
<secunia>50977</secunia>
</references>
<type>XSS</type>
<fixed_in>1.8.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="bookings">
<vulnerability>
<title>Bookings &lt;= 1.8.2 - controlpanel.php error Parameter XSS</title>
<references>
<osvdb>86613</osvdb>
<secunia>50975</secunia>
</references>
<type>XSS</type>
<fixed_in>1.8.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="cimy-user-manager">
<vulnerability>
<title>Cimy User Manager &lt;= 1.4.2 - Arbitrary File Disclosure</title>
<references>
<secunia>50834</secunia>
<url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="fs-real-estate-plugin">
<vulnerability>
<title>FireStorm Professional Real Estate 2.06.01 - xml/marker_listings.php id Parameter SQL Injection</title>
<references>
<osvdb>86686</osvdb>
<secunia>51107</secunia>
<exploitdb>22071</exploitdb>
<url>http://packetstormsecurity.com/files/118232/</url>
<url>http://xforce.iss.net/xforce/xfdb/80261</url>
</references>
<type>SQLI</type>
<fixed_in>2.06.04</fixed_in>
</vulnerability>
<vulnerability>
<title>FireStorm Professional Real Estate - Multiple SQL Injection</title>
<references>
<secunia>50873</secunia>
<url>http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/</url>
</references>
<type>SQLI</type>
<fixed_in>2.06.03</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp125">
<vulnerability>
<title>WP125 &lt;= 1.4.4 - Multiple XSS</title>
<references>
<secunia>50976</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.5</fixed_in>
</vulnerability>
<vulnerability>
<title>WP125 &lt;= 1.4.9 - CSRF</title>
<references>
<osvdb>92113</osvdb>
<cve>2013-2700</cve>
<secunia>52876</secunia>
<url>http://www.securityfocus.com/bid/58934</url>
</references>
<type>CSRF</type>
<fixed_in>1.5.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="all-video-gallery">
<vulnerability>
<title>All Video Gallery - Multiple SQL Injection Vulnerabilities</title>
<references>
<secunia>50874</secunia>
<exploitdb>22427</exploitdb>
<url>http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="buddystream">
<vulnerability>
<title>BuddyStream - XSS</title>
<references>
<secunia>50972</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="post-views">
<vulnerability>
<title>Post views 2.6.1 - wp-content/plugins/post-views/post-views.php search_input Parameter XSS</title>
<references>
<osvdb>87349</osvdb>
<secunia>50982</secunia>
<url>http://www.securityfocus.com/bid/56555</url>
<url>http://xforce.iss.net/xforce/xfdb/80076</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="floating-social-media-links">
<vulnerability>
<title>Floating Social Media Links &lt;= 1.4.2 - fsml-admin.js.php wpp Parameter Remote File Inclusion</title>
<references>
<osvdb>88383</osvdb>
<secunia>51346</secunia>
<url>http://www.securityfocus.com/bid/56913</url>
<url>http://xforce.iss.net/xforce/xfdb/80641</url>
<url>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/</url>
</references>
<type>RFI</type>
<fixed_in>1.4.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Floating Social Media Links &lt;= 1.4.2 - fsml-hideshow.js.php wpp Parameter Remote File Inclusion</title>
<references>
<osvdb>88385</osvdb>
<secunia>51346</secunia>
<url>http://www.securityfocus.com/bid/56913</url>
<url>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/</url>
</references>
<type>RFI</type>
<fixed_in>1.4.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="zingiri-forum">
<vulnerability>
<title>Zingiri Forum 1.4.2 - forum.php zing_forum_output Function url Parameter XSS</title>
<references>
<osvdb>89069</osvdb>
<cve>2012-4920</cve>
<secunia>50833</secunia>
<url>http://www.securityfocus.com/bid/57224</url>
<url>http://xforce.iss.net/xforce/xfdb/81156</url>
<url>http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/</url>
</references>
<type>XSS</type>
<fixed_in>1.4.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="google-document-embedder">
<vulnerability>
<title>Google Document Embedder - Arbitrary File Disclosure</title>
<references>
<cve>2012-4915</cve>
<exploitdb>23970</exploitdb>
<secunia>50832</secunia>
<url>http://www.securityfocus.com/bid/57133</url>
<url>http://packetstormsecurity.com/files/119329/</url>
<url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</url>
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
</references>
<type>UNKNOWN</type>
<fixed_in>2.5.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="extended-user-profile">
<vulnerability>
<title>extended-user-profile - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20118</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="superslider-show">
<vulnerability>
<title>superslider-show - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20117</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wordpress-multibox-plugin">
<vulnerability>
<title>multibox - Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20119</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="openinviter-for-wordpress">
<vulnerability>
<title>OpenInviter - Information Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/119265/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wp_rokbox">
<vulnerability>
<title>RokBox - Multiple Vulnerabilities</title>
<references>
<url>http://1337day.com/exploit/19981</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>RokBox &lt;= 2.13 - thumb.php src Parameter Malformed Input Path Disclosure</title>
<references>
<osvdb>88604</osvdb>
<url>http://packetstormsecurity.com/files/118884/</url>
<url>http://xforce.iss.net/xforce/xfdb/80732</url>
<url>http://www.securityfocus.com/bid/56953</url>
<url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>RokBox &lt;= 2.13 - thumb.php src Parameter XSS</title>
<references>
<osvdb>88605</osvdb>
<url>http://packetstormsecurity.com/files/118884/</url>
<url>http://xforce.iss.net/xforce/xfdb/80731</url>
<url>http://www.securityfocus.com/bid/56953</url>
<url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>RokBox &lt;= 2.13 - rokbox.php Direct Request Path Disclosure</title>
<references>
<osvdb>88606</osvdb>
<url>http://packetstormsecurity.com/files/118884/</url>
<url>http://www.securityfocus.com/bid/56953</url>
<url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>RokBox &lt;= 2.13 - error_log Direct Request Error Log Information Disclosure</title>
<references>
<osvdb>88607</osvdb>
<url>http://packetstormsecurity.com/files/118884/</url>
<url>http://xforce.iss.net/xforce/xfdb/80761</url>
<url>http://www.securityfocus.com/bid/56953</url>
<url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>RokBox &lt;= 2.13 - jwplayer/jwplayer.swf abouttext Parameter XSS</title>
<references>
<osvdb>88608</osvdb>
<url>http://packetstormsecurity.com/files/118884/</url>
<url>http://xforce.iss.net/xforce/xfdb/80731</url>
<url>http://www.securityfocus.com/bid/56953</url>
<url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>RokBox &lt;= 2.13 - thumb.php src Parameter Arbitrary File Upload</title>
<references>
<osvdb>88609</osvdb>
<url>http://packetstormsecurity.com/files/118884/</url>
<url>http://xforce.iss.net/xforce/xfdb/80733</url>
<url>http://xforce.iss.net/xforce/xfdb/80739</url>
<url>http://www.securityfocus.com/bid/56953</url>
<url>http://seclists.org/fulldisclosure/2012/Dec/159</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp_rokintroscroller">
<vulnerability>
<title>RokIntroScroller &lt;= 1.8 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<osvdb>97418</osvdb>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123302/</url>
<url>http://seclists.org/fulldisclosure/2013/Sep/121</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_rokmicronews">
<vulnerability>
<title>RokMicroNews &lt;= 1.5 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<osvdb>97418</osvdb>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123312/</url>
<url>http://seclists.org/fulldisclosure/2013/Sep/124</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_roknewspager">
<vulnerability>
<title>RokNewsPager &lt;= 1.17 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<osvdb>97418</osvdb>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123271/</url>
<url>http://seclists.org/fulldisclosure/2013/Sep/109</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_rokstories">
<vulnerability>
<title>RokStories &lt;= 1.25 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<osvdb>97418</osvdb>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123270/</url>
<url>http://seclists.org/fulldisclosure/2013/Sep/108</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="grou-random-image-widget">
<vulnerability>
<title>grou-random-image-widget - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20047</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="sintic_gallery">
<vulnerability>
<title>sintic_gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19993</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>sintic_gallery - Path Disclosure Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20020</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wp-useronline">
<vulnerability>
<title>WP-UserOnline - Full Path Disclosure</title>
<references>
<url>http://seclists.org/fulldisclosure/2010/Jul/8</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Wp-UserOnline &lt;= 0.62 - Persistent XSS</title>
<references>
<url>http://seclists.org/fulldisclosure/2010/Jul/8</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="levelfourstorefront">
<vulnerability>
<title>Shopping Cart 8.1.14 - Shell Upload, SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/119217/</url>
<secunia>51690</secunia>
</references>
<type>MULTI</type>
<fixed_in>8.1.15</fixed_in>
</vulnerability>
<vulnerability>
<title>Level Four Storefront - levelfourstorefront/getsortmanufacturers.php id Parameter SQL Injection</title>
<references>
<osvdb>91680</osvdb>
<url>http://packetstormsecurity.com/files/120950/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="reflex-gallery">
<vulnerability>
<title>ReFlex Gallery 1.4.2 - Unspecified XSS</title>
<references>
<osvdb>102585</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.4.3</fixed_in>
</vulnerability>
<vulnerability>
<title>ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure</title>
<references>
<osvdb>88869</osvdb>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>ReFlex Gallery 1.3 - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/119218/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="uploader">
<vulnerability>
<title>Uploader 1.0.4 - Shell Upload</title>
<references>
<osvdb>70648</osvdb>
<secunia>43075</secunia>
<secunia>52465</secunia>
<url>http://packetstormsecurity.com/files/119219/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Uploader 1.0.4 - notify.php blog Parameter XSS</title>
<references>
<osvdb>90840</osvdb>
<cve>2013-2287</cve>
<secunia>52465</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Uploader 1.0.0 - wp-content/plugins/uploader/views/notify.php num Parameter XSS</title>
<references>
<osvdb>70649</osvdb>
<secunia>43075</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xerte-online">
<vulnerability>
<title>Xerte Online 0.32 - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/119220/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="advanced-custom-fields">
<vulnerability>
<title>Advanced Custom Fields &lt;= 3.5.1 - Remote File Inclusion</title>
<references>
<url>http://packetstormsecurity.com/files/119221/</url>
<secunia>51037</secunia>
<exploitdb>23856</exploitdb>
<osvdb>87353</osvdb>
<metasploit>exploit/unix/webapp/wp_advanced_custom_fields_exec</metasploit>
</references>
<type>RFI</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="sitepress-multilingual-cms">
<vulnerability>
<title>sitepress-multilingual-cms - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20067</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="asset-manager">
<vulnerability>
<title>Asset Manager 0.2 - Arbitrary File Upload</title>
<references>
<osvdb>82653</osvdb>
<exploitdb>18993</exploitdb>
<exploitdb>23652</exploitdb>
<secunia>49378</secunia>
<url>http://www.securityfocus.com/bid/53809</url>
<url>http://packetstormsecurity.com/files/119133/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Asset Manager - upload.php Arbitrary Code Execution</title>
<references>
<osvdb>82653</osvdb>
<url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</url>
<url>http://packetstormsecurity.com/files/113285/</url>
<url>http://xforce.iss.net/xforce/xfdb/80823</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="apptha-banner">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="apptha-slider-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="blaze-slide-show-for-wordpress">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Blaze Slideshow 2.1 - Unspecified Security Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/52677</url>
</references>
<type>UNKNOWN</type>
<fixed_in>2.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="comment-extra-field">
<vulnerability>
<title>Comment Extra Field 1.7 - CSRF / XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122625/</url>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-rich-inline-edit">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-pager">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-uploader">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-ui-options">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fresh-page">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pdw-file-browser">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>PDW File Browser - upload.php Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/53895</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="power-zoomer">
<vulnerability>
<title>powerzoomer - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20253</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slide-show-pro">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="smart-slide-show">
<vulnerability>
<title>Smart Slideshow - upload.php Multiple File Extension Upload Arbitrary Code Execution</title>
<references>
<osvdb>87373</osvdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="spotlightyour">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sprapid">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ultimate-tinymce">
<vulnerability>
<title>TinyMCE 3.5 - swfupload Cross-Site Scripting Vulnerability</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
<secunia>51224</secunia>
</references>
<type>XSS</type>
<fixed_in>3.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-3dbanner-rotator">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-3dflick-slideshow">
<vulnerability>
<title>wp-3dflick-slideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20255</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-bliss-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-carouselslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
<secunia>51250</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Carousel Slideshow - Unspecified Vulnerabilities</title>
<references>
<secunia>50377</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>3.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-dreamworkgallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-ecommerce-cvs-importer">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-extended">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-flipslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-homepage-slideshow">
<vulnerability>
<title>wp-homepage-slideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20260</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-image-news-slider">
<vulnerability>
<title>Image News Slider 3.3 - Arbitrary File Upload Vulnerability</title>
<references>
<osvdb>87375</osvdb>
<url>http://1337day.com/exploit/20259</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Image News Slider 3.3 - Unspecified Vulnerabilities</title>
<references>
<osvdb>84935</osvdb>
<secunia>50390</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>3.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Image News Slider 3.2 - Multiple Unspecified Remote Issues</title>
<references>
<osvdb>81314</osvdb>
<cve>2012-4327</cve>
<secunia>48747</secunia>
<url>http://www.securityfocus.com/bid/52977</url>
<url>http://xforce.iss.net/xforce/xfdb/74788</url>
</references>
<type>UNKNOWN</type>
<fixed_in>3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Image News Slider 3.1 - Multiple Unspecified Remote Issues</title>
<references>
<osvdb>80310</osvdb>
<secunia>48538</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>3.2</fixed_in>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-image-resizer">
<vulnerability>
<title>Image Resizer - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/123651/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-levoslideshow">
<vulnerability>
<title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20250</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-matrix-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-powerplaygallery">
<vulnerability>
<title>wp-powerplaygallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20252</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-royal-gallery">
<vulnerability>
<title>wp-royal-gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20261</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-superb-slideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp superb Slideshow - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/19979</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wp-vertical-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-yasslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cardoza-ajax-search">
<vulnerability>
<title>Ajax - Post Search Sql Injection</title>
<references>
<url>http://seclists.org/bugtraq/2012/Nov/33</url>
<secunia>51205</secunia>
<url>http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html</url>
</references>
<type>SQLI</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="answer-my-question">
<vulnerability>
<title>Answer My Question 1.1 - record_question.php Multiple Parameter XSS</title>
<references>
<osvdb>85567</osvdb>
<secunia>50655</secunia>
<url>http://www.securityfocus.com/archive/1/524625/30/0/threaded</url>
<url>http://seclists.org/bugtraq/2012/Nov/24</url>
</references>
<type>XSS</type>
<fixed_in>1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="catalog">
<vulnerability>
<title>Spider Catalog - HTML Code Injection and Cross-site scripting</title>
<references>
<url>http://packetstormsecurity.com/files/117820/</url>
<secunia>51143</secunia>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/60079</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog 1.4.6 - Multiple Shortcode id Parameter SQL Injection</title>
<references>
<osvdb>93589</osvdb>
<exploitdb>25724</exploitdb>
<secunia>53491</secunia>
<url>http://seclists.org/bugtraq/2013/May/79</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog 1.4.6 - catalog.php catalog_after_search_results Function s Parameter SQL Injection</title>
<references>
<osvdb>93590</osvdb>
<exploitdb>25724</exploitdb>
<secunia>53491</secunia>
<url>http://seclists.org/bugtraq/2013/May/79</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog 1.4.6 - Categories.php Multiple Function id Parameter SQL Injection</title>
<references>
<osvdb>93591</osvdb>
<exploitdb>25724</exploitdb>
<secunia>53491</secunia>
<url>http://seclists.org/bugtraq/2013/May/79</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog 1.4.6 - products.php Multiple Function Multiple Parameter SQL Injection</title>
<references>
<osvdb>93592</osvdb>
<exploitdb>25724</exploitdb>
<secunia>53491</secunia>
<url>http://seclists.org/bugtraq/2013/May/79</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog 1.4.6 - Category Entry Multiple Field XSS</title>
<references>
<osvdb>93593</osvdb>
<exploitdb>25723</exploitdb>
<secunia>53491</secunia>
<url>http://seclists.org/bugtraq/2013/May/79</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog 1.4.6 - Categories.html.php Multiple Parameter XSS</title>
<references>
<osvdb>93594</osvdb>
<exploitdb>25724</exploitdb>
<secunia>53491</secunia>
<url>http://seclists.org/bugtraq/2013/May/79</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog 1.4.6 - Products.html.php Multiple Parameter XSS</title>
<references>
<osvdb>93595</osvdb>
<exploitdb>25724</exploitdb>
<secunia>53491</secunia>
<url>http://seclists.org/bugtraq/2013/May/79</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog 1.4.6 - spiderBox/spiderBox.js.php Multiple Parameter XSS</title>
<references>
<osvdb>93596</osvdb>
<exploitdb>25724</exploitdb>
<secunia>53491</secunia>
<url>http://seclists.org/bugtraq/2013/May/79</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog 1.4.6 - catalog.php spider_box_js_php Function Multiple Parameter XSS</title>
<references>
<osvdb>93597</osvdb>
<exploitdb>25724</exploitdb>
<secunia>53491</secunia>
<url>http://seclists.org/bugtraq/2013/May/79</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog 1.4.6 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>93598</osvdb>
<exploitdb>25724</exploitdb>
<secunia>53491</secunia>
<url>http://seclists.org/bugtraq/2013/May/79</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wordfence">
<vulnerability>
<title>Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS</title>
<references>
<osvdb>102445</osvdb>
<secunia>56558</secunia>
</references>
<type>XSS</type>
<fixed_in>3.8.7</fixed_in>
</vulnerability>
<vulnerability>
<title>Wordfence 3.8.1 - lib/wordfenceClass.php isStrongPasswd Function Password Creation Restriction Bypass Weakness</title>
<references>
<osvdb>102478</osvdb>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.8.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS</title>
<references>
<osvdb>97884</osvdb>
<url>http://packetstormsecurity.com/files/122993/</url>
<url>http://www.securityfocus.com/bid/62053</url>
</references>
<type>XSS</type>
<fixed_in>3.8.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Wordfence 3.3.5 - XSS and IAA</title>
<references>
<osvdb>86557</osvdb>
<secunia>51055</secunia>
<url>http://seclists.org/fulldisclosure/2012/Oct/139</url>
</references>
<type>MULTI</type>
<fixed_in>3.3.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="slideshow-jquery-image-gallery">
<vulnerability>
<title>Slideshow jQuery Image Gallery - Multiple Vulnerabilities</title>
<references>
<url>http://www.waraxe.us/advisory-92.html</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Slideshow - Multiple Script Insertion Vulnerabilities</title>
<references>
<secunia>51135</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="social-discussions">
<vulnerability>
<title>Social Discussions 6.1.1 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>86730</osvdb>
<exploitdb>22158</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79465</url>
<url>http://www.waraxe.us/advisory-93.html</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Social Discussions 6.1.1 - social-discussions-networkpub_ajax.php HTTP_ENV_VARS Parameter Remote File Inclusion</title>
<references>
<osvdb>86731</osvdb>
<exploitdb>22158</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79464</url>
<url>http://www.waraxe.us/advisory-93.html</url>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="abtest">
<vulnerability>
<title>ABtest - Directory Traversal</title>
<references>
<url>http://scott-herbert.com/?p=140</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="bbpress">
<vulnerability>
<title>BBPress - Multiple Script Malformed Input Path Disclosure</title>
<references>
<osvdb>86399</osvdb>
<exploitdb>22396</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/78244</url>
<url>http://packetstormsecurity.com/files/116123/</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>BBPress - forum.php page Parameter SQL Injection</title>
<references>
<osvdb>86400</osvdb>
<exploitdb>22396</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/78244</url>
<url>http://packetstormsecurity.com/files/116123/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="nextgen_cu3er_gallery">
<vulnerability>
<title>NextGen Cu3er Gallery - Information Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/116150/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="rich-widget">
<vulnerability>
<title>Rich Widget - File Upload</title>
<references>
<url>http://packetstormsecurity.com/files/115787/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="monsters-editor-10-for-wp-super-edit">
<vulnerability>
<title>Monsters Editor - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/115788/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="quick-post-widget">
<vulnerability>
<title>Quick Post Widget 1.9.1 - Multiple Cross-site scripting vulnerabilities</title>
<references>
<cve>2012-4226</cve>
<osvdb>83640</osvdb>
<url>http://www.darksecurity.de/advisories/2012/SSCHADV2012-016.txt</url>
<url>http://seclists.org/bugtraq/2012/Aug/66</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="threewp-email-reflector">
<vulnerability>
<title>ThreeWP Email Reflector 1.13 - Subject Field XSS</title>
<references>
<cve>2012-2572</cve>
<osvdb>85134</osvdb>
<exploitdb>20365</exploitdb>
</references>
<type>XSS</type>
<fixed_in>1.16</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-simplemail">
<vulnerability>
<title>SimpleMail 1.0.6 - Stored XSS</title>
<references>
<osvdb>84534</osvdb>
<cve>2012-2579</cve>
<exploitdb>20361</exploitdb>
<secunia>50208</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="postie">
<vulnerability>
<title>Postie 1.4.3 - Stored XSS</title>
<references>
<osvdb>84532</osvdb>
<cve>2012-2580</cve>
<exploitdb>20360</exploitdb>
<secunia>50207</secunia>
</references>
<type>XSS</type>
<fixed_in>1.5.15</fixed_in>
</vulnerability>
</plugin>
<plugin name="rsvpmaker">
<vulnerability>
<title>RSVPMaker 2.5.4 - index.php RSVP Form Multiple Field XSS</title>
<references>
<osvdb>84749</osvdb>
<secunia>50289</secunia>
<exploitdb>20474</exploitdb>
</references>
<type>XSS</type>
<fixed_in>2.5.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="mz-jajak">
<vulnerability>
<title>Mz-jajak &lt;= 2.1 - index.php id Parameter SQL Injection</title>
<references>
<osvdb>84698</osvdb>
<secunia>50217</secunia>
<exploitdb>20416</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="resume-submissions-job-postings">
<vulnerability>
<title>Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload</title>
<references>
<osvdb>83807</osvdb>
<secunia>49896</secunia>
<exploitdb>19791</exploitdb>
<url>http://packetstormsecurity.com/files/114716/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-predict">
<vulnerability>
<title>WP-Predict 1.0 - Blind SQL Injection</title>
<references>
<osvdb>83697</osvdb>
<secunia>49843</secunia>
<exploitdb>19715</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="backup">
<vulnerability>
<title>Backup 2.0.1 - Information Disclosure</title>
<references>
<osvdb>83701</osvdb>
<secunia>50038</secunia>
<exploitdb>19524</exploitdb>
</references>
<type>UNKNOWN</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="moodthingy-mood-rating-widget">
<vulnerability>
<title>MoodThingy Widget 0.8.7 - admin-ajax.php Multiple Parameter lydl_store_results Function SQL Injection</title>
<references>
<osvdb>83632</osvdb>
<secunia>49805</secunia>
<exploitdb>19572</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="paid-business-listings">
<vulnerability>
<title>Paid Business Listings 1.0.2 - Form Submission pbl_listing_pkg_id Parameter SQL Injection</title>
<references>
<osvdb>83768</osvdb>
<exploitdb>19481</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="website-faq">
<vulnerability>
<title>Website FAQ 1.0 - wp-admin/admin-ajax.php category Parameter SQL injection</title>
<references>
<osvdb>83265</osvdb>
<secunia>49682</secunia>
<exploitdb>19400</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="radykal-fancy-gallery">
<vulnerability>
<title>Fancy Gallery 1.2.4 - Shell Upload</title>
<references>
<osvdb>83410</osvdb>
<exploitdb>19398</exploitdb>
<url>http://packetstormsecurity.com/files/114114/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="flipbook">
<vulnerability>
<title>Flip Book 1.0 - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/114112/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="ajax_multi_upload">
<vulnerability>
<title>Ajax Multi Upload 1.1 - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/114109/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="schreikasten">
<vulnerability>
<title>Schreikasten 0.14.13 - wp-admin/admin-ajax.php Multiple Parameter XSS</title>
<references>
<osvdb>83152</osvdb>
<secunia>49600</secunia>
<exploitdb>19294</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-automatic">
<vulnerability>
<title>Automatic 2.0.3 - csv.php q Parameter SQL Injection</title>
<references>
<osvdb>82971</osvdb>
<secunia>49573</secunia>
<exploitdb>19187</exploitdb>
<url>http://packetstormsecurity.com/files/113763/</url>
</references>
<type>SQLI</type>
<fixed_in>2.0.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="videowhisper-video-conference-integration">
<vulnerability>
<title>VideoWhisper Video Conference 4.51 - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/113580/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Video Whisper - XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122943/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="videowhisper-live-streaming-integration">
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.29.6 - videowhisper_streaming.php Multiple Parameter XSS</title>
<references>
<osvdb>103871</osvdb>
<url>http://packetstormsecurity.com/files/125430/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - ls/vc_chatlog.php msg Parameter Stored XSS</title>
<references>
<osvdb>103821</osvdb>
<cve>2014-1906</cve>
<url>https://www.htbridge.com/advisory/HTB23199</url>
</references>
<type>XSS</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - ls/v_status.php ct Parameter Reflected XSS</title>
<references>
<osvdb>103820</osvdb>
<cve>2014-1906</cve>
<url>https://www.htbridge.com/advisory/HTB23199</url>
</references>
<type>XSS</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - ls/lb_logout.php message Parameter Reflected XSS</title>
<references>
<osvdb>103819</osvdb>
<cve>2014-1906</cve>
<url>https://www.htbridge.com/advisory/HTB23199</url>
</references>
<type>XSS</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - ls/videotext.php n Parameter Reflected XSS</title>
<references>
<osvdb>103818</osvdb>
<cve>2014-1906</cve>
<url>https://www.htbridge.com/advisory/HTB23199</url>
</references>
<type>XSS</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - ls/video.php n Parameter Reflected XSS</title>
<references>
<osvdb>103817</osvdb>
<cve>2014-1906</cve>
<url>https://www.htbridge.com/advisory/HTB23199</url>
</references>
<type>XSS</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - ls/htmlchat.php n Parameter Reflected XSS</title>
<references>
<osvdb>103816</osvdb>
<cve>2014-1906</cve>
<url>https://www.htbridge.com/advisory/HTB23199</url>
</references>
<type>XSS</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - ls/rtmp_logout.php s Parameter Path Traversal Remote File Deletion</title>
<references>
<osvdb>103815</osvdb>
<cve>2014-1907</cve>
<url>http://packetstormsecurity.com/files/125454/</url>
<url>https://www.htbridge.com/advisory/HTB23199</url>
</references>
<type>UNKNOWN</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - ls/channel.php n Parameter Reflected XSS</title>
<references>
<osvdb>103814</osvdb>
<cve>2014-1906</cve>
<url>https://www.htbridge.com/advisory/HTB23199</url>
</references>
<type>XSS</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - Error Message Unspecified Remote Information Disclosure</title>
<references>
<osvdb>103428</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - Unspecified Path Traversal</title>
<references>
<osvdb>103427</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - Unspecified XSS</title>
<references>
<osvdb>103426</osvdb>
</references>
<type>XSS</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration 4.27.3 - Unspecified File Upload Remote Code Execution</title>
<references>
<osvdb>103425</osvdb>
</references>
<type>RCE</type>
<fixed_in>4.29.5</fixed_in>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration &lt; 4.27.2 - XSS vulnerability in ls/vv_login.php via room_name parameter</title>
<references>
<cve>2014-4569</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>VideoWhisper Live Streaming Integration - ls/htmlchat.php Multiple Parameter XSS</title>
<references>
<osvdb>96593</osvdb>
<cve>2013-5714</cve>
<secunia>54619</secunia>
<url>http://www.securityfocus.com/bid/61977</url>
<url>http://seclists.org/bugtraq/2013/Aug/163</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="auctionPlugin">
<vulnerability>
<title>Sitemile Auctions 2.0.1.3 - wp-content/plugins/auctionPlugin/upload.php File Upload PHP Code Execution</title>
<references>
<osvdb>83075</osvdb>
<secunia>49497</secunia>
<url>http://packetstormsecurity.com/files/113568/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lb-mixed-slideshow">
<vulnerability>
<title>LB Mixed Slideshow 1.0 - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/113844/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lim4wp">
<vulnerability>
<title>Lim4wp 1.1.1 - Arbitrary File Upload Vulnerability</title>
<references>
<osvdb>83016</osvdb>
<secunia>49609</secunia>
<url>http://packetstormsecurity.com/files/113846/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-imagezoom">
<vulnerability>
<title>Wp-ImageZoom 1.0.3 - download.php File Upload PHP Code Execution</title>
<references>
<osvdb>83015</osvdb>
<secunia>49612</secunia>
<url>http://www.opensyscom.fr/Actualites/wordpress-plugins-wp-imagezoom-remote-file-disclosure-vulnerability.html</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Wp-ImageZoom 1.0.3 - Remote File Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/113845/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Wp-ImageZoom - zoom.php id Parameter SQL Injection</title>
<references>
<osvdb>87870</osvdb>
<url>http://www.securityfocus.com/bid/56691</url>
<url>http://xforce.iss.net/xforce/xfdb/80285</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="invit0r">
<vulnerability>
<title>Invit0r 0.22 - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/113639/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="announces">
<vulnerability>
<title>Annonces 1.2.0.1 - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/113637/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="contus-video-galleryversion-10">
<vulnerability>
<title>Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/113571/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="contus-hd-flv-player">
<vulnerability>
<title>Contus HD FLV Player &lt;= 1.3 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17678</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Contus HD FLV Player 1.7 - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/113570/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="user-meta">
<vulnerability>
<title>User Meta Version 1.1.1 - Arbitrary File Upload Vulnerability</title>
<references>
<osvdb>82902</osvdb>
<exploitdb>19052</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="topquark">
<vulnerability>
<title>Top Quark Architecture 2.1.0 - lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution</title>
<references>
<osvdb>82843</osvdb>
<secunia>49465</secunia>
<exploitdb>19053</exploitdb>
<url>http://packetstormsecurity.com/files/113522/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="sfbrowser">
<vulnerability>
<title>SFBrowser 1.4.5 - connectors/php/sfbrowser.php File Upload PHP Code Execution</title>
<references>
<osvdb>82845</osvdb>
<secunia>49466</secunia>
<exploitdb>19054</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="pica-photo-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Pica Photo Gallery 1.0 - Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19055</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>PICA Photo Gallery 1.0 - Remote File Disclosure</title>
<references>
<exploitdb>19016</exploitdb>
<url>http://www.securityfocus.com/bid/53893</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="mac-dock-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Mac Photo Gallery - Two Security Bypass Security Issues</title>
<references>
<secunia>49923</secunia>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
<vulnerability>
<title>Mac Photo Gallery - Multiple Script Insertion Vulnerabilities</title>
<references>
<secunia>49836</secunia>
</references>
<type>XSS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
<vulnerability>
<title>Mac Photo Gallery 2.7 - upload-file.php File Upload PHP Code Execution</title>
<references>
<osvdb>82844</osvdb>
<secunia>49468</secunia>
<exploitdb>19056</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="drag-drop-file-uploader">
<vulnerability>
<title>drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19057</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="custom-content-type-manager">
<vulnerability>
<title>Custom Content Type Manager 0.9.5.13pl - upload_form.php File Upload PHP Code Execution</title>
<references>
<osvdb>82904</osvdb>
<exploitdb>19058</exploitdb>
<url>http://packetstormsecurity.com/files/113520/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-gpx-map">
<vulnerability>
<title>wp-gpx-max version 1.1.21 - Arbitrary File Upload</title>
<references>
<osvdb>82900</osvdb>
<cve>2012-6649</cve>
<exploitdb>19050</exploitdb>
<url>http://www.securityfocus.com/bid/53909</url>
<url>http://packetstormsecurity.org/files/113523/</url>
</references>
<type>UPLOAD</type>
<fixed_in>1.1.23</fixed_in>
</vulnerability>
</plugin>
<plugin name="front-file-manager">
<vulnerability>
<title>Front File Manager 0.1 - Arbitrary File Upload</title>
<references>
<exploitdb>19012</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="front-end-upload">
<vulnerability>
<title>Front End Upload 0.5.3 - Arbitrary File Upload</title>
<references>
<exploitdb>19008</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Front End Upload 0.5.4 - Arbitrary PHP File Upload</title>
<references>
<exploitdb>20083</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="omni-secure-files">
<vulnerability>
<title>Omni Secure Files 0.1.13 - Arbitrary File Upload</title>
<references>
<exploitdb>19009</exploitdb>
<osvdb>82790</osvdb>
<secunia>49441</secunia>
<url>http://www.securityfocus.com/bid/53872</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="easy-contact-forms-exporter">
<vulnerability>
<title>Easy Contact Forms Export 1.1.0 - Information Disclosure Vulnerability</title>
<references>
<exploitdb>19013</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="plugin-newsletter">
<vulnerability>
<title>Plugin Newsletter 1.5 - Remote File Disclosure Vulnerability</title>
<references>
<osvdb>82703</osvdb>
<cve>2012-3588</cve>
<secunia>49464</secunia>
<exploitdb>19018</exploitdb>
<url>http://packetstormsecurity.org/files/113413/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="rbxgallery">
<vulnerability>
<title>RBX Gallery 2.1 - uploader.php File Upload PHP Code Execution</title>
<references>
<osvdb>82796</osvdb>
<cve>2012-3575</cve>
<secunia>49463</secunia>
<exploitdb>19019</exploitdb>
<url>http://packetstormsecurity.com/files/113414/</url>
<url>http://xforce.iss.net/xforce/xfdb/76170</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="simple-download-button-shortcode">
<vulnerability>
<title>Simple Download Button Shortcode 1.0 - Remote File Disclosure</title>
<references>
<exploitdb>19020</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="thinkun-remind">
<vulnerability>
<title>Thinkun Remind 1.1.3 - Remote File Disclosure</title>
<references>
<exploitdb>19021</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="tinymce-thumbnail-gallery">
<vulnerability>
<title>Tinymce Thumbnail Gallery 1.0.7 - download-image.php href Parameter Traversal Arbitrary File Access</title>
<references>
<osvdb>82706</osvdb>
<secunia>49460</secunia>
<exploitdb>19022</exploitdb>
<url>http://packetstormsecurity.org/files/113417/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wpstorecart">
<vulnerability>
<title>wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload</title>
<references>
<exploitdb>19023</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="gallery-plugin">
<vulnerability>
<title>Gallery 3.06 - gallery-plugin/upload/php.php File Upload PHP Code Execution</title>
<references>
<osvdb>82661</osvdb>
<exploitdb>18998</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Gallery Plugin 3.8.3 - gallery-plugin.php filename_1 Parameter Arbitrary File Access</title>
<references>
<osvdb>89124</osvdb>
<url>http://packetstormsecurity.com/files/119458/</url>
<url>http://www.securityfocus.com/bid/57256</url>
<url>http://seclists.org/bugtraq/2013/Jan/45</url>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="font-uploader">
<vulnerability>
<title>Font Uploader 1.2.4 - Arbitrary File Upload</title>
<references>
<exploitdb>18994</exploitdb>
<osvdb>82657</osvdb>
<cve>2012-3814</cve>
<url>http://www.securityfocus.com/bid/53853</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-property">
<vulnerability>
<title>WP Property &lt;= 1.38.3.2 - Non-administrative User XMLI Remote Information Disclosure</title>
<references>
<osvdb>102709</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.38.4</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Property &lt;= 1.35.0 - Arbitrary File Upload</title>
<references>
<osvdb>82656</osvdb>
<exploitdb>18987</exploitdb>
<exploitdb>23651</exploitdb>
<secunia>49394</secunia>
<url>http://packetstormsecurity.com/files/113274/</url>
<metasploit>exploits/unix/webapp/wp_property_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wpmarketplace">
<vulnerability>
<title>WP Marketplace 1.5.0-1.6.1 - Arbitrary File Upload</title>
<references>
<exploitdb>18988</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>WP Marketplace 1.2.1 - File Enumeration Weakness and File Upload Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/52960</url>
</references>
<type>UPLOAD</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="store-locator-le">
<vulnerability>
<title>Google Maps via Store Locator - Multiple Vulnerabilities</title>
<references>
<exploitdb>18989</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>store-locator-le - SQL Injection</title>
<references>
<secunia>51757</secunia>
</references>
<type>SQLI</type>
<fixed_in>3.8.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="html5avmanager">
<vulnerability>
<title>HTML5 AV Manager 0.2.7 - Arbitrary File Upload</title>
<references>
<exploitdb>18990</exploitdb>
<url>http://www.securityfocus.com/bid/53804</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="foxypress">
<vulnerability>
<title>Foxypress 0.4.1.1-0.4.2.1 - Arbitrary File Upload</title>
<references>
<url>http://packetstormsecurity.com/files/113576/</url>
<url>http://www.securityfocus.com/bid/53805</url>
<exploitdb>18991</exploitdb>
<exploitdb>19100</exploitdb>
<metasploit>exploits/unix/webapp/php_wordpress_foxypress</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - XSS, CSRF, SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/117768/</url>
<secunia>51109</secunia>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - documenthandler.php prefix Parameter SQL Injection</title>
<references>
<osvdb>86804</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79698</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - foxypress-manage-emails.php id Parameter SQL Injection</title>
<references>
<osvdb>86805</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79697</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - inventory-category.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>86806</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79697</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - reports.php Multiple Parameter XSS</title>
<references>
<osvdb>86807</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79699</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - foxypress-affiliate.php aff_id Parameter XSS</title>
<references>
<osvdb>86808</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79699</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - affiliate-management.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>86809</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79697</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - foxypress-manage-emails.php id Parameter XSS</title>
<references>
<osvdb>86810</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79699</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - order-management.php status Parameter XSS</title>
<references>
<osvdb>86811</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79699</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - affiliate-management.php page Parameter XSS</title>
<references>
<osvdb>86812</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79699</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - foxypress-affiliate.php url Parameter Arbitrary Site Redirect</title>
<references>
<osvdb>86813</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79700</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - Multiple CSV File Direct Request Information Disclosure</title>
<references>
<osvdb>86814</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79701</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - ajax.php Access Restriction Multiple Command Execution</title>
<references>
<osvdb>86815</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79703</url>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>86816</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79704</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - Multiple Object Deletion CSRF</title>
<references>
<osvdb>86817</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79702</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 - documenthandler.php File Upload Arbitrary Code Execution</title>
<references>
<osvdb>86818</osvdb>
<exploitdb>22374</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/79697</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="track-that-stat">
<vulnerability>
<title>Track That Stat &lt;= 1.0.8 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112722/</url>
<url>http://www.securityfocus.com/bid/53551</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-facethumb">
<vulnerability>
<title>WP-Facethumb Gallery &lt;= 0.1 - Reflected Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112658/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-survey-and-quiz-tool">
<vulnerability>
<title>Survey And Quiz Tool &lt;= 2.9.2 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112685/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-statistics">
<vulnerability>
<title>WP Statistics &lt;= 2.2.4 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112686/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-easy-gallery">
<vulnerability>
<title>WP Easy Gallery &lt;= 2.7 - CSRF</title>
<references>
<secunia>49190</secunia>
<url>https://plugins.trac.wordpress.org/changeset?reponame=&amp;old=669527@wp-easy-gallery&amp;new=669527@wp-easy-gallery</url>
</references>
<type>CSRF</type>
<fixed_in>2.7.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Easy Gallery 2.7 - admin/overview.php galleryId Parameter SQL Injection</title>
<references>
<osvdb>105012</osvdb>
</references>
<type>SQLI</type>
<fixed_in>2.7.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Easy Gallery 2.7 - admin/add-images.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>105013</osvdb>
</references>
<type>SQLI</type>
<fixed_in>2.7.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Easy Gallery 2.7 - Multiple Admin Function CSRF</title>
<references>
<osvdb>105014</osvdb>
</references>
<type>CSRF</type>
<fixed_in>2.7.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Easy Gallery &lt;= 1.7 - Cross Site Scripting</title>
<references>
<secunia>49190</secunia>
<url>http://packetstormsecurity.com/files/112687/</url>
</references>
<type>XSS</type>
<fixed_in>2.7.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="subscribe2">
<vulnerability>
<title>Subscribe2 &lt;= 8.0 - Cross Site Scripting</title>
<references>
<secunia>49189</secunia>
<url>http://packetstormsecurity.com/files/112688/</url>
<url>http://www.securityfocus.com/bid/53538</url>
</references>
<type>XSS</type>
<fixed_in>8.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="soundcloud-is-gold">
<vulnerability>
<title>Soundcloud Is Gold &lt;= 2.1 - 'action' Parameter Cross Site Scripting Vulnerability</title>
<references>
<secunia>49188</secunia>
<url>http://packetstormsecurity.com/files/112689/</url>
<url>http://www.securityfocus.com/bid/53537</url>
<cve>2012-6624</cve>
<osvdb>81919</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sharebar">
<vulnerability>
<title>Sharebar &lt;= 1.2.5 - sharebar-admin.php page Parameter XSS</title>
<references>
<osvdb>98078</osvdb>
<url>http://packetstormsecurity.com/files/123365/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Sharebar &lt;= 1.2.5 - Button Manipulation CSRF</title>
<references>
<osvdb>94843</osvdb>
<cve>2013-3491</cve>
<secunia>52948</secunia>
<url>http://www.securityfocus.com/bid/60956</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>Sharebar 1.2.3 - wp-admin/options-general.php status Parameter XSS</title>
<references>
<osvdb>81465</osvdb>
<secunia>48908</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Sharebar &lt;= 1.2.1 - SQL Injection / Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112690/</url>
</references>
<type>MULTI</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="share-and-follow">
<vulnerability>
<title>Share And Follow &lt;= 1.80.3 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112691/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sabre">
<vulnerability>
<title>SABRE &lt;= 1.2.0 - Cross Site Scripting</title>
<references>
<cve>2012-2916</cve>
<osvdb>82269</osvdb>
<url>http://packetstormsecurity.com/files/112692/</url>
</references>
<type>XSS</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="pretty-link">
<vulnerability>
<title>Pretty Link Lite &lt;= 1.5.2 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112693/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Pretty Link Lite &lt;= 1.6.1 - Cross Site Scripting</title>
<references>
<secunia>50980</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>pretty-link - XSS in SWF</title>
<references>
<url>http://seclists.org/bugtraq/2013/Feb/100</url>
<url>http://packetstormsecurity.com/files/120433/</url>
<cve>2013-1636</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="newsletter-manager">
<vulnerability>
<title>Newsletter Manager &lt;= 1.0.2 - Cross Site Scripting</title>
<references>
<secunia>49183</secunia>
<url>http://packetstormsecurity.com/files/112694/</url>
<cve>2012-6628</cve>
<osvdb>102186</osvdb>
<osvdb>102548</osvdb>
<osvdb>102549</osvdb>
<osvdb>102550</osvdb>
<osvdb>81920</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Newsletter Manager 1.0.2 - Cross Site Scripting &amp; Cross-Site Request Forgery</title>
<references>
<secunia>49152</secunia>
<cve>2012-6627</cve>
<cve>2012-6629</cve>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="network-publisher">
<vulnerability>
<title>Network Publisher &lt;= 5.0.1 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112695/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="leaguemanager">
<vulnerability>
<title>LeagueManager &lt;= 3.7 - wp-admin/admin.php Multiple Parameter XSS</title>
<references>
<osvdb>82266</osvdb>
<secunia>49949</secunia>
<url>http://packetstormsecurity.com/files/112698/</url>
<url>http://www.securityfocus.com/bid/53525</url>
<url>http://xforce.iss.net/xforce/xfdb/75629</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LeagueManager 3.8 - SQL Injection</title>
<references>
<osvdb>91442</osvdb>
<exploitdb>24789</exploitdb>
<cve>2013-1852</cve>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="leaflet">
<vulnerability>
<title>Leaflet &lt;= 0.0.1 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112699/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="joliprint">
<vulnerability>
<title>PDF And Print Button Joliprint &lt;= 1.3.0 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112700/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="iframe-admin-pages">
<vulnerability>
<title>IFrame Admin Pages &lt;= 0.1 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112701/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ezpz-one-click-backup">
<vulnerability>
<title>EZPZ One Click Backup &lt;= 12.03.10 - OS Command Injection</title>
<references>
<osvdb>106511</osvdb>
<cve>2014-3114</cve>
<url>http://www.openwall.com/lists/oss-security/2014/05/01/11</url>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>EZPZ One Click Backup &lt;= 12.03.10 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112705/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dynamic-widgets">
<vulnerability>
<title>Dynamic Widgets &lt;= 1.5.1 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112706/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="download-monitor">
<vulnerability>
<title>Download Monitor &lt;= 3.3.6.1 - wp-admin/admin.php Multiple Parameter XSS (Note: This plugin changed its version numbering, this may produce false positive)</title>
<references>
<osvdb>95613</osvdb>
<cve>2013-5098</cve>
<cve>2013-3262</cve>
<secunia>53116</secunia>
<url>http://www.securityfocus.com/bid/61407</url>
<url>http://xforce.iss.net/xforce/xfdb/85921</url>
</references>
<type>XSS</type>
<fixed_in>3.3.6.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Download Monitor &lt;= 3.3.5.7 - index.php dlsearch Parameter XSS (Note: This plugin changed its version numbering, this may produce false positive)</title>
<references>
<osvdb>85319</osvdb>
<cve>2012-4768</cve>
<secunia>50511</secunia>
<url>http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html</url>
</references>
<type>XSS</type>
<fixed_in>3.3.5.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Download Monitor &lt;= 3.3.5.4 - Cross Site Scripting (Note: This plugin changed its version numbering, this may produce false positive)</title>
<references>
<url>http://packetstormsecurity.com/files/112707/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Download Monitor 2.0.6 - wp-download_monitor/download.php id Parameter SQL Injection (Note: This plugin changed its version numbering, this may produce false positive)</title>
<references>
<osvdb>44616</osvdb>
<cve>2008-2034</cve>
<secunia>29876</secunia>
</references>
<type>SQLI</type>
<fixed_in>2.0.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="download-manager">
<vulnerability>
<title>Download Manager 2.5.8 - Download Package file Parameter Stored XSS</title>
<references>
<osvdb>101143</osvdb>
<cve>2013-7319</cve>
<secunia>55969</secunia>
<url>http://www.securityfocus.com/bid/64159</url>
</references>
<type>XSS</type>
<fixed_in>2.5.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Download Manager &lt;= 2.2.2 - admin.php cid Parameter XSS</title>
<references>
<osvdb>81449</osvdb>
<secunia>48927</secunia>
<url>http://packetstormsecurity.com/files/112708/</url>
</references>
<type>XSS</type>
<fixed_in>2.2.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="codestyling-localization">
<vulnerability>
<title>Code Styling Localization &lt;= 1.99.17 - Cross Site Scripting</title>
<references>
<secunia>49037</secunia>
<url>http://packetstormsecurity.com/files/112709/</url>
</references>
<type>XSS</type>
<fixed_in>1.99.20</fixed_in>
</vulnerability>
</plugin>
<plugin name="catablog">
<vulnerability>
<title>Catablog &lt;= 1.6 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112619/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bad-behavior">
<vulnerability>
<title>Bad Behavior &lt;= 2.24 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112619/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bulletproof-security">
<vulnerability>
<title>BulletProof Security &lt;= .47 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112618/</url>
</references>
<type>XSS</type>
<fixed_in>.47.1</fixed_in>
</vulnerability>
<vulnerability>
<title>BulletProof Security - Security Log Script Insertion Vulnerability</title>
<references>
<osvdb>95928</osvdb>
<osvdb>95929</osvdb>
<osvdb>95930</osvdb>
<cve>2013-3487</cve>
<secunia>53614</secunia>
</references>
<type>XSS</type>
<fixed_in>.49</fixed_in>
</vulnerability>
</plugin>
<plugin name="better-wp-security">
<vulnerability>
<title>Better WP Security 3.6.3 - Online Backup Storage current_time Function Brute Force Disclosure</title>
<references>
<osvdb>103358</osvdb>
<url>http://packetstormsecurity.com/files/125219/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Better WP Security 3.6.3 - /wp-admin/admin-ajax.php license Parameter Stored XSS Weakness</title>
<references>
<osvdb>103357</osvdb>
<url>http://packetstormsecurity.com/files/125219/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Better WP Security 3.5.5 - inc/admin/content.php id_specialfile Parameter Stored XSS</title>
<references>
<osvdb>101788</osvdb>
</references>
<type>XSS</type>
<fixed_in>3.5.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security &lt;= 3.5.3 - inc/secure.php logevent Function URL Handling Stored XSS</title>
<references>
<osvdb>95884</osvdb>
<secunia>54299</secunia>
<exploitdb>27290</exploitdb>
<url>http://packetstormsecurity.com/files/122615/</url>
<url>https://github.com/wpscanteam/wpscan/issues/251</url>
<url>http://www.securityfocus.com/archive/1/527634/30/0/threaded</url>
</references>
<type>XSS</type>
<fixed_in>3.5.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security 3.4.3 - Multiple XSS</title>
<references>
<url>http://seclists.org/bugtraq/2012/Oct/9</url>
</references>
<type>XSS</type>
<fixed_in>3.4.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security &lt;= 3.2.4 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112617/</url>
</references>
<type>XSS</type>
<fixed_in>3.2.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="custom-contact-forms">
<vulnerability>
<title>Custom Contact Forms &lt;= 5.0.0.1 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112616/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="2-click-socialmedia-button">
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.34 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112615/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.32.2 - Cross Site Scripting</title>
<references>
<secunia>49181</secunia>
<url>http://packetstormsecurity.com/files/112711/</url>
</references>
<type>XSS</type>
<fixed_in>0.35</fixed_in>
</vulnerability>
</plugin>
<plugin name="login-with-ajax">
<vulnerability>
<title>Login With Ajax - Cross Site Scripting</title>
<references>
<cve>2012-2759</cve>
<osvdb>81712</osvdb>
<secunia>49013</secunia>
<url>http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-003/</url>
</references>
<type>XSS</type>
<fixed_in>3.0.4.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Login With Ajax - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>93031</osvdb>
<cve>2013-2707</cve>
<secunia>52950</secunia>
</references>
<type>CSRF</type>
<fixed_in>3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="media-library-categories">
<vulnerability>
<title>Media Library Categories &lt;= 1.0.6 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17628</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Media Library Categories &lt;= 1.1.1 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112697/</url>
<cve>2012-6630</cve>
<osvdb>81916</osvdb>
<osvdb>109601</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="deans-fckeditor-with-pwwangs-code-plugin-for-wordpress">
<vulnerability>
<title>FCKeditor Deans With Pwwangs Code &lt;= 1.0.0 - Remote Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/111319/</url>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-web-shop">
<vulnerability>
<title>Zingiri Web Shop 2.6.5 - fwkfor/ajax/uploadfilexd.php Unspecified Issue</title>
<references>
<osvdb>103554</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>2.6.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop 2.6.4 - mform.php Unspecified Issue</title>
<references>
<osvdb>101717</osvdb>
<secunia>56230</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>2.6.5</fixed_in>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop 2.5.0 - ajaxfilemanager.php path Parameter File Upload Arbitrary Code Execution</title>
<references>
<osvdb>87833</osvdb>
<url>http://packetstormsecurity.com/files/118318/</url>
<url>http://www.securityfocus.com/bid/56659</url>
<url>http://xforce.iss.net/xforce/xfdb/80257</url>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop 2.4.3 - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/113668/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop - Cookie SQL Injection Vulnerability</title>
<references>
<secunia>49398</secunia>
</references>
<type>SQLI</type>
<fixed_in>2.4.8</fixed_in>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.4.0 - zing.inc.php page Parameter XSS</title>
<references>
<osvdb>81492</osvdb>
<cve>2012-6506</cve>
<exploitdb>18787</exploitdb>
<secunia>48991</secunia>
<url>http://www.securityfocus.com/bid/53278</url>
<url>http://xforce.iss.net/xforce/xfdb/75178</url>
</references>
<type>XSS</type>
<fixed_in>2.4.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.4.0 - onecheckout.php notes Parameter XSS</title>
<references>
<osvdb>81493</osvdb>
<cve>2012-6506</cve>
<exploitdb>18787</exploitdb>
<secunia>48991</secunia>
<url>http://www.securityfocus.com/bid/53278</url>
<url>http://xforce.iss.net/xforce/xfdb/75179</url>
</references>
<type>XSS</type>
<fixed_in>2.4.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.3.5 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112684/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="organizer">
<vulnerability>
<title>Organizer 1.2.1 - Cross Site Scripting / Path Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/112086/</url>
<url>http://packetstormsecurity.com/files/113800/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-tickets">
<vulnerability>
<title>Zingiri Tickets 2.1.2 - Unspecified Issue</title>
<references>
<osvdb>105015</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>2.1.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Zingiri Tickets - File Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/111904/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="cms-tree-page-view">
<vulnerability>
<title>CMS Tree Page View 1.2.4 - Page Creation CSRF</title>
<references>
<osvdb>91270</osvdb>
<secunia>52581</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.2.5</fixed_in>
</vulnerability>
<vulnerability>
<title>CMS Tree Page View 0.8.8 - XSS vulnerability</title>
<references>
<osvdb>80573</osvdb>
<secunia>48510</secunia>
<url>https://www.htbridge.com/advisory/HTB23083</url>
<url>http://www.securityfocus.com/bid/52708</url>
<url>http://xforce.iss.net/xforce/xfdb/74337</url>
</references>
<type>XSS</type>
<fixed_in>0.8.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="all-in-one-event-calendar">
<vulnerability>
<title>All-in-One Event Calendar 1.4 - Multiple XSS vulnerabilities</title>
<references>
<url>http://seclists.org/bugtraq/2012/Apr/70</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>All-in-One Event Calendar 1.9 - wp-admin/post-new.php Multiple Parameter XSS</title>
<references>
<osvdb>96271</osvdb>
<secunia>54038</secunia>
<url>http://www.firefart.net/sql-injection-and-xss-in-all-in-one-event-calendar-wordpress-plugin/</url>
</references>
<type>XSS</type>
<fixed_in>1.10</fixed_in>
</vulnerability>
<vulnerability>
<title>All-in-One Event Calendar 1.9 - index.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>96272</osvdb>
<secunia>54038</secunia>
<url>http://www.firefart.net/sql-injection-and-xss-in-all-in-one-event-calendar-wordpress-plugin/</url>
</references>
<type>SQLI</type>
<fixed_in>1.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="buddypress">
<vulnerability>
<title>Buddypress &lt;= 1.9.1 - Crafted bp_new_group_id Cookie Arbitrary Group Manipulation</title>
<references>
<osvdb>103308</osvdb>
<cve>2014-1889</cve>
<secunia>56950</secunia>
<exploitdb>31571</exploitdb>
<url>http://packetstormsecurity.com/files/125213/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.9.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Buddypress &lt;= 1.9.1 - groups/create/step/group-details/ Group Name Field Stored XSS</title>
<references>
<osvdb>103307</osvdb>
<cve>2014-1888</cve>
<secunia>56950</secunia>
<url>http://packetstormsecurity.com/files/125212/</url>
</references>
<type>XSS</type>
<fixed_in>1.9.2</fixed_in>
</vulnerability>
<vulnerability>
<title>BuddyPress 1.7.1 - bp-activity-classes.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>104761</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.7.2</fixed_in>
</vulnerability>
<vulnerability>
<title>BuddyPress 1.7.1 - bp-blogs-classes.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>104761</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.7.2</fixed_in>
</vulnerability>
<vulnerability>
<title>BuddyPress 1.7.1 - bp-friends/bp-friends-classes.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>104760</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.7.2</fixed_in>
</vulnerability>
<vulnerability>
<title>BuddyPress 1.7.1 - bp-core/bp-core-classes.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>104759</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.7.2</fixed_in>
</vulnerability>
<vulnerability>
<title>BuddyPress 1.7.1 - bp-core/bp-core-functions.php page_ids Parameter SQL Injection</title>
<references>
<osvdb>104758</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.7.2</fixed_in>
</vulnerability>
<vulnerability>
<title>BuddyPress 1.7.1 - bp-core/bp-core-filters.php user_ids Parameter SQL Injection</title>
<references>
<osvdb>104757</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.7.2</fixed_in>
</vulnerability>
<vulnerability>
<title>BuddyPress 1.7.1 - bp-core/bp-core-cache.php object_ids Parameter SQL Injection</title>
<references>
<osvdb>104755</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.7.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Buddypress - player.swf / jwplayer.swf playerready Parameter XSS</title>
<references>
<osvdb>88886</osvdb>
<url>http://packetstormsecurity.com/files/119020/</url>
<url>http://xforce.iss.net/xforce/xfdb/80840</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Buddypress &lt;= 1.5.4 - wp-load.php exclude Parameter SQL Injection</title>
<references>
<cve>2012-2109</cve>
<osvdb>80763</osvdb>
<exploitdb>18690</exploitdb>
</references>
<type>SQLI</type>
<fixed_in>1.5.5</fixed_in>
</vulnerability>
<vulnerability>
<title>BuddyPress 1.2.9 - groups/test-group/activity/ activity_ids Parameter SQL Injection</title>
<references>
<osvdb>104756</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.2.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="register-plus-redux">
<vulnerability>
<title>Register Plus Redux &lt;= 3.8.3 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/111367/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="magn-html5-drag-and-drop-media-uploader">
<vulnerability>
<title>Magn WP Drag and Drop &lt;= 1.1.4 - Upload Shell Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/110103/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="kish-guest-posting">
<vulnerability>
<title>Kish Guest Posting 1.0 - Arbitrary File Upload</title>
<references>
<exploitdb>18412</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="allwebmenus-wordpress-menu-plugin">
<vulnerability>
<title>AllWebMenus Shell Upload &lt;= 1.1.9 - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/108946/</url>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>AllWebMenus 1.1.3 - Remote File Inclusion</title>
<references>
<cve>2011-3981</cve>
<osvdb>75615</osvdb>
<exploitdb>17861</exploitdb>
<secunia>46068</secunia>
</references>
<fixed_in>1.1.4</fixed_in>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="shortcode-redirect">
<vulnerability>
<title>Shortcode Redirect &lt;= 1.0.01 - Stored Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/108914/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ucan-post">
<vulnerability>
<title>uCan Post &lt;= 1.0.09 - Stored XSS</title>
<references>
<exploitdb>18390</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-cycle-playlist">
<vulnerability>
<title>WP Cycle Playlist - Multiple Vulnerabilities</title>
<references>
<url>http://1337day.com/exploit/17396</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="myeasybackup">
<vulnerability>
<title>myEASYbackup 1.0.8.1 - Directory Traversal</title>
<references>
<url>http://packetstormsecurity.com/files/108711/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="count-per-day">
<vulnerability>
<title>Count per Day 3.2.5 - wp-admin/index.php daytoshow Parameter XSS</title>
<references>
<osvdb>90893</osvdb>
<secunia>52436</secunia>
<url>http://packetstormsecurity.com/files/120649/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count per Day 3.2.5 - counter.php HTTP Referer Header XSS</title>
<references>
<osvdb>91491</osvdb>
<exploitdb>24859</exploitdb>
<url>http://packetstormsecurity.com/files/120870/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.2.3 - notes.php Malformed Requests Remote DoS</title>
<references>
<osvdb>90833</osvdb>
<url>http://packetstormsecurity.com/files/120631/</url>
<url>http://seclists.org/fulldisclosure/2013/Mar/43</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.2.3 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>90832</osvdb>
<url>http://packetstormsecurity.com/files/120631/</url>
<url>http://seclists.org/fulldisclosure/2013/Mar/43</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.2.3 - notes.php note Parameter XSS</title>
<references>
<osvdb>84933</osvdb>
<exploitdb>20862</exploitdb>
<secunia>50450</secunia>
<url>http://packetstormsecurity.com/files/115904/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.2.2 - notes.php note Parameter XSS</title>
<references>
<osvdb>84920</osvdb>
<secunia>50419</secunia>
</references>
<type>XSS</type>
<fixed_in>3.2.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.1.1 - userperspan.php Multiple Parameter XSS</title>
<references>
<osvdb>83491</osvdb>
<cve>2012-3434</cve>
<secunia>49692</secunia>
<url>http://packetstormsecurity.com/files/114787/</url>
<url>http://www.securityfocus.com/bid/54258</url>
</references>
<type>XSS</type>
<fixed_in>3.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Count Per Day &lt;= 3.1 - download.php f Parameter Traversal Arbitrary File Access</title>
<references>
<osvdb>78270</osvdb>
<exploitdb>18355</exploitdb>
<secunia>47529</secunia>
<url>http://xforce.iss.net/xforce/xfdb/72385</url>
<url>http://packetstormsecurity.org/files/108631/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>3.1.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Count Per Day &lt;= 3.1 - map.php map Parameter XSS</title>
<references>
<osvdb>78271</osvdb>
<exploitdb>18355</exploitdb>
<secunia>47529</secunia>
<url>http://xforce.iss.net/xforce/xfdb/72385</url>
<url>http://packetstormsecurity.org/files/108631/</url>
</references>
<type>XSS</type>
<fixed_in>3.1.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Count per Day &lt;= 2.17 - SQL Injection Vulnerability</title>
<references>
<osvdb>75598</osvdb>
<exploitdb>17857</exploitdb>
<secunia>46051</secunia>
</references>
<type>SQLI</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-autoyoutube">
<vulnerability>
<title>WP-AutoYoutube &lt;= 0.1 - Blind SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploit/17368</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="age-verification">
<vulnerability>
<title>Age Verification &lt;= 0.4 - Open Redirect</title>
<references>
<cve>2012-6499</cve>
<osvdb>82584</osvdb>
<exploitdb>18350</exploitdb>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="yousaytoo-auto-publishing-plugin">
<vulnerability>
<title>Yousaytoo Auto Publishing &lt;= 1.0 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/108470/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pay-with-tweet">
<vulnerability>
<title>Pay With Tweet &lt;= 1.1 - Multiple Vulnerabilities</title>
<references>
<exploitdb>18330</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-whois">
<vulnerability>
<title>Whois Search &lt;= 1.4.2 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/108271/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="upm-polls">
<vulnerability>
<title>UPM-POLLS 1.0.4 - BLIND SQL injection</title>
<references>
<exploitdb>18231</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="disqus-comment-system">
<vulnerability>
<title>Disqus &lt;= 2.75 - Remote Code Execution Vuln</title>
<references>
<url>http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html</url>
</references>
<type>RCE</type>
<fixed_in>2.76</fixed_in>
</vulnerability>
<vulnerability>
<title>Disqus Comment System &lt;= 2.68 - Reflected Cross-Site Scripting (XSS)</title>
<references>
<url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/</url>
</references>
<type>XSS</type>
<fixed_in>2.69</fixed_in>
</vulnerability>
<vulnerability>
<title>Disqus Blog Comments - Blind SQL Injection Vulnerability</title>
<references>
<osvdb>85935</osvdb>
<exploitdb>20913</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-recaptcha">
<vulnerability>
<title>Google reCAPTCHA &lt;= 3.1.3 - Reflected XSS Vulnerability</title>
<references>
<url>http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html</url>
</references>
<type>XSS</type>
<fixed_in>3.1.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="link-library">
<vulnerability>
<title>Link Library 5.8.0.9 - Multiple Unspecified Issues</title>
<references>
<osvdb>102842</osvdb>
</references>
<type>MULTI</type>
<fixed_in>5.8.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Link Library 5.1.6 - link-library-ajax.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>102804</osvdb>
</references>
<type>SQLI</type>
<fixed_in>5.1.7</fixed_in>
</vulnerability>
<vulnerability>
<title>Link Library 5.0.8 - wp-content/plugins/link-library/tracker.php id Parameter XSS</title>
<references>
<osvdb>74561</osvdb>
<secunia>45588</secunia>
</references>
<type>XSS</type>
<fixed_in>5.0.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Link Library 5.0.8 - wp-content/plugins/link-library/tracker.php id Parameter SQL Injection</title>
<references>
<osvdb>74562</osvdb>
<secunia>45588</secunia>
</references>
<type>SQLI</type>
<fixed_in>5.0.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Link Library &lt;= 5.2.1 - SQL Injection</title>
<references>
<osvdb>84579</osvdb>
<exploitdb>17887</exploitdb>
</references>
<type>SQLI</type>
<fixed_in>5.7.9.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="cevhershare">
<vulnerability>
<title>CevherShare 2.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17891</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="meenews">
<vulnerability>
<title>meenews 5.1 - Cross-Site Scripting Vulnerabilities</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/151</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="clickdesk-live-support-chat">
<vulnerability>
<title>Click Desk Live Support Chat - Cross Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/148</url>
</references>
<type>XSS</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="adminimize">
<vulnerability>
<title>adminimize 1.7.21 - 'page' Parameter Cross Site Scripting Vulnerability</title>
<references>
<cve>2011-4926</cve>
<osvdb>77472</osvdb>
<url>http://www.securityfocus.com/bid/50745</url>
<url>http://seclists.org/bugtraq/2011/Nov/135</url>
</references>
<type>XSS</type>
<fixed_in>1.7.22</fixed_in>
</vulnerability>
</plugin>
<plugin name="advanced-text-widget">
<vulnerability>
<title>Advanced Text Widget &lt;= 2.0.0 - Cross Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/133</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mm-duplicate">
<vulnerability>
<title>MM Duplicate &lt;= 1.2 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17707</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-menu-creator">
<vulnerability>
<title>Menu Creator &lt;= 1.1.7 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17689</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="allow-php-in-posts-and-pages">
<vulnerability>
<title>Allow PHP in Posts and Pages &lt;= 2.0.0.RC2 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17688</exploitdb>
</references>
<type>SQLI</type>
<fixed_in>2.1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="global-content-blocks">
<vulnerability>
<title>Global Content Blocks &lt;= 1.2 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17687</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ajaxgallery">
<vulnerability>
<title>Ajax Gallery &lt;= 3.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17686</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-ds-faq">
<vulnerability>
<title>WP DS FAQ &lt;= 1.3.2 - ajax.php id Parameter SQL Injection</title>
<references>
<osvdb>74574</osvdb>
<secunia>45640</secunia>
<exploitdb>17683</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-ds-faq-plus">
<vulnerability>
<title>WP DS FAQ Plus 1.0.12 - Multiple Unspecified Issues</title>
<references>
<osvdb>106614</osvdb>
</references>
<type>MULTI</type>
<fixed_in>1.0.13</fixed_in>
</vulnerability>
<vulnerability>
<title>WP DS FAQ Plus 1.0.11 - Multiple Unspecified Issues</title>
<references>
<osvdb>106615</osvdb>
</references>
<type>MULTI</type>
<fixed_in>1.0.12</fixed_in>
</vulnerability>
<vulnerability>
<title>WP DS FAQ Plus 1.0.3 - Multiple Unspecified CSRF</title>
<references>
<osvdb>106618</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.0.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP DS FAQ Plus - Unspecified SQL Injection</title>
<references>
<osvdb>106724</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.0.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="odihost-newsletter-plugin">
<vulnerability>
<title>OdiHost Newsletter &lt;= 1.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17681</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="easy-contact-form-lite">
<vulnerability>
<title>Easy Contact Form Lite &lt;= 1.0.7 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17680</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-symposium">
<vulnerability>
<title>WP Symposium 13.04 - invite.php u Parameter Arbitrary Site Redirect</title>
<references>
<osvdb>92274</osvdb>
<cve>2013-2694</cve>
<secunia>52925</secunia>
</references>
<type>REDIRECT</type>
</vulnerability>
<vulnerability>
<title>WP Symposium 13.02 - wp-symposium/invite.php u Parameter XSS</title>
<references>
<osvdb>92275</osvdb>
<cve>2013-2695</cve>
<secunia>52864</secunia>
</references>
<type>XSS</type>
<fixed_in>13.04</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 12.09 - ajax/symposium_groups_functions.php gid Parameter SQL Injection</title>
<references>
<osvdb>89455</osvdb>
<secunia>50674</secunia>
<url>http://www.securityfocus.com/bid/57478</url>
<url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
</references>
<type>SQLI</type>
<fixed_in>12.12</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 12.09 - index.php uid Parameter SQL Injection</title>
<references>
<osvdb>89456</osvdb>
<secunia>50674</secunia>
<url>http://www.securityfocus.com/bid/57478</url>
<url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
</references>
<type>SQLI</type>
<fixed_in>12.12</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 12.09 - ajax/symposium_profile_functions.php friend_to Parameter SQL Injection</title>
<references>
<osvdb>89457</osvdb>
<secunia>50674</secunia>
<url>http://www.securityfocus.com/bid/57478</url>
<url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
</references>
<type>SQLI</type>
<fixed_in>12.12</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 12.09 - ajax/symposium_forum_functions.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>89458</osvdb>
<secunia>50674</secunia>
<url>http://www.securityfocus.com/bid/57478</url>
<url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
</references>
<type>SQLI</type>
<fixed_in>12.12</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 12.09 - get_album_item.php size Parameter SQL Injection</title>
<references>
<osvdb>89459</osvdb>
<secunia>50674</secunia>
<url>http://www.securityfocus.com/bid/57478</url>
<url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
</references>
<type>SQLI</type>
<fixed_in>12.12</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 12.07.07 - ajax/symposium_ajax_functions.php Authentication Bypass</title>
<references>
<osvdb>83696</osvdb>
<secunia>49791</secunia>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 12.06.16 - ajax/symposium_forum_functions.php tid Parameter SQL Injection</title>
<references>
<osvdb>83662</osvdb>
<secunia>49534</secunia>
</references>
<type>SQLI</type>
<fixed_in>12.07.01</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 12.06.16 - ajax/symposium_group_functions.php uid1 Parameter SQL Injection</title>
<references>
<osvdb>83663</osvdb>
<secunia>49534</secunia>
</references>
<type>SQLI</type>
<fixed_in>12.07.01</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 12.06.16 - ajax/symposium_bar_functions.php chat_to Parameter SQL Injection</title>
<references>
<osvdb>83668</osvdb>
<secunia>49534</secunia>
</references>
<type>SQLI</type>
<fixed_in>12.07.01</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 12.06.16 - ajax/symposium_mail_functions.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>83675</osvdb>
<secunia>49534</secunia>
</references>
<type>SQLI</type>
<fixed_in>12.07.01</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 11.11.26 - uploadify/upload_admin_avatar.php File Upload Remote PHP Code Execution</title>
<references>
<osvdb>78041</osvdb>
<cve>2011-5051</cve>
<secunia>46097</secunia>
<url>http://xforce.iss.net/xforce/xfdb/72012</url>
</references>
<type>RCE</type>
<fixed_in>11.12.24</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 11.11.26 - uploadify/upload_profile_avatar.php File Upload Remote PHP Code Execution</title>
<references>
<osvdb>78042</osvdb>
<cve>2011-5051</cve>
<secunia>46097</secunia>
<url>http://xforce.iss.net/xforce/xfdb/72012</url>
</references>
<type>RCE</type>
<fixed_in>11.12.24</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 11.11.26 - uploadify/get_profile_avatar.php uid Parameter XSS</title>
<references>
<osvdb>77634</osvdb>
<cve>2011-3841</cve>
<secunia>47243</secunia>
<url>http://www.securityfocus.com/bid/51017</url>
<url>http://xforce.iss.net/xforce/xfdb/71748</url>
</references>
<type>XSS</type>
<fixed_in>11.12.08</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Symposium &lt;= 0.64 - uploadify/get_profile_avatar.php uid Parameter SQL Injection</title>
<references>
<osvdb>74664</osvdb>
<secunia>47243</secunia>
<exploitdb>17679</exploitdb>
</references>
<type>SQLI</type>
<fixed_in>11.08.18</fixed_in>
</vulnerability>
</plugin>
<plugin name="file-groups">
<vulnerability>
<title>File Groups &lt;= 1.1.2 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17677</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ip-logger">
<vulnerability>
<title>IP-Logger &lt;= 3.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17673</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="beer-recipes">
<vulnerability>
<title>Beer Recipes 1.0 - XSS</title>
<references>
<exploitdb>17453</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="is-human">
<vulnerability>
<title>Is-human &lt;= 1.4.2 - Remote Command Execution Vulnerability</title>
<references>
<exploitdb>17299</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="editormonkey">
<vulnerability>
<title>EditorMonkey - (FCKeditor) Arbitrary File Upload</title>
<references>
<exploitdb>17284</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="sermon-browser">
<vulnerability>
<title>SermonBrowser 0.43 - SQL Injection</title>
<references>
<exploitdb>17214</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ajax-category-dropdown">
<vulnerability>
<title>Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities</title>
<references>
<exploitdb>17207</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-custom-pages">
<vulnerability>
<title>WP Custom Pages 0.5.0.1 - LFI Vulnerability</title>
<references>
<exploitdb>17119</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="flash-album-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 2.70- "s" Cross-Site Scripting Vulnerability</title>
<references>
<osvdb>93714</osvdb>
<cve>2013-3261</cve>
<secunia>53111</secunia>
</references>
<type>XSS</type>
<fixed_in>2.72</fixed_in>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 2.55 - "gid" SQL Injection Vulnerability</title>
<references>
<osvdb>93087</osvdb>
<secunia>53356</secunia>
</references>
<type>SQLI</type>
<fixed_in>2.56</fixed_in>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery - Multiple Vulnerabilities</title>
<references>
<secunia>51100</secunia>
</references>
<type>MULTI</type>
<fixed_in>2.17</fixed_in>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 1.9.0 and 2.0.0 - Multiple Vulnerabilities</title>
<references>
<secunia>51601</secunia>
<url>http://packetstormsecurity.com/files/117665/</url>
<url>http://www.waraxe.us/advisory-94.html</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery &lt;= 1.71 - wp-admin/admin.php skin Parameter XSS</title>
<references>
<osvdb>81923</osvdb>
<url>http://packetstormsecurity.com/files/112704/</url>
</references>
<type>XSS</type>
<fixed_in>1.76</fixed_in>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery &lt;= 1.56 - XSS Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/186</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid Parameter SQL Injection</title>
<references>
<osvdb>71072</osvdb>
<secunia>43648</secunia>
<exploitdb>16947</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 0.55 - admin/news.php want2Read Parameter Traversal Arbitrary File Access</title>
<references>
<osvdb>71073</osvdb>
<secunia>43648</secunia>
<exploitdb>16947</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="php_speedy_wp">
<vulnerability>
<title>PHP Speedy &lt;= 0.5.2 - (admin_container.php) Remote Code Exec Exploit</title>
<references>
<exploitdb>16273</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="old-post-spinner">
<vulnerability>
<title>OPS Old Post Spinner 2.2.1 - LFI Vulnerability</title>
<references>
<exploitdb>16251</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="jquery-mega-menu">
<vulnerability>
<title>jQuery Mega Menu 1.0 - Local File Inclusion</title>
<references>
<exploitdb>16250</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="iwant-one-ihave-one">
<vulnerability>
<title>IWantOneButton 3.0.1 - Multiple Vulnerabilities</title>
<references>
<exploitdb>16236</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="forum-server">
<vulnerability>
<title>WP Forum Server &lt;= 1.7.3 - wpf-insert.php edit_post_id Parameter SQL Injection</title>
<references>
<osvdb>75463</osvdb>
<cve>2012-6625</cve>
<secunia>45974</secunia>
<url>http://packetstormsecurity.com/files/112703/</url>
</references>
<type>SQLI</type>
<fixed_in>1.7.4</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Forum Server &lt;= 1.7.3 - fs-admin/wpf-add-forum.php groupid Parameter XSS</title>
<references>
<osvdb>102185</osvdb>
<cve>2012-6623</cve>
<secunia>49167</secunia>
<url>http://packetstormsecurity.com/files/112703/</url>
<url>http://www.securityfocus.com/bid/65215</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server &lt;= 1.7.3 - fs-admin/fs-admin.php Multiple Parameter XSS</title>
<references>
<osvdb>81914</osvdb>
<cve>2012-6622</cve>
<secunia>49155</secunia>
<url>http://packetstormsecurity.com/files/112703/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server &lt;= 1.7 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17828</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server 1.6.5 - feed.php topic Parameter SQL Injection</title>
<references>
<osvdb>70994</osvdb>
<cve>2011-1047</cve>
<secunia>43306</secunia>
<exploitdb>16235</exploitdb>
<url>http://www.securityfocus.com/bid/46360</url>
<url>http://www.securityfocus.com/bid/46362</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server 1.6.5 - index.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>70993</osvdb>
<cve>2011-1047</cve>
<secunia>43306</secunia>
<exploitdb>16235</exploitdb>
<url>http://www.securityfocus.com/bid/46362</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="relevanssi">
<vulnerability>
<title>Relevanssi 3.2 - Unspecified SQL Injection</title>
<references>
<osvdb>104014</osvdb>
<secunia>56641</secunia>
<url>http://www.securityfocus.com/bid/65960</url>
</references>
<type>SQLI</type>
<fixed_in>3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Relevanssi 2.7.2 - Stored XSS Vulnerability</title>
<references>
<osvdb>71236</osvdb>
<secunia>43461</secunia>
<exploitdb>16233</exploitdb>
</references>
<type>XSS</type>
<fixed_in>2.7.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="gigpress">
<vulnerability>
<title>GigPress 2.1.10 - Stored XSS Vulnerability</title>
<references>
<exploitdb>16232</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="comment-rating">
<vulnerability>
<title>Comment Rating 2.9.32 - Security Bypass Weakness and SQL Injection</title>
<references>
<osvdb>90676</osvdb>
<exploitdb>24552</exploitdb>
<secunia>52348</secunia>
<url>http://packetstormsecurity.com/files/120569/</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Comment Rating 2.9.23 - Multiple Vulnerabilities</title>
<references>
<osvdb>71044</osvdb>
<secunia>43406</secunia>
<exploitdb>16221</exploitdb>
</references>
<type>MULTI</type>
<fixed_in>2.9.24</fixed_in>
</vulnerability>
</plugin>
<plugin name="z-vote">
<vulnerability>
<title>Z-Vote 1.1 - SQL Injection Vulnerability</title>
<references>
<exploitdb>16218</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="user-photo">
<vulnerability>
<title>User Photo - Component Remote File Upload Vulnerability</title>
<references>
<cve>2013-1916</cve>
<exploitdb>16181</exploitdb>
<osvdb>71071</osvdb>
</references>
<type>UPLOAD</type>
<fixed_in>0.9.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="enable-media-replace">
<vulnerability>
<title>Enable Media Replace - Multiple Vulnerabilities</title>
<references>
<exploitdb>16144</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="mingle-forum">
<vulnerability>
<title>Mingle Forum &lt;= 1.0.32.1 - Cross Site Scripting / SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/108915/</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.31 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17894</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.26 - Multiple Vulnerabilities</title>
<references>
<exploitdb>15943</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.33 - Cross Site Scripting</title>
<references>
<secunia>49171</secunia>
<url>http://packetstormsecurity.com/files/112696/</url>
</references>
<type>XSS</type>
<fixed_in>1.0.33.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Parameter XSS</title>
<references>
<osvdb>90432</osvdb>
<cve>2013-0734</cve>
<secunia>52167</secunia>
</references>
<type>XSS</type>
<fixed_in>1.0.34</fixed_in>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.33.3 - wpf.class.php search_words Parameter XSS</title>
<references>
<osvdb>90433</osvdb>
<cve>2013-0734</cve>
<secunia>52167</secunia>
</references>
<type>XSS</type>
<fixed_in>1.0.34</fixed_in>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>90434</osvdb>
<cve>2013-0735</cve>
<secunia>52167</secunia>
</references>
<type>SQLI</type>
<fixed_in>1.0.34</fixed_in>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.35 - Privilege Escalation CSRF</title>
<references>
<osvdb>96905</osvdb>
<cve>2013-0736</cve>
<secunia>47687</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="accept-signups">
<vulnerability>
<title>Accept Signups 0.1 - XSS</title>
<references>
<exploitdb>15808</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="events-manager-extended">
<vulnerability>
<title>Events Manager Extended - Persistent XSS Vulnerability</title>
<references>
<exploitdb>14923</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="nextgen-smooth-gallery">
<vulnerability>
<title>NextGEN Smooth Gallery - Blind SQL Injection Vulnerability</title>
<references>
<exploitdb>14541</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>NextGen Smooth Gallery - XSS</title>
<references>
<url>http://packetstormsecurity.com/files/123074/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mylinksdump">
<vulnerability>
<title>myLDlinker - SQL Injection Vulnerability</title>
<references>
<exploitdb>14441</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="firestats">
<vulnerability>
<title>Firestats - Remote Configuration File Download</title>
<references>
<exploitdb>14308</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="simple-press">
<vulnerability>
<title>Simple Press - SQL Injection Vulnerability</title>
<references>
<exploitdb>14198</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cimy-counter">
<vulnerability>
<title>Cimy Counter - Vulnerabilities</title>
<references>
<exploitdb>14057</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="nextgen-gallery">
<vulnerability>
<title>NextGEN Gallery &amp; 2.0.66 - Arbitrary File Upload (the user must have upload privileges)</title>
<references>
<url>http://packetstormsecurity.com/files/127340/wpnextgen2063-shell.txt</url>
</references>
<type>UPLOAD</type>
<!-- The 2.0.65 has a bypass, properly fixed in 2.0.66 -->
<fixed_in>2.0.66</fixed_in>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery 2.0.0 - Directory Traversal</title>
<references>
<osvdb>103473</osvdb>
<url>http://seclists.org/fulldisclosure/2014/Feb/171</url>
<url>https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>2.0.7</fixed_in>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery - SWF Vulnerable to XSS</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
<secunia>51271</secunia>
</references>
<type>XSS</type>
<fixed_in>1.9.8</fixed_in>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery - swfupload.swf Multiple Cross Site Scripting Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/60433</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery 1.9.12 - Arbitrary File Upload</title>
<references>
<osvdb>94232</osvdb>
<cve>2013-3684</cve>
<url>http://wordpress.org/plugins/nextgen-gallery/changelog/</url>
</references>
<type>UPLOAD</type>
<fixed_in>1.9.13</fixed_in>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery 1.9.11 - xml/json.php Crafted Request Parsing Path Disclosure</title>
<references>
<osvdb>90242</osvdb>
<cve>2013-0291</cve>
<secunia>52137</secunia>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS</title>
<references>
<osvdb>97690</osvdb>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery &lt;= 1.9.0 - admin/manage-galleries.php paged Parameter XSS</title>
<references>
<osvdb>78363</osvdb>
<secunia>47588</secunia>
</references>
<type>XSS</type>
<fixed_in>1.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery &lt;= 1.9.0 - admin/manage-images.php paged Parameter XSS</title>
<references>
<osvdb>78364</osvdb>
<secunia>47588</secunia>
</references>
<type>XSS</type>
<fixed_in>1.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery &lt;= 1.9.0 - admin/manage.php Multiple Parameter XSS</title>
<references>
<osvdb>78365</osvdb>
<secunia>47588</secunia>
</references>
<type>XSS</type>
<fixed_in>1.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery &lt;= 1.8.3 - wp-admin/admin.php search Parameter XSS</title>
<references>
<osvdb>76576</osvdb>
<secunia>46602</secunia>
</references>
<type>XSS</type>
<fixed_in>1.8.4</fixed_in>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery &lt;= 1.8.3 - Tag Deletion CSRF</title>
<references>
<osvdb>76577</osvdb>
<secunia>46602</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.8.4</fixed_in>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery &lt;= 1.7.3 - xml/ajax.php Path Disclosure</title>
<references>
<osvdb>72023</osvdb>
</references>
<type>FPD</type>
<fixed_in>1.7.4</fixed_in>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery &lt;= 1.5.1 - xml/media-rss.php mode Parameter XSS</title>
<references>
<osvdb>63574</osvdb>
<exploitdb>12098</exploitdb>
<secunia>39341</secunia>
<url>http://www.securityfocus.com/bid/39250</url>
</references>
<type>XSS</type>
<fixed_in>1.5.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="cpl">
<vulnerability>
<title>Copperleaf Photolog - SQL injection</title>
<references>
<exploitdb>11458</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="events-calendar">
<vulnerability>
<title>Events Calendar - SQL Injection Vulnerability</title>
<references>
<exploitdb>10929</exploitdb>
<osvdb>95677</osvdb>
</references>
<type>SQLI</type>
<fixed_in>6.7.10</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Calendar - wp-admin/admin.php EC_id Parameter XSS</title>
<references>
<osvdb>74705</osvdb>
<secunia>45717</secunia>
</references>
<type>XSS</type>
<fixed_in>6.7.12a</fixed_in>
</vulnerability>
</plugin>
<plugin name="ImageManager">
<vulnerability>
<title>Image Manager - Shell Upload Vulnerability</title>
<references>
<exploitdb>10325</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-cumulus">
<vulnerability>
<title>WP-Cumulus &lt;= 1.20 - Vulnerabilities</title>
<references>
<exploitdb>10228</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WP-Cumulus - Cross Site Scripting Vulnerabily</title>
<references>
<url>http://seclists.org/fulldisclosure/2011/Nov/340</url>
</references>
<type>XSS</type>
<fixed_in>1.23</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-syntax">
<vulnerability>
<title>WP-Syntax &lt; 0.9.10 - Remote Command Execution</title>
<references>
<exploitdb>9431</exploitdb>
</references>
<type>RCE</type>
<fixed_in>0.9.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="my-category-order">
<vulnerability>
<title>My Category Order &lt;= 2.8 - SQL Injection Vulnerability</title>
<references>
<exploitdb>9150</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="related-sites">
<vulnerability>
<title>Related Sites 2.1 - Blind SQL Injection Vulnerability</title>
<references>
<exploitdb>9054</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dm-albums">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>DM Albums 1.9.2 - Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>9048</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>DM Albums 1.9.2 - Remote File Inclusion Vuln</title>
<references>
<exploitdb>9043</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="photoracer">
<vulnerability>
<title>Photoracer 1.0 - (id) SQL Injection Vulnerability</title>
<references>
<exploitdb>8961</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Photoracer &lt;= 1.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17720</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Photoracer &lt;= 1.0 - Multiple Vulnerabilities</title>
<references>
<exploitdb>17731</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-lytebox">
<vulnerability>
<title>Lytebox - Local File Inclusion Vulnerability</title>
<references>
<exploitdb>8791</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="fmoblog">
<vulnerability>
<title>fMoblog 2.1 - (id) SQL Injection Vulnerability</title>
<references>
<exploitdb>8229</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="page-flip-image-gallery">
<vulnerability>
<title>Page Flip Image Gallery &lt;= 0.2.2 - Remote FD Vuln</title>
<references>
<osvdb>50902</osvdb>
<cve>2008-5752</cve>
<exploitdb>7543</exploitdb>
<secunia>33274</secunia>
<url>http://www.securityfocus.com/bid/32966</url>
<url>http://xforce.iss.net/xforce/xfdb/47568</url>
</references>
<type>LFI</type>
</vulnerability>
<!-- Fake vuln, See https://github.com/wpscanteam/wpscan/commit/e45e91b0bfec8b8db83f987c531d01398812cdfa
<vulnerability>
<title>Page Flip Image Gallery - Remote File Upload Vulnerability</title>
<references>
<osvdb>100748</osvdb>
<url>http://packetstormsecurity.com/files/124316/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
-->
</plugin>
<plugin name="wp-shopping-cart">
<vulnerability>
<title>e-Commerce &lt;= 3.4 - Arbitrary File Upload Exploit</title>
<references>
<exploitdb>6867</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="downloads-manager">
<vulnerability>
<title>Download Manager 0.2 - Arbitrary File Upload Exploit</title>
<references>
<exploitdb>6127</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wpSS">
<vulnerability>
<title>Spreadsheet &lt;= 0.6 - SQL Injection Vulnerability</title>
<references>
<exploitdb>5486</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-download">
<vulnerability>
<title>Download - (dl_id) SQL Injection Vulnerability</title>
<references>
<exploitdb>5326</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sniplets">
<vulnerability>
<title>Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities</title>
<references>
<exploitdb>5194</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-photo-album">
<vulnerability>
<title>Photo album - Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5135</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sf-forum">
<vulnerability>
<title>Simple Forum 2.0-2.1 - SQL Injection Vulnerability</title>
<references>
<exploitdb>5126</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Simple Forum 1.10-1.11 - SQL Injection Vulnerability</title>
<references>
<exploitdb>5127</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="st_newsletter">
<vulnerability>
<title>st_newsletter - Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5053</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>st_newsletter - (stnl_iframe.php) SQL Injection Vulnerability</title>
<references>
<exploitdb>6777</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wordspew">
<vulnerability>
<title>Wordspew - Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5039</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dmsguestbook">
<vulnerability>
<title>dmsguestbook 1.7.0 - Multiple Remote Vulnerabilities</title>
<references>
<exploitdb>5035</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wassup">
<vulnerability>
<title>WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit</title>
<references>
<exploitdb>5017</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-adserve">
<vulnerability>
<title>Adserve 0.2 - adclick.php SQL Injection Exploit</title>
<references>
<exploitdb>5013</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="fgallery">
<vulnerability>
<title>fGallery 2.4.1 - fimrss.php SQL Injection Vulnerability</title>
<references>
<exploitdb>4993</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-cal">
<vulnerability>
<title>WP-Cal 0.3 - editevent.php SQL Injection Vulnerability</title>
<references>
<exploitdb>4992</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wpforum">
<vulnerability>
<title>plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>4939</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>7738</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-filemanager">
<vulnerability>
<title>wp-FileManager 1.2 - Remote Upload Vulnerability</title>
<references>
<exploitdb>4844</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>wp-FileManager 1.3.0 - File Download Vulnerability</title>
<references>
<secunia>53421</secunia>
<exploitdb>25440</exploitdb>
<osvdb>93446</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="pictpress">
<vulnerability>
<title>PictPress &lt;= 0.91 - Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>4695</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="backupwordpress">
<vulnerability>
<title>BackUp &lt;= 0.4.2b - RFI Vulnerability</title>
<references>
<exploitdb>4593</exploitdb>
</references>
<type>RFI</type>
<fixed_in>0.4.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="myflash">
<vulnerability>
<title>Myflash &lt;= 1.00 - (wppath) RFI Vulnerability</title>
<references>
<exploitdb>3828</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Myflash - myextractXML.php path Parameter Arbitrary File Access</title>
<references>
<osvdb>88260</osvdb>
<url>http://packetstormsecurity.com/files/118400/</url>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="wordtube">
<vulnerability>
<title>plugin wordTube &lt;= 1.43 - (wpPATH) RFI Vulnerability</title>
<references>
<exploitdb>3825</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wp-table">
<vulnerability>
<title>plugin wp-Table &lt;= 1.43 - (inc_dir) RFI Vulnerability</title>
<references>
<exploitdb>3824</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="mygallery">
<vulnerability>
<title>myGallery &lt;= 1.4b4 - Remote File Inclusion Vulnerability</title>
<references>
<exploitdb>3814</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="sendit">
<vulnerability>
<title>SendIt &lt;= 1.5.9 - Blind SQL Injection Vulnerability</title>
<references>
<exploitdb>17716</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="js-appointment">
<vulnerability>
<title>Js-appointment &lt;= 1.5 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17724</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mm-forms-community">
<vulnerability>
<title>MM Forms Community &lt;= 1.2.3 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17725</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>MM Forms Community 2.2.6 - Arbitrary File Upload</title>
<references>
<exploitdb>18997</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="super-captcha">
<vulnerability>
<title>Super CAPTCHA &lt;= 2.2.4 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17728</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="collision-testimonials">
<vulnerability>
<title>Collision Testimonials &lt;= 3.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17729</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="oqey-headers">
<vulnerability>
<title>Oqey Headers &lt;= 0.3 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17730</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="fbpromotions">
<vulnerability>
<title>Facebook Promotions &lt;= 1.3.3 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17737</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="evarisk">
<vulnerability>
<title>Evarisk 5.1.5.4 - include/lib/actionsCorrectives/activite/uploadPhotoApres.php File Upload PHP Code Execution</title>
<references>
<osvdb>82960</osvdb>
<secunia>49521</secunia>
<url>http://packetstormsecurity.com/files/113638/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Evarisk &lt;= 5.1.3.6 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17738</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="profiles">
<vulnerability>
<title>Profiles &lt;= 2.0RC1 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17739</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mystat">
<vulnerability>
<title>mySTAT &lt;= 2.6 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17740</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sh-slideshow">
<vulnerability>
<title>SH Slideshow &lt;= 3.1.4 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17748</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="copyright-licensing-tools">
<vulnerability>
<title>iCopyright(R) Article Tools &lt;= 1.1.4 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17749</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="advertizer">
<vulnerability>
<title>Advertizer &lt;= 1.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17750</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="event-registration">
<vulnerability>
<title>Event Registration &lt;= 5.44 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17814</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Event Registration &lt;= 5.43 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17751</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Event Registration 5.32 - SQL Injection Vulnerability</title>
<references>
<exploitdb>15513</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="crawlrate-tracker">
<vulnerability>
<title>Craw Rate Tracker &lt;= 2.0.2 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17755</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-audio-gallery-playlist">
<vulnerability>
<title>wp audio gallery playlist &lt;= 0.12 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17756</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="yolink-search">
<vulnerability>
<title>yolink Search 2.5 - "s" Cross-Site Scripting Vulnerability</title>
<references>
<osvdb>89756</osvdb>
<secunia>52030</secunia>
<url>http://www.securityfocus.com/bid/57665</url>
</references>
<type>XSS</type>
<fixed_in>2.6</fixed_in>
</vulnerability>
<vulnerability>
<title>yolink Search &lt;= 1.1.4 - includes/bulkcrawl.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>74832</osvdb>
<secunia>45801</secunia>
<exploitdb>17757</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="pure-html">
<vulnerability>
<title>PureHTML &lt;= 1.0.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17758</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="couponer">
<vulnerability>
<title>Couponer &lt;= 1.2 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17759</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="grapefile">
<vulnerability>
<title>grapefile &lt;= 1.1 - Arbitrary File Upload</title>
<references>
<exploitdb>17760</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="image-gallery-with-slideshow">
<vulnerability>
<title>image-gallery-with-slideshow &lt;= 1.5 - Arbitrary File Upload / SQL Injection</title>
<references>
<exploitdb>17761</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg">
<vulnerability>
<title>Donation &lt;= 1.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17763</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-bannerize">
<vulnerability>
<title>WP Bannerize &lt;= 2.8.6 - SQL Injection Vulnerability</title>
<references>
<osvdb>74835</osvdb>
<secunia>45811</secunia>
<exploitdb>17764</exploitdb>
</references>
<type>SQLI</type>
<fixed_in>2.8.7</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Bannerize &lt;= 2.8.7 - SQL Injection Vulnerability</title>
<references>
<osvdb>76658</osvdb>
<secunia>46236</secunia>
<exploitdb>17906</exploitdb>
</references>
<type>SQLI</type>
<fixed_in>2.8.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="search-autocomplete">
<vulnerability>
<title>SearchAutocomplete &lt;= 1.0.8 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17767</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="videowhisper-video-presentation">
<vulnerability>
<title>VideoWhisper Video Presentation &lt;= 1.1 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17771</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/53851</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="facebook-opengraph-meta-plugin">
<vulnerability>
<title>Facebook Opengraph Meta &lt;= 1.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17773</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="zotpress">
<vulnerability>
<title>Zotpress &lt;= 4.4 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17778</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="oqey-gallery">
<vulnerability>
<title>oQey Gallery &lt;= 0.4.8 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17779</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="tweet-old-post">
<vulnerability>
<title>Tweet Old Post &lt;= 3.2.5 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17789</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="post-highlights">
<vulnerability>
<title>post highlights &lt;= 2.2 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17790</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="knr-author-list-widget">
<vulnerability>
<title>KNR Author List Widget &lt;= 2.0.0 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17791</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="scormcloud">
<vulnerability>
<title>SCORM Cloud &lt;= 1.0.6.6 - SQL Injection Vulnerability</title>
<references>
<osvdb>77679</osvdb>
<exploitdb>17793</exploitdb>
</references>
<fixed_in>1.0.7</fixed_in>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="eventify">
<vulnerability>
<title>Eventify - Simple Events &lt;= 1.7.f - SQL Injection Vulnerability</title>
<references>
<exploitdb>17794</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="paid-downloads">
<vulnerability>
<title>Paid Downloads &lt;= 2.01 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17797</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="community-events">
<vulnerability>
<title>Community Events &lt;= 1.2.1 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17798</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="1-flash-gallery">
<vulnerability>
<title>1-flash-gallery &lt;= 1.9.0 - XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>1 Flash Gallery - Arbiraty File Upload Exploit (MSF)</title>
<references>
<exploitdb>17801</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-filebase">
<vulnerability>
<title>WP-Filebase Download Manager 0.3.0.02 - class/Admin.php GetFileHash Function Remote Command Execution</title>
<references>
<osvdb>105039</osvdb>
<secunia>57456</secunia>
<url>http://www.securityfocus.com/bid/66341</url>
</references>
<type>SQLI</type>
<fixed_in>0.3.0.03</fixed_in>
</vulnerability>
<vulnerability>
<title>WP-Filebase 0.2.9.24- Unspecified Vulnerabilities</title>
<references>
<osvdb>87294</osvdb>
<secunia>51269</secunia>
<url>http://xforce.iss.net/xforce/xfdb/80034</url>
</references>
<type>UNKNOWN</type>
<fixed_in>0.2.9.25</fixed_in>
</vulnerability>
<vulnerability>
<title>WP-Filebase Download Manager &lt;= 0.2.9 - wpfb-ajax.php base Parameter SQL Injection</title>
<references>
<osvdb>75308</osvdb>
<secunia>45931</secunia>
<exploitdb>17808</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="a-to-z-category-listing">
<vulnerability>
<title>A to Z Category Listing &lt;= 1.3 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17809</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce">
<vulnerability>
<title>WP-e-Commerce 3.8.9.5 - Cross Site Scripting Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20517</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP-e-Commerce 3.8.9.5 - display-sales-logs.php c Parameter Remote Code Execution</title>
<references>
<osvdb>102484</osvdb>
<url>http://packetstormsecurity.com/files/124921/</url>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>WP-e-Commerce 3.8.9.5 - misc.functions.php image_name Parameter Local File Inclusion</title>
<references>
<osvdb>102485</osvdb>
<url>http://packetstormsecurity.com/files/124921/</url>
</references>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>WP-e-Commerce 3.8.9.5 - ajax.php wpsc_action Parameter Remote Code Execution</title>
<references>
<osvdb>102486</osvdb>
<url>http://packetstormsecurity.com/files/124921/</url>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>WP-e-Commerce 3.8.9.5 - save-data.functions.php GIF File Upload</title>
<references>
<osvdb>102497</osvdb>
<url>http://packetstormsecurity.com/files/124921/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>WP-e-Commerce 3.8.9 - purchase-log-list-table-class.php m Parameter XSS</title>
<references>
<osvdb>88231</osvdb>
<url>http://www.securityfocus.com/bid/56499</url>
<url>http://xforce.iss.net/xforce/xfdb/80048</url>
</references>
<type>XSS</type>
<fixed_in>3.8.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP-e-Commerce 3.8.9 - purchaselogs.class.php view_purchlogs_by_status Parameter SQL Injection</title>
<references>
<osvdb>88232</osvdb>
<url>http://www.securityfocus.com/bid/56499</url>
<url>http://xforce.iss.net/xforce/xfdb/80042</url>
</references>
<type>SQLI</type>
<fixed_in>3.8.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP e-Commerce 3.8.6 - wpsc-cart_widget.php cart_messages Parameter XSS</title>
<references>
<osvdb>74295</osvdb>
<secunia>45513</secunia>
</references>
<type>XSS</type>
<fixed_in>3.8.8</fixed_in>
</vulnerability>
<vulnerability>
<title>WP e-Commerce &lt;= 3.8.6 - SQL Injection Vulnerability</title>
<references>
<exploitdb>17832</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="filedownload">
<vulnerability>
<title>Filedownload 0.1 - (download.php) Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>17858</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="thecartpress">
<vulnerability>
<title>TheCartPress &lt;= 1.6 - Cross Site Sripting</title>
<references>
<url>http://packetstormsecurity.com/files/108272/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>TheCartPress 1.1.1 - Remote File Inclusion</title>
<references>
<osvdb>75616</osvdb>
<exploitdb>17860</exploitdb>
</references>
<fixed_in>1.1.2</fixed_in>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wpeasystats">
<vulnerability>
<title>WPEasyStats 1.8 - Remote File Inclusion</title>
<references>
<exploitdb>17862</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="annonces">
<vulnerability>
<title>Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution</title>
<references>
<osvdb>82948</osvdb>
<secunia>49488</secunia>
<url>http://packetstormsecurity.com/files/113637/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="livesig">
<vulnerability>
<title>Livesig 0.4 - Remote File Inclusion</title>
<references>
<exploitdb>17864</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="disclosure-policy-plugin">
<vulnerability>
<title>Disclosure Policy 1.0 - Remote File Inclusion</title>
<references>
<exploitdb>17865</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="mailz">
<vulnerability>
<title>Mailing List 1.3.2 - Remote File Inclusion</title>
<references>
<osvdb>75617</osvdb>
<exploitdb>17866</exploitdb>
</references>
<fixed_in>1.3.4</fixed_in>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Mailing List - Arbitrary file download</title>
<references>
<exploitdb>18276</exploitdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="g-web-shop">
<vulnerability>
<title>Zingiri Web Shop 2.2.0 - Remote File Inclusion</title>
<references>
<exploitdb>17867</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.2.3 - Remote Code Execution</title>
<references>
<exploitdb>18111</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="mini-mail-dashboard-widget">
<vulnerability>
<title>Mini Mail Dashboard Widget 1.36 - wp-mini-mail.php abspath Parameter Remote File Inclusion</title>
<references>
<osvdb>75402</osvdb>
<secunia>45953</secunia>
<exploitdb>17868</exploitdb>
</references>
<type>RFI</type>
<fixed_in>1.37</fixed_in>
</vulnerability>
<vulnerability>
<title>Mini Mail Dashboard Widget 1.42 - Message Body XSS</title>
<references>
<osvdb>85135</osvdb>
<exploitdb>20358</exploitdb>
</references>
<type>XSS</type>
<fixed_in>1.43</fixed_in>
</vulnerability>
</plugin>
<plugin name="relocate-upload">
<vulnerability>
<title>Relocate Upload 0.14 - Remote File Inclusion</title>
<references>
<exploitdb>17869</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="category-grid-view-gallery">
<vulnerability>
<title>Category Grid View Gallery 0.1.1 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Category Grid View Gallery 2.3.1 - CatGridPost.php ID Parameter XSS</title>
<references>
<osvdb>94805</osvdb>
<cve>2013-4117</cve>
<secunia>54035</secunia>
<url>http://packetstormsecurity.com/files/122259/</url>
</references>
<type>XSS</type>
<fixed_in>2.3.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="auto-attachments">
<vulnerability>
<title>Auto Attachments 0.2.9 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-marketplace">
<vulnerability>
<title>WP Marketplace 1.1.0 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="dp-thumbnail">
<vulnerability>
<title>DP Thumbnail 1.0 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="vk-gallery">
<vulnerability>
<title>Vk Gallery 1.1.0 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="rekt-slideshow">
<vulnerability>
<title>Rekt Slideshow 1.0.5 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cac-featured-content">
<vulnerability>
<title>CAC Featured Content 0.8 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="rent-a-car">
<vulnerability>
<title>Rent A Car 1.0 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lisl-last-image-slider">
<vulnerability>
<title>LISL Last Image Slider 1.0 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="islidex">
<vulnerability>
<title>Islidex 2.7 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="kino-gallery">
<vulnerability>
<title>Kino Gallery 1.0 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cms-pack-cache">
<vulnerability>
<title>Cms Pack 1.3 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="a-gallery">
<vulnerability>
<title>A Gallery 0.9 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="category-list-portfolio-page">
<vulnerability>
<title>Category List Portfolio Page 0.9 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="really-easy-slider">
<vulnerability>
<title>Really Easy Slider 0.1 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="verve-meta-boxes">
<vulnerability>
<title>Verve Meta Boxes 1.2.8 - Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="user-avatar">
<vulnerability>
<title>User Avatar 1.3.7 - shell upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="extend-wordpress">
<vulnerability>
<title>Extend 1.3.7 - Shell Upload vulnerability</title>
<references>
<osvdb>75638</osvdb>
<cve>2011-4106</cve>
<exploitdb>17872</exploitdb>
<url>http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="adrotate">
<vulnerability>
<title>AdRotate &lt;= 3.9.4 - clicktracker.php track Parameter SQL Injection</title>
<references>
<osvdb>103578</osvdb>
<cve>2014-1854</cve>
<secunia>57079</secunia>
<exploitdb>31834</exploitdb>
<url>http://packetstormsecurity.com/files/125330/</url>
</references>
<type>SQLI</type>
<fixed_in>3.9.5</fixed_in>
</vulnerability>
<vulnerability>
<title>AdRotate &lt;= 3.6.6 - SQL Injection Vulnerability</title>
<references>
<osvdb>77507</osvdb>
<cve>2011-4671</cve>
<secunia>46814</secunia>
<exploitdb>18114</exploitdb>
</references>
<type>SQLI</type>
<fixed_in>3.6.8</fixed_in>
</vulnerability>
<vulnerability>
<title>AdRotate &lt;= 3.6.5 - SQL Injection Vulnerability</title>
<references>
<osvdb>77507</osvdb>
<cve>2011-4671</cve>
<exploitdb>17888</exploitdb>
<url>http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html</url>
</references>
<type>SQLI</type>
<fixed_in>3.6.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-spamfree">
<vulnerability>
<title>WP-SpamFree 3.2.1 - Spam SQL Injection Vulnerability</title>
<references>
<exploitdb>17970</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="gd-star-rating">
<vulnerability>
<title>GD Star Rating 1.9.22 - gd-star-rating-stats.php s Parameter SQL Injection</title>
<references>
<osvdb>105085</osvdb>
<url>http://packetstormsecurity.com/files/125932/</url>
<url>http://seclists.org/fulldisclosure/2014/Mar/399</url>
<url>https://security.dxw.com/advisories/xss-csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>GD Star Rating 1.9.22 - gd-star-rating-stats.php Setting Manipulation CSRF</title>
<references>
<osvdb>105086</osvdb>
<secunia>57667</secunia>
<url>http://packetstormsecurity.com/files/125932/</url>
<url>http://seclists.org/fulldisclosure/2014/Mar/399</url>
<url>https://security.dxw.com/advisories/xss-csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>GD Star Rating 1.9.18 - Export Security Bypass Security Issue</title>
<references>
<osvdb>105086</osvdb>
<secunia>49850</secunia>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.9.19</fixed_in>
</vulnerability>
<vulnerability>
<title>GD Star Rating &lt;= 1.9.16 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112702/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GD Star Rating &lt;= 1.9.10 - gd-star-rating/export.php de Parameter SQL Injection</title>
<references>
<osvdb>83466</osvdb>
<exploitdb>17973</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>GD Star Rating 1.9.7 - gd-star-rating/widgets/widget_top.php wpfn Parameter XSS</title>
<references>
<osvdb>71060</osvdb>
<secunia>43403</secunia>
<url>http://seclists.org/bugtraq/2011/Feb/219</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="contact-form-wordpress">
<vulnerability>
<title>Contact Form &lt;= 2.7.5 - SQL Injection</title>
<references>
<exploitdb>17980</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-photo-album-plus">
<vulnerability>
<title>WP Photo Album Plus &lt;= 4.1.1 - SQL Injection</title>
<references>
<exploitdb>17983</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus &lt;= 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS</title>
<references>
<osvdb>88851</osvdb>
<secunia>51669</secunia>
<secunia>51679</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20125</url>
</references>
<type>FPD</type>
<fixed_in>4.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus - index.php wppa-tag Parameter XSS</title>
<references>
<osvdb>89165</osvdb>
<secunia>51829</secunia>
</references>
<type>XSS</type>
<fixed_in>4.9.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus - "commentid" Cross-Site Scripting Vulnerability</title>
<references>
<osvdb>93033</osvdb>
<cve>2013-3254</cve>
<secunia>53105</secunia>
</references>
<type>XSS</type>
<fixed_in>5.0.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus - wp-admin/admin.php edit_id Parameter XSS</title>
<references>
<osvdb>94465</osvdb>
<secunia>53915</secunia>
</references>
<type>XSS</type>
<fixed_in>5.0.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="backwpup">
<vulnerability>
<title>BackWPUp 2.1.4 - Code Execution</title>
<references>
<exploitdb>17987</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>plugin BackWPup 1.5.2, 1.6.1, 1.7.1 - Remote and Local Code Execution Vulnerability</title>
<references>
<osvdb>71481</osvdb>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>BackWPup 3.0.12 - wp-admin/admin.php tab Parameter XSS</title>
<references>
<cve>2013-4626</cve>
<url>https://www.htbridge.com/advisory/HTB23161</url>
<osvdb>96505</osvdb>
<secunia>54515</secunia>
<url>http://packetstormsecurity.com/files/122916/</url>
</references>
<type>XSS</type>
<fixed_in>3.0.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="portable-phpmyadmin">
<vulnerability>
<title>portable-phpMyAdmin - Authentication Bypass</title>
<references>
<osvdb>88391</osvdb>
<cve>2012-5469</cve>
<exploitdb>23356</exploitdb>
<secunia>51520</secunia>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure</title>
<references>
<osvdb>98766</osvdb>
<cve>2013-4454</cve>
<url>http://www.securityfocus.com/bid/63249</url>
<url>http://seclists.org/oss-sec/2013/q4/138</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass</title>
<references>
<osvdb>98767</osvdb>
<cve>2013-4462</cve>
<secunia>55270</secunia>
<url>http://seclists.org/oss-sec/2013/q4/138</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="super-refer-a-friend">
<vulnerability>
<title>super-refer-a-friend - Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20126</url>
</references>
<type>FPD</type>
<fixed_in>1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="w3-total-cache">
<vulnerability>
<title>W3 Total Cache - Username and Hash Extract</title>
<references>
<osvdb>92742</osvdb>
<osvdb>92741</osvdb>
<cve>2012-6079</cve>
<cve>2012-6078</cve>
<url>http://seclists.org/fulldisclosure/2012/Dec/242</url>
<url>https://github.com/FireFart/W3TotalCacheExploit</url>
<metasploit>auxiliary/gather/wp_w3_total_cache_hash_extract</metasploit>
</references>
<type>UNKNOWN</type>
<fixed_in>0.9.2.5</fixed_in>
</vulnerability>
<vulnerability>
<title>W3 Total Cache - Remote Code Execution</title>
<references>
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
<url>http://wordpress.org/support/topic/pwn3d</url>
<url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
<metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
<exploitdb>25137</exploitdb>
<cve>2013-2010</cve>
<osvdb>92652</osvdb>
<secunia>53052</secunia>
</references>
<type>RCE</type>
<fixed_in>0.9.2.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-super-cache">
<vulnerability>
<title>WP-Super-Cache 1.3 - Remote Code Execution</title>
<references>
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
<url>http://wordpress.org/support/topic/pwn3d</url>
<url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
</references>
<type>RCE</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS</title>
<references>
<osvdb>92832</osvdb>
<cve>2013-2008</cve>
</references>
<type>XSS</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS</title>
<references>
<osvdb>92831</osvdb>
<cve>2013-2008</cve>
</references>
<type>XSS</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS</title>
<references>
<osvdb>92830</osvdb>
<cve>2013-2008</cve>
</references>
<type>XSS</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS</title>
<references>
<osvdb>92829</osvdb>
<cve>2013-2008</cve>
</references>
<type>XSS</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS</title>
<references>
<osvdb>92828</osvdb>
<cve>2013-2008</cve>
</references>
<type>XSS</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS</title>
<references>
<osvdb>92827</osvdb>
<cve>2013-2008</cve>
</references>
<type>XSS</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
<!-- Fake vuln,
See http://archives.neohapsis.com/archives/bugtraq/2009-07/0175.html
http://osvdb.org/56762
<vulnerability>
<title>WP Super Cache 0.8.3 - wp-cache-phase1.php plugin Parameter Remote File Inclusion</title>
<references>
<osvdb>56762</osvdb>
</references>
<type>RCE</type>
</vulnerability>
-->
</plugin>
<plugin name="ripe-hd-player">
<vulnerability>
<title>ripe-hd-player 1.0 - ripe-hd-player/config.php id Parameter SQL Injection</title>
<references>
<osvdb>89437</osvdb>
<exploitdb>24229</exploitdb>
<url>http://xforce.iss.net/xforce/xfdb/81415</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>ripe-hd-player 1.0 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>89438</osvdb>
<exploitdb>24229</exploitdb>
<url>http://www.securityfocus.com/bid/57473</url>
<url>http://xforce.iss.net/xforce/xfdb/81414</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="floating-tweets">
<vulnerability>
<title>floating-tweets - persistent XSS</title>
<references>
<url>http://packetstormsecurity.com/files/119499/</url>
<url>http://websecurity.com.ua/6023/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>floating-tweets - directory traversal</title>
<references>
<url>http://packetstormsecurity.com/files/119499/</url>
<url>http://websecurity.com.ua/6023/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="ipfeuilledechou">
<vulnerability>
<title>ipfeuilledechou - SQL Injection Vulnerability</title>
<references>
<url>http://www.exploit4arab.com/exploits/377</url>
<url>http://1337day.com/exploit/20206</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="simple-login-log">
<vulnerability>
<title>Simple Login Log - XSS</title>
<references>
<secunia>51780</secunia>
</references>
<type>XSS</type>
<fixed_in>0.9.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Simple Login Log - SQL Injection</title>
<references>
<secunia>51780</secunia>
</references>
<type>SQLI</type>
<fixed_in>0.9.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-slimstat">
<vulnerability>
<title>WP SlimStat 3.5.5 - Overview URI Stored XSS</title>
<references>
<osvdb>104428</osvdb>
<secunia>57305</secunia>
</references>
<type>XSS</type>
<fixed_in>3.5.6</fixed_in>
</vulnerability>
<vulnerability>
<title>WP SlimStat 2.8.4 - wp-content/plugins/wp-slimstat/admin/view/panel1.php s Parameter XSS</title>
<references>
<osvdb>89052</osvdb>
<secunia>51721</secunia>
</references>
<type>XSS</type>
<fixed_in>2.8.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-slimstat-ex">
<vulnerability>
<title>SlimStat-Ex - Open Flash Chart Arbitrary File Creation Vulnerability</title>
<references>
<secunia>55160</secunia>
<url>http://packetstormsecurity.com/files/123494/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="browser-rejector">
<vulnerability>
<title>Browser Rejector - Remote and Local File Inclusion</title>
<references>
<osvdb>89053</osvdb>
<secunia>51739</secunia>
</references>
<type>LFI</type>
<fixed_in>2.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-file-uploader">
<vulnerability>
<title>File Uploader - PHP File Upload Vulnerability</title>
<references>
<url>http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cardoza-wordpress-poll">
<vulnerability>
<title>Cardoza WordPress poll 34.05 - Multiple External Function Remote Poll Manipulation</title>
<references>
<osvdb>89443</osvdb>
<cve>2013-1401</cve>
<secunia>51925</secunia>
<url>http://seclists.org/bugtraq/2013/Jan/86</url>
<url>http://packetstormsecurity.com/files/119736/</url>
</references>
<type>CSRF</type>
<fixed_in>34.06</fixed_in>
</vulnerability>
<vulnerability>
<title>Cardoza WordPress poll - CWPPoll.js Multiple Method pollid Parameter SQL Injection</title>
<references>
<osvdb>89444</osvdb>
<cve>2013-1400</cve>
<url>http://packetstormsecurity.com/files/119736/</url>
<url>http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html</url>
<url>http://seclists.org/bugtraq/2013/Jan/86</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Cardoza WordPress poll - Multiple SQL Injection Vulnerabilities</title>
<references>
<secunia>50910</secunia>
</references>
<type>SQLI</type>
<fixed_in>33.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="devformatter">
<vulnerability>
<title>Developer Formatter 2013.0.1.40 - devformatter.php Multiple Action CSRF</title>
<references>
<osvdb>89475</osvdb>
<exploitdb>24294</exploitdb>
<secunia>51912</secunia>
<url>http://packetstormsecurity.com/files/119731/</url>
<url>http://seclists.org/bugtraq/2013/Jan/91</url>
<url>http://1337day.com/exploit/20210</url>
</references>
<type>CSRF</type>
<fixed_in>2013.0.1.41</fixed_in>
</vulnerability>
<vulnerability>
<title>Developer Formatter 2013.0.1.40 - devformatter.php Multiple Field XSS</title>
<references>
<osvdb>89474</osvdb>
<url>http://seclists.org/bugtraq/2013/Jan/91</url>
</references>
<type>XSS</type>
<fixed_in>2013.0.1.41</fixed_in>
</vulnerability>
</plugin>
<plugin name="dvs-custom-notification">
<vulnerability>
<title>DVS Custom Notification - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>89441</osvdb>
<cve>2012-4921</cve>
<secunia>51531</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="events-manager">
<vulnerability>
<title>Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabilities</title>
<references>
<osvdb>98198</osvdb>
<secunia>55182</secunia>
</references>
<type>XSS</type>
<fixed_in>5.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.8 - Event Search Form em_search Parameter XSS</title>
<references>
<osvdb>93556</osvdb>
<url>http://www.securityfocus.com/bid/60078</url>
<secunia>53478</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.8 - wp-admin/edit.php author Parameter XSS</title>
<references>
<osvdb>93557</osvdb>
<url>http://www.securityfocus.com/bid/60078</url>
<secunia>53478</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.8 - Event Editing redirect_to Parameter XSS</title>
<references>
<osvdb>93558</osvdb>
<url>http://www.securityfocus.com/bid/60078</url>
<secunia>53478</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.5 - wp-admin/admin-ajax.php dbem_phone Parameter XSS</title>
<references>
<osvdb>90913</osvdb>
<secunia>52475</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.5 - index.php event_owner_name Parameter XSS</title>
<references>
<osvdb>90914</osvdb>
<secunia>52475</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.5 - wp-admin/post.php Multiple Parameter XSS</title>
<references>
<osvdb>90915</osvdb>
<secunia>52475</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.3 - templates/forms/bookingform/booking-fields.php Multiple Parameter XSS</title>
<references>
<osvdb>89488</osvdb>
<cve>2013-1407</cve>
<secunia>51869</secunia>
<url>http://packetstormsecurity.com/files/120688/</url>
<url>http://www.securityfocus.com/bid/57477</url>
</references>
<type>XSS</type>
<fixed_in>5.3.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.3 - templates/templates/events-search.php Multiple Parameter XSS</title>
<references>
<osvdb>89487</osvdb>
<cve>2013-1407</cve>
<secunia>51869</secunia>
<url>http://packetstormsecurity.com/files/120688/</url>
<url>http://www.securityfocus.com/bid/57477</url>
</references>
<type>XSS</type>
<fixed_in>5.3.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.3 - XSS classes/em-bookings-table.php wp_nonce Parameter XSS</title>
<references>
<osvdb>89486</osvdb>
<cve>2013-1407</cve>
<secunia>51869</secunia>
<url>http://packetstormsecurity.com/files/120688/</url>
<url>http://www.securityfocus.com/bid/57477</url>
</references>
<type>XSS</type>
<fixed_in>5.3.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="solvemedia">
<vulnerability>
<title>SolveMedia 1.1.0 - plugins.php API Key Manipulation CSRF</title>
<references>
<osvdb>89585</osvdb>
<secunia>51927</secunia>
<exploitdb>24364</exploitdb>
<url>http://1337day.com/exploit/20222</url>
</references>
<type>CSRF</type>
<fixed_in>1.1.1</fixed_in>
</vulnerability>
<vulnerability>
<title>SolveMedia 1.1.0 - solvemedia.admin.inc Admin Options Page CSRF</title>
<references>
<osvdb>106320</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="usc-e-shop">
<vulnerability>
<title>Welcart e-Commerce 1.3.12 - wp-admin/admin-ajax.php Multiple Parameter DOM-Based XSS</title>
<references>
<osvdb>103956</osvdb>
<secunia>57222</secunia>
<url>http://packetstormsecurity.com/files/125513/</url>
<url>http://www.securityfocus.com/bid/65954</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Welcart e-Commerce 1.3.12 - purchase_limit Parameter DOM-based XSS</title>
<references>
<osvdb>103955</osvdb>
<url>http://packetstormsecurity.com/files/125513/</url>
<url>http://www.securityfocus.com/bid/65954</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Welcart e-Commerce 1.3.12 - wp-admin/admin.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>103954</osvdb>
<url>http://packetstormsecurity.com/files/125513/</url>
<url>http://www.securityfocus.com/bid/65954</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Welcart e-Commerce - wp-admin/admin.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>103954</osvdb>
<url>http://packetstormsecurity.com/files/125513/</url>
<url>http://www.securityfocus.com/bid/65954</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Welcart e-Commerce - Cross-Site Scripting and Request Forgery Vulnerabilities</title>
<references>
<secunia>51581</secunia>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="knews">
<vulnerability>
<title>Knews 1.2.5 - Multilingual Newsletters Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>88427</osvdb>
<secunia>51543</secunia>
<url>http://www.securityfocus.com/bid/56926</url>
<url>http://xforce.iss.net/xforce/xfdb/80661</url>
</references>
<type>CSRF</type>
<fixed_in>1.2.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Knews 1.2.5 - Unspecified XSS</title>
<references>
<osvdb>88426</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.2.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Knews 1.1.0 - wysiwyg/fontpicker/index.php ff Parameter XSS</title>
<references>
<osvdb>83643</osvdb>
<secunia>49825</secunia>
</references>
<type>XSS</type>
<fixed_in>1.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="video-lead-form">
<vulnerability>
<title>Video Lead Form - "errMsg" Cross-Site Scripting Vulnerability</title>
<references>
<cve>2012-6312</cve>
<osvdb>88002</osvdb>
<secunia>51419</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sagepay-direct-for-woocommerce-payment-gateway">
<vulnerability>
<title>WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DRedirect.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>102882</osvdb>
<secunia>56801</secunia>
</references>
<type>XSS</type>
<fixed_in>0.1.6.7</fixed_in>
</vulnerability>
<vulnerability>
<title>WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DCallBack.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>102746</osvdb>
<secunia>56801</secunia>
</references>
<type>XSS</type>
<fixed_in>0.1.6.7</fixed_in>
</vulnerability>
<vulnerability>
<title>WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DComplete.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>102747</osvdb>
<secunia>56801</secunia>
</references>
<type>XSS</type>
<fixed_in>0.1.6.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="woocommerce-predictive-search">
<vulnerability>
<title>WooCommerce Predictive Search - index.php rs Parameter XSS</title>
<references>
<osvdb>87890</osvdb>
<secunia>51385</secunia>
<url>http://www.securityfocus.com/bid/56703</url>
</references>
<type>XSS</type>
<fixed_in>1.0.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="woocommerce">
<vulnerability>
<title>WooCommerce 2.0.17 - hide-wc-extensions-message Parameter Reflected XSS</title>
<references>
<osvdb>98754</osvdb>
<url>http://packetstormsecurity.com/files/123684/</url>
<url>http://www.securityfocus.com/bid/63228</url>
</references>
<type>XSS</type>
<fixed_in>2.0.17</fixed_in>
</vulnerability>
<vulnerability>
<title>WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS</title>
<references>
<osvdb>95480</osvdb>
<secunia>53930</secunia>
<url>http://packetstormsecurity.com/files/122465/</url>
</references>
<type>XSS</type>
<fixed_in>2.0.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce-predictive-search">
<vulnerability>
<title>WP e-Commerce Predictive Search - "rs" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51384</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-tiger">
<vulnerability>
<title>vTiger - CRM Lead Capture Unspecified Vulnerability</title>
<references>
<secunia>51305</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-postviews">
<vulnerability>
<title>WP-PostViews - "search_input" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50982</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP-PostViews 1.62 - Setting Manipulation CSRF</title>
<references>
<osvdb>93096</osvdb>
<cve>2013-3252</cve>
<secunia>53127</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.63</fixed_in>
</vulnerability>
</plugin>
<plugin name="dx-contribute">
<vulnerability>
<title>DX-Contribute - Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51082</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wysija-newsletters">
<vulnerability>
<title>MailPoet (Wysija Newsletters) - Remote File Upload</title>
<references>
<cve>2014-4725</cve>
<url>http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html</url>
<url>http://www.openwall.com/lists/oss-security/2014/07/02/1</url>
<metasploit>exploit/unix/webapp/wp_wysija_newsletters_upload</metasploit>
</references>
<type>UPLOAD</type>
<fixed_in>2.6.8</fixed_in>
</vulnerability>
<vulnerability>
<title>Wysija Newsletters 2.2 - SQL Injection Vulnerability</title>
<references>
<osvdb>89924</osvdb>
<cve>2013-1408</cve>
<url>https://www.htbridge.com/advisory/HTB23140</url>
<url>http://packetstormsecurity.com/files/120089/</url>
<url>http://seclists.org/bugtraq/2013/Feb/29</url>
<url>http://cxsecurity.com/issue/WLB-2013020039</url>
</references>
<type>SQLI</type>
<fixed_in>2.2.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Wysija Newsletters - swfupload Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51249</secunia>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
<fixed_in>2.1.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="hitasoft_player">
<vulnerability>
<title>Hitasoft FLV Player - "id" SQL Injection Vulnerability</title>
<references>
<secunia>51179</secunia>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="spider-calendar">
<vulnerability>
<title>Spider Calendar 1.3.0 - Multiple Vulnerabilities</title>
<references>
<osvdb>93584</osvdb>
<exploitdb>25723</exploitdb>
<secunia>53481</secunia>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Spider Calendar 1.1.0 - "many_sp_calendar" Cross-Site Scripting Vulnerability</title>
<references>
<osvdb>86604</osvdb>
<secunia>50981</secunia>
</references>
<type>XSS</type>
<fixed_in>1.1.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Spider Calendar 1.0.1 - front_end/spidercalendarbig.php date Parameter XSS</title>
<references>
<osvdb>85897</osvdb>
<secunia>50812</secunia>
<exploitdb>21715</exploitdb>
<url>http://packetstormsecurity.org/files/117078/</url>
</references>
<type>XSS</type>
<fixed_in>1.1.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Spider Calendar 1.0.1 - spidercalendarbig_seemore.php calendar_id Parameter SQL Injection</title>
<references>
<osvdb>85898</osvdb>
<secunia>50812</secunia>
<exploitdb>21715</exploitdb>
<url>http://packetstormsecurity.org/files/117078/</url>
</references>
<type>SQLI</type>
<fixed_in>1.1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="dynamic-font-replacement-4wp">
<vulnerability>
<title>Dynamic Font Replacement 1.3 - SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20239</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="form">
<vulnerability>
<title>Zingiri Form Builder - "error" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50983</secunia>
</references>
<type>XSS</type>
<fixed_in>1.2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="white-label-cms">
<vulnerability>
<title>White Label CMS - Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>50487</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.5.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="download-shortcode">
<vulnerability>
<title>Download Shortcode - "file" Arbitrary File Disclosure Vulnerability</title>
<references>
<secunia>50924</secunia>
</references>
<type>LFI</type>
<fixed_in>0.2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="eshop-magic">
<vulnerability>
<title>eShop Magic 0.1 - eshop-magic/download.php file Parameter Traversal Arbitrary File Access</title>
<references>
<osvdb>86155</osvdb>
<secunia>50933</secunia>
<url>http://xforce.iss.net/xforce/xfdb/79222</url>
</references>
<type>LFI</type>
<fixed_in>0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="pinterest-pin-it-button">
<vulnerability>
<title>Pinterest "Pin It" Button Lite 1.3.1 - Multiple Unspecified Vulnerabilities</title>
<references>
<osvdb>85956</osvdb>
<secunia>50868</secunia>
</references>
<type>MULTI</type>
<fixed_in>1.4.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="css-plus">
<vulnerability>
<title>CSS Plus 1.3.1 - Unspecified Vulnerabilities</title>
<references>
<osvdb>85875</osvdb>
<secunia>50793</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="multisite-plugin-manager">
<vulnerability>
<title>Multisite plugin Manager 3.1.1 - Two Cross-Site Scripting Vulnerabilities</title>
<references>
<osvdb>85818</osvdb>
<secunia>50762</secunia>
</references>
<type>XSS</type>
<fixed_in>3.1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="abc-test">
<vulnerability>
<title>ABC Test - "id" Cross-Site Scripting Vulnerability</title>
<references>
<url>http://scott-herbert.com/?p=142</url>
<osvdb>85773</osvdb>
<secunia>50608</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="token-manager">
<vulnerability>
<title>Token Manager 1.0.2 - "tid" Cross-Site Scripting Vulnerabilities</title>
<references>
<osvdb>85738</osvdb>
<secunia>50722</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sexy-add-template">
<vulnerability>
<title>Sexy Add Template 1.0 - PHP Code Execution CSRF</title>
<references>
<osvdb>85730</osvdb>
<secunia>50709</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="notices">
<vulnerability>
<title>Notices Ticker 5.0 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>85729</osvdb>
<secunia>50717</secunia>
<url>http://packetstormsecurity.org/files/116774/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mf-gig-calendar">
<vulnerability>
<title>MF Gig Calendar 0.9.4.1 - URL Cross-Site Scripting Vulnerability</title>
<references>
<osvdb>85682</osvdb>
<cve>2012-4242</cve>
<secunia>50571</secunia>
<url>http://packetstormsecurity.org/files/116713/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-topbar">
<vulnerability>
<title>WP-TopBar 4.02 - wp-topbar.php wptbbartext Parameter XSS</title>
<references>
<osvdb>85659</osvdb>
<secunia>50693</secunia>
<exploitdb>21393</exploitdb>
</references>
<type>XSS</type>
<fixed_in>4.03</fixed_in>
</vulnerability>
<vulnerability>
<title>WP-TopBar 4.02 - TopBar Message Manipulation CSRF</title>
<references>
<osvdb>85660</osvdb>
<secunia>50693</secunia>
<exploitdb>21393</exploitdb>
</references>
<type>CSRF</type>
<fixed_in>4.03</fixed_in>
</vulnerability>
<vulnerability>
<title>wp-topbar &lt;= 3.04 - XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="webplayer">
<vulnerability>
<title>HD Webplayer - Two SQL Injection Vulnerabilities</title>
<references>
<osvdb>87832</osvdb>
<secunia>50466</secunia>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cloudsafe365-for-wp">
<vulnerability>
<title>Cloudsafe365 - Multiple Vulnerabilities</title>
<references>
<secunia>50392</secunia>
</references>
<type>MULTI</type>
<fixed_in>1.47</fixed_in>
</vulnerability>
</plugin>
<plugin name="vitamin">
<vulnerability>
<title>Vitamin 1.0 - add_headers.php path Parameter Traversal Arbitrary File Access</title>
<references>
<cve>2012-6651</cve>
<osvdb>84463</osvdb>
<secunia>50176</secunia>
</references>
<type>LFI</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access</title>
<references>
<cve>2012-6651</cve>
<osvdb>84464</osvdb>
<secunia>50176</secunia>
</references>
<type>LFI</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="featured-post-with-thumbnail">
<vulnerability>
<title>Featured Post with thumbnail 1.4 - Unspecified timthumb Vulnerability</title>
<references>
<osvdb>84460</osvdb>
<secunia>50161</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-effective-lead-management">
<vulnerability>
<title>WP Lead Management 3.0.0 - Script Insertion Vulnerabilities</title>
<references>
<osvdb>84462</osvdb>
<exploitdb>20270</exploitdb>
<secunia>50166</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xve-various-embed">
<vulnerability>
<title>XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities</title>
<references>
<secunia>50173</secunia>
</references>
<type>XSS</type>
<fixed_in>1.0.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="g-lock-double-opt-in-manager">
<vulnerability>
<title>G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities</title>
<references>
<osvdb>84434</osvdb>
<secunia>50100</secunia>
<url>http://packetstormsecurity.org/files/115173/</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="kau-boys-backend-localization">
<vulnerability>
<title>Backend Localization 1.6.1 - options-general.php kau-boys_backend_localization_language Parameter XSS</title>
<references>
<osvdb>84418</osvdb>
<secunia>50099</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
<vulnerability>
<title>Backend Localization 1.6.1 - wp-login.php kau-boys_backend_localization_language Parameter XSS</title>
<references>
<osvdb>84419</osvdb>
<secunia>50099</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="flexi-quote-rotator">
<vulnerability>
<title>Flexi Quote Rotator - Cross-Site Request Forgery and SQL Injection Vulnerabilities</title>
<references>
<secunia>49910</secunia>
</references>
<type>MULTI</type>
<fixed_in>0.9.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="gotmls">
<vulnerability>
<title>Get Off Malicious Scripts - Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50030</secunia>
</references>
<type>XSS</type>
<fixed_in>1.2.07.20</fixed_in>
</vulnerability>
</plugin>
<plugin name="cimy-user-extra-fields">
<vulnerability>
<title>Cimy User Extra Fields - Arbitrary File Upload Vulnerability</title>
<references>
<secunia>49975</secunia>
</references>
<type>UPLOAD</type>
<fixed_in>2.3.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="nmedia-user-file-uploader">
<vulnerability>
<title>Nmedia Users File Uploader - Arbitrary File Upload Vulnerability</title>
<references>
<secunia>49996</secunia>
</references>
<type>UPLOAD</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-explorer-gallery">
<vulnerability>
<title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20251</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="accordion">
<vulnerability>
<title>accordion - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20254</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-catpro">
<vulnerability>
<title>wp-catpro - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20256</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="RLSWordPressSearch">
<vulnerability>
<title>RLSWordPressSearch - register.php agentid Parameter SQL Injection</title>
<references>
<osvdb>89824</osvdb>
<url>http://packetstormsecurity.com/files/119938/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wordpress-simple-shout-box">
<vulnerability>
<title>wordpress-simple-shout-box - SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013010235</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="portfolio-slideshow-pro">
<vulnerability>
<title>portfolio-slideshow-pro v3 - SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013010236</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="simple-history">
<vulnerability>
<title>Simple History - RSS Feed "rss_secret" Disclosure Weakness</title>
<references>
<osvdb>89640</osvdb>
<secunia>51998</secunia>
<url>http://www.securityfocus.com/bid/57628</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.0.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="p1m-media-manager">
<vulnerability>
<title>p1m media manager - SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20270</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-table-reloaded">
<vulnerability>
<title>wp-table-reloaded &lt;= 1.9.3 - zeroclipboard.swf id Parameter XSS</title>
<references>
<osvdb>89754</osvdb>
<cve>2013-1463</cve>
<secunia>52027</secunia>
<url>http://packetstormsecurity.com/files/119968/</url>
<url>http://seclists.org/bugtraq/2013/Feb/28</url>
<url>http://www.securityfocus.com/bid/57664</url>
</references>
<type>XSS</type>
<fixed_in>1.9.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-gallery">
<vulnerability>
<title>Gallery - "load" Remote File Inclusion Vulnerability</title>
<references>
<osvdb>89753</osvdb>
<cve>2012-4919</cve>
<secunia>51347</secunia>
<url>http://www.securityfocus.com/bid/57650</url>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="forumconverter">
<vulnerability>
<title>ForumConverter - SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20275</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="newsletter">
<vulnerability>
<title>Newsletter - SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20287</url>
</references>
<type>SQLI</type>
<fixed_in>3.0.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Newsletter 3.2.6 - "alert" Cross-Site Scripting Vulnerability</title>
<references>
<osvdb>93421</osvdb>
<secunia>53398</secunia>
<url>http://packetstormsecurity.com/files/121634/</url>
<url>http://www.securityfocus.com/bid/59856</url>
<url>http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php</url>
</references>
<type>XSS</type>
<fixed_in>3.2.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="commentluv">
<vulnerability>
<title>CommentLuv 2.92.3 - Cross Site Scripting Vulnerability</title>
<references>
<osvdb>89925</osvdb>
<cve>2013-1409</cve>
<url>https://www.htbridge.com/advisory/HTB23138</url>
<url>http://packetstormsecurity.com/files/120090/</url>
<url>http://seclists.org/bugtraq/2013/Feb/30</url>
<url>http://cxsecurity.com/issue/WLB-2013020040</url>
<secunia>52092</secunia>
</references>
<type>XSS</type>
<fixed_in>2.92.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-forum">
<vulnerability>
<title>wp-forum - SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013020035</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-ecommerce-shop-styling">
<vulnerability>
<title>WP ecommerce Shop Styling 1.7.2 - generate-pdf.php dompdf Parameter Remote File Inclusion</title>
<references>
<osvdb>89921</osvdb>
<cve>2013-0724</cve>
<secunia>51707</secunia>
</references>
<type>RFI</type>
<fixed_in>1.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="audio-player">
<vulnerability>
<title>Audio Player - player.swf playerID Parameter XSS</title>
<references>
<osvdb>89963</osvdb>
<cve>2013-1464</cve>
<url>http://packetstormsecurity.com/files/120129/</url>
<url>http://seclists.org/bugtraq/2013/Feb/35</url>
<secunia>52083</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0.4.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="ckeditor-for-wordpress">
<vulnerability>
<title>CKEditor 4.0 - Arbitrary File Upload Exploit</title>
<references>
<url>http://1337day.com/exploit/20318</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="myftp-ftp-like-plugin-for-wordpress">
<vulnerability>
<title>myftp-ftp-like-plugin-for-wordpress v2 - SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013020061</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="password-protected">
<vulnerability>
<title>Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect</title>
<references>
<osvdb>90559</osvdb>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="contact-form-plugin">
<vulnerability>
<title>Contact Form 3.34 - contact_form.php cntctfrm_contact_message Parameter XSS</title>
<references>
<osvdb>90502</osvdb>
<secunia>52179</secunia>
</references>
<type>XSS</type>
<fixed_in>3.35</fixed_in>
</vulnerability>
<vulnerability>
<title>Contact Form 3.36 - contact_form.php cntctfrm_contact_email Parameter XSS</title>
<references>
<osvdb>90503</osvdb>
<secunia>52250</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="smart-flv">
<vulnerability>
<title>smart-flv - jwplayer.swf XSS</title>
<references>
<osvdb>90606</osvdb>
<cve>2013-1765</cve>
<url>http://www.openwall.com/lists/oss-security/2013/02/24/7</url>
<url>http://packetstormsecurity.com/files/115100/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="GoogleAlertandtwitterplugin">
<vulnerability>
<title>Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection</title>
<references>
<url>http://1337day.com/exploit/20433</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="php-shell">
<vulnerability>
<title>PHP Shell Plugin</title>
<references>
<url>https://github.com/wpscanteam/wpscan/issues/138</url>
<url>http://plugins.svn.wordpress.org/php-shell/trunk/shell.php</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="marekkis-watermark">
<vulnerability>
<title>Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS</title>
<references>
<osvdb>90362</osvdb>
<cve>2013-1758</cve>
<secunia>52227</secunia>
<url>http://packetstormsecurity.com/files/120378/</url>
<url>http://seclists.org/bugtraq/2013/Feb/83</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="responsive-logo-slideshow">
<vulnerability>
<title>Responsive Logo Slideshow - URL and Image Field XSS</title>
<references>
<osvdb>90406</osvdb>
<cve>2013-1759</cve>
<url>http://packetstormsecurity.com/files/120379/</url>
<url>http://seclists.org/bugtraq/2013/Feb/84</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="zopim-live-chat">
<vulnerability>
<title>zopim-live-chat &lt;= 1.2.5 - XSS in ZeroClipboard</title>
<references>
<osvdb>90374</osvdb>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ed2k-link-selector">
<vulnerability>
<title>ed2k-link-selector &lt;= 1.1.7 - XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wppygments">
<vulnerability>
<title>wppygments &lt;= 0.3.2 - XSS in ZeroClipboard</title>
<references>
<osvdb>90374</osvdb>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="copy-in-clipboard">
<vulnerability>
<title>copy-in-clipboard &lt;= 0.8 - XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="search-and-share">
<vulnerability>
<title>search-and-share 0.9.3 - SearchAndShare.php Direct Request Path Disclosure</title>
<references>
<osvdb>93260</osvdb>
<url>http://packetstormsecurity.com/files/121595/</url>
<url>http://seclists.org/fulldisclosure/2013/May/49</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>search-and-share &lt;= 0.9.3 - XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="placester">
<vulnerability>
<title>placester &lt;= 0.3.12 - XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="drp-coupon">
<vulnerability>
<title>drp-coupon &lt;= 2.1 - XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="coupon-code-plugin">
<vulnerability>
<title>coupon-code-plugin &lt;= 2.1 - XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="q2w3-inc-manager">
<vulnerability>
<title>q2w3-inc-manager &lt;= 2.3.1 - XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="scorerender">
<vulnerability>
<title>scorerender &lt;= 0.3.4 - XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-link-to-us">
<vulnerability>
<title>wp-link-to-us &lt;= 2.0 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="buckets">
<vulnerability>
<title>buckets &lt;= 0.1.9.2 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="java-trackback">
<vulnerability>
<title>java-trackback &lt;= 0.2 - XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slidedeck2">
<vulnerability>
<title>slidedeck2 2.3.3 - Unspecified File Inclusion</title>
<references>
<osvdb>105132</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>2.3.5</fixed_in>
</vulnerability>
<vulnerability>
<title>slidedeck2 &lt;= 2.1.20130228 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-clone-by-wp-academy">
<vulnerability>
<title>wp-clone-by-wp-academy &lt;= 2.1.1 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="tiny-url">
<vulnerability>
<title>tiny-url &lt;= 1.3.2 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="thethe-layout-grid">
<vulnerability>
<title>thethe-layout-grid &lt;= 1.0.0 - XSS in ZeroClipboard.</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="paypal-digital-goods-monetization-powered-by-cleeng">
<vulnerability>
<title>paypal-digital-goods-monetization-powered-by-cleeng &lt;= 2.2.13 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mobileview">
<vulnerability>
<title>mobileview &lt;= 1.0.7 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="jaspreetchahals-coupons-lite">
<vulnerability>
<title>jaspreetchahals-coupons-lite &lt;= 2.1 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="geshi-source-colorer">
<vulnerability>
<title>geshi-source-colorer &lt;= 0.13 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="click-to-copy-grab-box">
<vulnerability>
<title>click-to-copy-grab-box &lt;= 0.1.1 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cleeng">
<vulnerability>
<title>cleeng &lt;= 2.3.2 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bp-code-snippets">
<vulnerability>
<title>bp-code-snippets &lt;= 2.0 - XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="snazzy-archives">
<vulnerability>
<title>snazzy-archives &lt;= 1.7.1 - swf/tagcloud.swf tagcloud Parameter XSS</title>
<references>
<osvdb>91127</osvdb>
<cve>2009-4168</cve>
<secunia>52527</secunia>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/3</url>
</references>
<type>XSS</type>
<fixed_in>1.7.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="vkontakte-api">
<vulnerability>
<title>vkontakte-api - vkontakte-api/swf/tagcloud.swf tagcloud Parameter XSS</title>
<references>
<osvdb>91128</osvdb>
<cve>2009-4168</cve>
<secunia>52539</secunia>
<url>http://seclists.org/oss-sec/2013/q1/616</url>
<url>http://www.openwall.com/lists/oss-security/2013/03/11/1</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="terillion-reviews">
<vulnerability>
<title>Terillion Reviews &lt; 1.2 - Profile Id Field XSS</title>
<references>
<osvdb>91123</osvdb>
<cve>2013-2501</cve>
<url>http://packetstormsecurity.com/files/120730/</url>
<url>http://www.securityfocus.com/bid/58415</url>
<url>http://xforce.iss.net/xforce/xfdb/82727</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="o2s-gallery">
<vulnerability>
<title>o2s-gallery - Cross Site Scripting Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20516</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bp-gallery">
<vulnerability>
<title>bp-gallery 1.2.5 - Cross Site Scripting Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20518</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simply-poll">
<vulnerability>
<title>Simply Poll 1.4.1 - wp-admin/admin.php question Parameter XSS</title>
<references>
<osvdb>91446</osvdb>
<exploitdb>24850</exploitdb>
<url>http://packetstormsecurity.com/files/120833/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Simply Poll 1.4.1 - wp-admin/admin.php Poll Manipulation CSRF</title>
<references>
<osvdb>91447</osvdb>
<secunia>52681</secunia>
<exploitdb>24850</exploitdb>
<url>http://packetstormsecurity.com/files/120833/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="occasions">
<vulnerability>
<title>Occasions 1.0.4 - Manipulation CSRF</title>
<references>
<osvdb>91489</osvdb>
<exploitdb>24858</exploitdb>
<secunia>52651</secunia>
<url>http://packetstormsecurity.com/files/120871/</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>Occasions 1.0.4 - occasions/occasions.php occ_content1 Parameter XSS</title>
<references>
<osvdb>91490</osvdb>
<exploitdb>24858</exploitdb>
<url>http://packetstormsecurity.com/files/120871/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mathjax-latex">
<vulnerability>
<title>Mathjax Latex 1.1 - Setting Manipulation CSRF</title>
<references>
<osvdb>91737</osvdb>
<exploitdb>24889</exploitdb>
<url>http://packetstormsecurity.com/files/120931/</url>
<url>http://1337day.com/exploit/20566</url>
</references>
<type>CSRF</type>
<fixed_in>1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-banners-lite">
<vulnerability>
<title>WP-Banners-Lite 1.4.0 - XSS vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/120928/</url>
<url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="backupbuddy">
<vulnerability>
<title>Backupbuddy - importbuddy.php Direct Request Remote Backup File Disclosure</title>
<references>
<osvdb>91631</osvdb>
<cve>2013-2741</cve>
<url>http://packetstormsecurity.com/files/120923/</url>
<url>http://seclists.org/fulldisclosure/2013/Mar/206</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
<vulnerability>
<title>Backupbuddy - importbuddy.php step Parameter Manipulation Authentication Bypass</title>
<references>
<osvdb>91890</osvdb>
<cve>2013-2743</cve>
<url>http://packetstormsecurity.com/files/120923/</url>
<url>http://seclists.org/fulldisclosure/2013/Mar/206</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
<vulnerability>
<title>Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure</title>
<references>
<osvdb>91891</osvdb>
<cve>2013-2744</cve>
<url>http://packetstormsecurity.com/files/120923/</url>
<url>http://seclists.org/fulldisclosure/2013/Mar/206</url>
<url>http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Backupbuddy - importbuddy.php Restore Operation Persistence Weakness</title>
<references>
<osvdb>91892</osvdb>
<cve>2013-2742</cve>
<url>http://packetstormsecurity.com/files/120923/</url>
<url>http://seclists.org/fulldisclosure/2013/Mar/206</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="wp-funeral-press">
<vulnerability>
<title>FuneralPress 1.1.6 - Persistent XSS</title>
<references>
<exploitdb>24914</exploitdb>
<cve>2013-3529</cve>
<osvdb>91868</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Mar/282</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="chikuncount">
<vulnerability>
<title>chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="open-flash-chart-core-wordpress-plugin">
<vulnerability>
<title>open-flash-chart-core - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<secunia>37903</secunia>
<cve>2009-4140</cve>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
<fixed_in>0.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="spamtask">
<vulnerability>
<title>spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="php-analytics">
<vulnerability>
<title>php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="seo-spy-google-wordpress-plugin">
<vulnerability>
<title>seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-seo-spy-google">
<vulnerability>
<title>wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="podpress">
<vulnerability>
<title>podPress 8.8.10.13 - players/1pixelout/1pixelout_player.swf playerID Parameter XSS</title>
<references>
<osvdb>91129</osvdb>
<cve>2013-2714</cve>
<secunia>52544</secunia>
<url>http://packetstormsecurity.com/files/121011/</url>
</references>
<type>XSS</type>
<fixed_in>8.8.10.17</fixed_in>
</vulnerability>
</plugin>
<plugin name="fbsurveypro">
<vulnerability>
<title>fbsurveypro - XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20623</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="timelineoptinpro">
<vulnerability>
<title>timelineoptinpro - XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20620</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="kioskprox">
<vulnerability>
<title>kioskprox - XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20624</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bigcontact">
<vulnerability>
<title>bigcontact - SQLI</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset/689798</url>
</references>
<type>SQLI</type>
<fixed_in>1.4.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="drawblog">
<vulnerability>
<title>drawblog - CSRF</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset/691178</url>
</references>
<type>CSRF</type>
<fixed_in>0.81</fixed_in>
</vulnerability>
</plugin>
<plugin name="social-media-widget">
<vulnerability>
<title>Social Media Widget - malicious code</title>
<references>
<url>https://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839@social-media-widget/trunk&amp;new=693941@social-media-widget/trunk</url>
<url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot</url>
</references>
<type>UNKNOWN</type>
<fixed_in>4.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection</title>
<references>
<osvdb>92312</osvdb>
<cve>2013-1949</cve>
<secunia>53020</secunia>
<url>http://seclists.org/oss-sec/2013/q2/10</url>
</references>
<type>UNKNOWN</type>
<fixed_in>4.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="facebook-members">
<vulnerability>
<title>facebook-members 5.0.4 - Setting Manipulation CSRF</title>
<references>
<osvdb>92642</osvdb>
<secunia>52962</secunia>
<cve>2013-2703</cve>
</references>
<type>CSRF</type>
<fixed_in>5.0.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="foursquare-checkins">
<vulnerability>
<title>foursquare-checkins - CSRF</title>
<references>
<osvdb>92641</osvdb>
<cve>2013-2709</cve>
<secunia>53151</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="formidable">
<vulnerability>
<title>Formidable Forms 1.06.03 - ofc_upload_image.php Shell Upload Remote Code Execution</title>
<references>
<osvdb>106985</osvdb>
<url>http://www.securityfocus.com/bid/67390</url>
<url>http://packetstormsecurity.com/files/126583/</url>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>formidable Pro - Unspecified Vulnerabilities</title>
<references>
<secunia>53121</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.06.09</fixed_in>
</vulnerability>
</plugin>
<plugin name="all-in-one-webmaster">
<vulnerability>
<title>All in one webmaster 8.2.3 - Script Insertion CSRF</title>
<references>
<osvdb>92640</osvdb>
<secunia>52877</secunia>
<cve>2013-2696</cve>
</references>
<type>CSRF</type>
<fixed_in>8.2.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="background-music">
<vulnerability>
<title>background-music 1.0 - jPlayer.swf XSS</title>
<references>
<secunia>53057</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="haiku-minimalist-audio-player">
<vulnerability>
<title>haiku-minimalist-audio-player &lt;= 1.1.0 - jPlayer.swf XSS</title>
<references>
<osvdb>92254</osvdb>
<secunia>51336</secunia>
</references>
<type>XSS</type>
<fixed_in>1.1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="jammer">
<vulnerability>
<title>jammer &lt;= 0.2 - jPlayer.swf XSS</title>
<references>
<osvdb>92254</osvdb>
<secunia>53106</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="syntaxhighlighter">
<vulnerability>
<title>SyntaxHighlighter Evolved 3.1.9 - Unspecified XSS</title>
<references>
<osvdb>106587</osvdb>
</references>
<type>XSS</type>
<fixed_in>3.1.10</fixed_in>
</vulnerability>
<vulnerability>
<title>SyntaxHighlighter Evolved 3.1.5 - clipboard.swf Unspecified XSS</title>
<references>
<osvdb>92848</osvdb>
<secunia>53235</secunia>
</references>
<type>XSS</type>
<fixed_in>3.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="top-10">
<vulnerability>
<title>top-10 1.9.2 - Setting Manipulation CSRF</title>
<references>
<osvdb>92849</osvdb>
<secunia>53205</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.9.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="easy-adsense-lite">
<vulnerability>
<title>Easy AdSense Lite 6.06 - Setting Manipulation CSRF</title>
<references>
<osvdb>92910</osvdb>
<cve>2013-2702</cve>
<secunia>52953</secunia>
</references>
<type>CSRF</type>
<fixed_in>6.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="uk-cookie">
<vulnerability>
<title>uk-cookie - XSS</title>
<references>
<osvdb>87561</osvdb>
<url>http://seclists.org/bugtraq/2012/Nov/50</url>
<cve>2012-5856</cve>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>uk-cookie - CSRF</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/06/06/10</url>
<osvdb>94032</osvdb>
<cve>2013-2180</cve>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wp-cleanfix">
<vulnerability>
<title>wp-cleanfix - Remote Command Execution, CSRF and XSS</title>
<references>
<url>https://github.com/wpscanteam/wpscan/issues/186</url>
<url>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</url>
<osvdb>93450</osvdb>
<secunia>53395</secunia>
<osvdb>93468</osvdb>
<cve>2013-2108</cve>
<cve>2013-2109</cve>
</references>
<type>MULTI</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="mail-on-update">
<vulnerability>
<title>Mail On Update 5.1.0 - Email Option Manipulation CSRF</title>
<references>
<osvdb>93452</osvdb>
<secunia>53449</secunia>
<url>http://www.openwall.com/lists/oss-security/2013/05/16/8</url>
</references>
<type>CSRF</type>
<fixed_in>5.2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="advanced-xml-reader">
<vulnerability>
<title>Advanced XML Reader 0.3.4 - XML External Entity (XXE) Injection</title>
<references>
<url>http://packetstormsecurity.com/files/121492/</url>
</references>
<type>XXE</type>
</vulnerability>
<vulnerability>
<title>Advanced XML Reader 0.1.1 - XML External Entity (XXE) Data Parsing Arbitrary File Disclosure</title>
<references>
<osvdb>92904</osvdb>
<url>http://seclists.org/bugtraq/2013/May/5</url>
</references>
<type>XXE</type>
</vulnerability>
</plugin>
<plugin name="related-posts-by-zemanta">
<vulnerability>
<title>Related Posts by Zemanta 1.3.1 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>93364</osvdb>
<cve>2013-3477</cve>
<secunia>53321</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-23-related-posts-plugin">
<vulnerability>
<title>WordPress Related Posts 2.6.1 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>93362</osvdb>
<cve>2013-3476</cve>
<secunia>53279</secunia>
</references>
<type>CSRF</type>
<fixed_in>2.7.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="related-posts">
<vulnerability>
<title>Related Posts 2.7.1 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>93363</osvdb>
<cve>2013-3257</cve>
<secunia>53122</secunia>
<url>http://www.securityfocus.com/bid/59836</url>
</references>
<type>CSRF</type>
<fixed_in>2.7.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-print-friendly">
<vulnerability>
<title>WP Print Friendly 3.3.7 - wp-admin/options.php printfriendly_option custom_image Parameter XSS</title>
<references>
<osvdb>103874</osvdb>
<url>http://packetstormsecurity.com/files/125420/</url>
</references>
<type>XSS</type>
<fixed_in>0.5.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Print Friendly &lt;= 0.5.2 - Security Bypass Vulnerability</title>
<references>
<osvdb>93243</osvdb>
<secunia>53371</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>0.5.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="contextual-related-posts">
<vulnerability>
<title>Contextual Related Posts 1.8.10.1 - contextual-related-posts.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>104655</osvdb>
<cve>2014-3937</cve>
<url>http://www.securityfocus.com/bid/67853</url>
</references>
<type>SQLI</type>
<fixed_in>1.8.10.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Contextual Related Posts 1.8.6 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>93088</osvdb>
<cve>2013-2710</cve>
<secunia>52960</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.8.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="calendar">
<vulnerability>
<title>Calendar 1.3.2 - Entry Addition CSRF</title>
<references>
<osvdb>93025</osvdb>
<cve>2013-2698</cve>
<secunia>52841</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.3.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="feedweb">
<vulnerability>
<title>Feedweb 2.4 - feedweb_settings.php _wp_http_referer Parameter DOM-based XSS</title>
<references>
<osvdb>103788</osvdb>
<secunia>57108</secunia>
<url>http://www.securityfocus.com/bid/65800</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Feedweb 1.8.8 - widget_remove.php wp_post_id Parameter XSS</title>
<references>
<osvdb>91951</osvdb>
<cve>2013-3720</cve>
<secunia>52855</secunia>
<url>http://www.securityfocus.com/bid/58771</url>
</references>
<type>XSS</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-print">
<vulnerability>
<title>WP-Print 2.51 - Setting Manipulation CSRF</title>
<references>
<osvdb>92053</osvdb>
<cve>2013-2693</cve>
<secunia>52878</secunia>
<url>http://www.securityfocus.com/bid/58900</url>
</references>
<type>CSRF</type>
<fixed_in>2.52</fixed_in>
</vulnerability>
</plugin>
<plugin name="trafficanalyzer">
<vulnerability>
<title>Traffic Analyzer 3.3.2 - js/ta_loaded.js.php aoid Parameter XSS</title>
<references>
<osvdb>92197</osvdb>
<cve>2013-3526</cve>
<secunia>52929</secunia>
<url>http://packetstormsecurity.com/files/121167/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-download-manager">
<vulnerability>
<title>WP-DownloadManager 1.60 - Script Insertion CSRF</title>
<references>
<osvdb>92119</osvdb>
<cve>2013-2697</cve>
<secunia>52863</secunia>
<url>http://www.securityfocus.com/bid/58937</url>
</references>
<type>CSRF</type>
<fixed_in>1.61</fixed_in>
</vulnerability>
</plugin>
<plugin name="digg-digg">
<vulnerability>
<title>Digg Digg 5.3.4 - Setting Manipulation CSRF</title>
<references>
<osvdb>93544</osvdb>
<cve>2013-3258</cve>
<secunia>53120</secunia>
<url>http://www.securityfocus.com/bid/60046</url>
<url>http://xforce.iss.net/xforce/xfdb/84418</url>
</references>
<type>CSRF</type>
<fixed_in>5.3.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="ssquiz">
<vulnerability>
<title>SS Quiz - Multiple Unspecified Vulnerabilities</title>
<references>
<osvdb>93531</osvdb>
<secunia>53378</secunia>
<url>http://wordpress.org/plugins/ssquiz/changelog/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="funcaptcha">
<vulnerability>
<title>FunCaptcha 0.3.2- Setting Manipulation CSRF</title>
<references>
<osvdb>92272</osvdb>
<secunia>53021</secunia>
<url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
</references>
<type>CSRF</type>
<fixed_in>0.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>FunCaptcha 0.4.3 - wp_funcaptcha_admin_activate.php URI XSS</title>
<references>
<osvdb>100392</osvdb>
<secunia>55863</secunia>
</references>
<type>XSS</type>
<fixed_in>0.4.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="xili-language">
<vulnerability>
<title>xili-language - index.php lang Parameter XSS</title>
<references>
<osvdb>93233</osvdb>
<secunia>53364</secunia>
</references>
<type>XSS</type>
<fixed_in>2.8.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-seo">
<vulnerability>
<title>WordPress SEO - Security issue which allowed any user to reset settings</title>
<references>
<url>http://wordpress.org/plugins/wordpress-seo/changelog/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.5</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress SEO 1.14.15 - index.php s Parameter Reflected XSS</title>
<references>
<osvdb>97885</osvdb>
<url>http://packetstormsecurity.com/files/123028/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress SEO 1.4.6 - Reset Settings Feature Access Restriction Bypass</title>
<references>
<osvdb>92147</osvdb>
<secunia>52949</secunia>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="underconstruction">
<vulnerability>
<title>Under Construction 1.09 - Authenticated Single Page Viewing Unspecified Issue</title>
<references>
<osvdb>102507</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.10</fixed_in>
</vulnerability>
<vulnerability>
<title>Under Construction 1.08 - Setting Manipulation CSRF</title>
<references>
<url>http://wordpress.org/plugins/underconstruction/changelog/</url>
<osvdb>93857</osvdb>
<secunia>52881</secunia>
<cve>2013-2699</cve>
</references>
<type>CSRF</type>
<fixed_in>1.09</fixed_in>
</vulnerability>
</plugin>
<plugin name="adif-log-search-widget">
<vulnerability>
<title>ADIF Log Search Widget - XSS Arbitrary Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/121777/</url>
<osvdb>93721</osvdb>
<secunia>53599</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="exploit-scanner">
<vulnerability>
<title>Exploit Scanner - FPD and Security bypass vulnerabilities</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/May/216</url>
<osvdb>93799</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="ga-universal">
<vulnerability>
<title>GA Universal 1.0 - Setting Manipulation CSRF</title>
<references>
<osvdb>92237</osvdb>
<secunia>52976</secunia>
<url>http://wordpress.org/plugins/ga-universal/changelog/</url>
</references>
<type>CSRF</type>
<fixed_in>1.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="export-to-text">
<vulnerability>
<title>Export to text - Remote File Inclusion Vulnerability</title>
<references>
<secunia>51348</secunia>
<osvdb>93715</osvdb>
</references>
<type>RFI</type>
<fixed_in>2.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="qtranslate">
<vulnerability>
<title>qTranslate 2.5.34 - Setting Manipulation CSRF</title>
<references>
<osvdb>93873</osvdb>
<cve>2013-3251</cve>
<secunia>53126</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="image-slider-with-description">
<vulnerability>
<title>Image slider with description - Unspecified Vulnerability</title>
<references>
<secunia>53588</secunia>
<osvdb>93691</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>7.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="user-role-editor">
<vulnerability>
<title>User Role Editor - Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53593</secunia>
<osvdb>93699</osvdb>
<exploitdb>25721</exploitdb>
</references>
<type>CSRF</type>
<fixed_in>3.14</fixed_in>
</vulnerability>
</plugin>
<plugin name="eelv-newsletter">
<vulnerability>
<title>EELV Newsletter 3.4.3 - lettreinfo.php Unspecified XSS</title>
<references>
<osvdb>104875</osvdb>
</references>
<type>XSS</type>
<fixed_in>3.5.0</fixed_in>
</vulnerability>
<vulnerability>
<title>EELV Newsletter - Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53546</secunia>
<osvdb>93685</osvdb>
</references>
<type>XSS</type>
<fixed_in>3.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="frontier-post">
<vulnerability>
<title>Frontier Post - Publishing Posts Security Bypass</title>
<references>
<secunia>53474</secunia>
<osvdb>93639</osvdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="spider-catalog">
<vulnerability>
<title>Spider Catalog - Cross-Site Scripting and SQL Injection Vulnerabilities</title>
<references>
<secunia>53491</secunia>
<osvdb>93591</osvdb>
<osvdb>93593</osvdb>
<osvdb>93594</osvdb>
<osvdb>93595</osvdb>
<osvdb>93596</osvdb>
<osvdb>93597</osvdb>
<osvdb>93598</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="spider-event-calendar">
<vulnerability>
<title>Spider Event Calendar - Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities</title>
<references>
<secunia>53481</secunia>
<osvdb>93582</osvdb>
<osvdb>93583</osvdb>
<osvdb>93584</osvdb>
<osvdb>93585</osvdb>
<osvdb>93586</osvdb>
<osvdb>93587</osvdb>
<osvdb>93588</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="antivirus">
<vulnerability>
<title>AntiVirus 1.0 - PHP Backdoor Detection Bypass</title>
<references>
<osvdb>95134</osvdb>
<url>http://packetstormsecurity.com/files/121833/</url>
<url>http://seclists.org/fulldisclosure/2013/Jun/0</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>AntiVirus 1.0 - uninstall.php Direct Request Path Disclosure</title>
<references>
<osvdb>95135</osvdb>
<url>http://packetstormsecurity.com/files/121833/</url>
<url>http://seclists.org/fulldisclosure/2013/Jun/0</url>
</references>
<type>FPD</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-maintenance-mode">
<vulnerability>
<title>WP Maintenance Mode 1.8.7 - Setting Manipulation CSRF</title>
<references>
<osvdb>94450</osvdb>
<cve>2013-3250</cve>
<secunia>53125</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.8.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="ultimate-auction">
<vulnerability>
<title>Ultimate Auction 1.0 - CSRF Vulnerability</title>
<references>
<osvdb>94407</osvdb>
<exploitdb>26240</exploitdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mapsmarker">
<vulnerability>
<title>Leaflet Maps Marker - Multiple security issues</title>
<references>
<secunia>49845</secunia>
<url>http://www.mapsmarker.com/2012/06/06/leaflet-maps-marker-v2-4-is-available/</url>
</references>
<type>MULTI</type>
<fixed_in>2.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Leaflet Maps Marker - Tag Multiple Parameter SQL Injection</title>
<references>
<osvdb>94388</osvdb>
<secunia>53855</secunia>
<url>http://www.mapsmarker.com/2013/05/24/v3-5-4-with-lots-of-translation-updates-bugfixes-is-available/</url>
</references>
<type>SQLI</type>
<fixed_in>3.5.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="leaflet-maps-marker-pro">
<vulnerability>
<title>Leaflet Maps Marker Pro - SQLI, XSS, Shell Upload, file delete</title>
<references>
<url>http://www.mapsmarker.com/2014/03/26/pro-v1-5-8-with-wordpress-3-9-compatibility-improvements-based-on-a-security-audit-by-the-city-of-vienna-is-available/</url>
</references>
<type>MULTI</type>
<fixed_in>1.5.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="xorbin-analog-flash-clock">
<vulnerability>
<title>Xorbin Analog Flash Clock 1.0 - Flash-based XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122222/</url>
<cve>2013-4692</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xorbin-digital-flash-clock">
<vulnerability>
<title>Xorbin Digital Flash Clock 1.0 - Flash-based XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122223/</url>
<cve>2013-4693</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dropdown-menu-widget">
<vulnerability>
<title>Dropdown Menu Widget 1.9.1 - Script Insertion CSRF</title>
<references>
<osvdb>94771</osvdb>
<cve>2013-2704</cve>
<secunia>52958</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="buddypress-extended-friendship-request">
<vulnerability>
<title>BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS</title>
<references>
<osvdb>94807</osvdb>
<cve>2013-4944</cve>
<secunia>54048</secunia>
</references>
<type>XSS</type>
<fixed_in>1.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-private-messages">
<vulnerability>
<title>wp-private-messages - /wp-admin/profile.php msgid Parameter SQL Injection</title>
<references>
<osvdb>94702</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="stream-video-player">
<vulnerability>
<title>Stream Video Player &lt;= 1.4.0 - Setting Manipulation CSRF</title>
<references>
<osvdb>94466</osvdb>
<cve>2013-2706</cve>
<secunia>52954</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="duplicator">
<vulnerability>
<title>Duplicator - installer.cleanup.php package Parameter XSS</title>
<references>
<osvdb>95627</osvdb>
<cve>2013-4625</cve>
<url>http://packetstormsecurity.com/files/122535/</url>
</references>
<type>XSS</type>
<fixed_in>0.4.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="citizen-space">
<vulnerability>
<title>Citizen Space 1.0 - Script Insertion CSRF</title>
<references>
<osvdb>95570</osvdb>
<secunia>54256</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="spicy-blogroll">
<vulnerability>
<title>Spicy Blogroll - spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
<references>
<osvdb>95557</osvdb>
<exploitdb>26804</exploitdb>
<url>http://packetstormsecurity.com/files/122396/</url>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="pie-register">
<vulnerability>
<title>Pie Register - wp-login.php Multiple Parameter XSS</title>
<references>
<osvdb>95160</osvdb>
<cve>2013-4954</cve>
<secunia>54123</secunia>
<url>http://www.securityfocus.com/bid/61140</url>
<url>http://xforce.iss.net/xforce/xfdb/85604</url>
</references>
<type>XSS</type>
<fixed_in>1.31</fixed_in>
</vulnerability>
</plugin>
<plugin name="xhanch-my-twitter">
<vulnerability>
<title>Xhanch my Twitter - CSRF in admin/setting.php</title>
<references>
<osvdb>96027</osvdb>
<secunia>53133</secunia>
<cve>2013-3253</cve>
</references>
<type>CSRF</type>
<fixed_in>2.7.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="sexybookmarks">
<vulnerability>
<title>SexyBookmarks - Setting Manipulation CSRF</title>
<references>
<osvdb>95908</osvdb>
<cve>2013-3256</cve>
<secunia>53138</secunia>
</references>
<type>CSRF</type>
<fixed_in>6.1.5.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="hms-testimonials">
<vulnerability>
<title>HMS Testimonials 2.0.10 - CSRF</title>
<references>
<url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
<cve>2013-4240</cve>
<osvdb>96107</osvdb>
<osvdb>96108</osvdb>
<osvdb>96109</osvdb>
<osvdb>96110</osvdb>
<osvdb>96111</osvdb>
<secunia>54402</secunia>
<exploitdb>27531</exploitdb>
<url>http://packetstormsecurity.com/files/122761/</url>
</references>
<type>CSRF</type>
<fixed_in>2.0.11</fixed_in>
</vulnerability>
<vulnerability>
<title>HMS Testimonials 2.0.10 - XSS</title>
<references>
<url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
<cve>2013-4241</cve>
<osvdb>96107</osvdb>
<osvdb>96108</osvdb>
<osvdb>96109</osvdb>
<osvdb>96110</osvdb>
<osvdb>96111</osvdb>
<secunia>54402</secunia>
<exploitdb>27531</exploitdb>
<url>http://packetstormsecurity.com/files/122761/</url>
</references>
<type>XSS</type>
<fixed_in>2.0.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="indianic-testimonial">
<vulnerability>
<title>IndiaNIC Testimonial 2.2 - Setting Manipulation CSRF</title>
<references>
<osvdb>96792</osvdb>
<cve>2013-5672</cve>
<exploitdb>28054</exploitdb>
<url>http://packetstormsecurity.com/files/123036/</url>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>IndiaNIC Testimonial 2.2 - testimonial.php custom_query Parameter SQL Injection</title>
<references>
<osvdb>96793</osvdb>
<cve>2013-5673</cve>
<exploitdb>28054</exploitdb>
<url>http://packetstormsecurity.com/files/123036/</url>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>IndiaNIC Testimonial 2.2 - iNIC_testimonial_save Action Multiple Parameter XSS</title>
<references>
<osvdb>96795</osvdb>
<exploitdb>28054</exploitdb>
<url>http://packetstormsecurity.com/files/123036/</url>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="usernoise">
<vulnerability>
<title>Usernoise 3.7.8 - Feedback Submission summary Field XSS</title>
<references>
<osvdb>96000</osvdb>
<exploitdb>27403</exploitdb>
<url>http://packetstormsecurity.com/files/122701/</url>
</references>
<type>XSS</type>
<fixed_in>3.7.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="platinum-seo-pack">
<vulnerability>
<title>platinum_seo_pack.php - s Parameter Reflected XSS</title>
<references>
<osvdb>97263</osvdb>
<cve>2013-5918</cve>
</references>
<fixed_in>1.3.8</fixed_in>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="design-approval-system">
<vulnerability>
<title>Design Approval System 3.6 - XSS Vulnerability</title>
<references>
<osvdb>97192</osvdb>
<osvdb>97279</osvdb>
<secunia>54704</secunia>
<url>http://seclists.org/bugtraq/2013/Sep/54</url>
<url>http://packetstormsecurity.com/files/123227/</url>
<cve>2013-5711</cve>
</references>
<fixed_in>3.7</fixed_in>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="event-easy-calendar">
<vulnerability>
<title>Event Easy Calendar 1.0.0 - Multiple Administrator Action CSRF</title>
<references>
<osvdb>97042</osvdb>
<url>http://packetstormsecurity.com/files/123132/</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>Event Easy Calendar 1.0.0 - Multiple Unspecified XSS</title>
<references>
<osvdb>97041</osvdb>
<url>http://packetstormsecurity.com/files/123132/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bradesco-gateway">
<vulnerability>
<title>Bradesco - falha.php URI Reflected XSS</title>
<references>
<osvdb>97624</osvdb>
<cve>2013-5916</cve>
<url>http://packetstormsecurity.com/files/123356/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="social-hashtags">
<vulnerability>
<title>Social Hashtags 2.0.0 - New Post Title Field Stored XSS</title>
<references>
<osvdb>98027</osvdb>
<url>http://packetstormsecurity.com/files/123485/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-flickr-display">
<vulnerability>
<title>Simple Flickr Display - Username Field Stored XSS</title>
<references>
<osvdb>97991</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="lazy-seo">
<vulnerability>
<title>Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution</title>
<references>
<osvdb>97662</osvdb>
<cve>2013-5961</cve>
<exploitdb>28452</exploitdb>
<url>http://packetstormsecurity.com/files/123349/</url>
<url>http://xforce.iss.net/xforce/xfdb/87384</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="seo-watcher">
<vulnerability>
<title>SEO Watcher - Open Flash Chart Arbitrary File Creation Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/123493/</url>
<secunia>55162</secunia>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="all-in-one-seo-pack">
<vulnerability>
<title>All in One SEO Pack &lt;= 2.1.5 - aioseop_functions.php new_meta Parameter XSS</title>
<references>
<osvdb>107640</osvdb>
<url>http://blog.sucuri.net/2014/05/vulnerability-found-in-the-all-in-one-seo-pack-wordpress-plugin.html</url>
</references>
<fixed_in>2.1.6</fixed_in>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>All in One SEO Pack &lt;= 2.1.5 - Unspecified Privilege Escalation</title>
<references>
<osvdb>107641</osvdb>
<url>http://blog.sucuri.net/2014/05/vulnerability-found-in-the-all-in-one-seo-pack-wordpress-plugin.html</url>
</references>
<fixed_in>2.1.6</fixed_in>
<type>AUTHBYPASS</type>
</vulnerability>
<vulnerability>
<title>All in One SEO Pack &lt;= 2.0.3 - XSS Vulnerability</title>
<references>
<osvdb>98023</osvdb>
<cve>2013-5988</cve>
<url>http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html</url>
<url>http://packetstormsecurity.com/files/123490/</url>
<url>http://www.securityfocus.com/bid/62784</url>
<url>http://seclists.org/bugtraq/2013/Oct/8</url>
<secunia>55133</secunia>
</references>
<fixed_in>2.0.3.1</fixed_in>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-dropbox-upload-form">
<vulnerability>
<title>Simple Dropbox Upload - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/123235/</url>
<url>http://xforce.iss.net/xforce/xfdb/87166</url>
<osvdb>97457</osvdb>
<secunia>54856</secunia>
<cve>2013-5963</cve>
</references>
<fixed_in>1.8.8.1</fixed_in>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-ultimate-email-marketer">
<vulnerability>
<title>WP Ultimate Email Marketer - Multiple Vulnerabilities</title>
<references>
<osvdb>97648</osvdb>
<osvdb>97649</osvdb>
<osvdb>97650</osvdb>
<osvdb>97651</osvdb>
<osvdb>97652</osvdb>
<osvdb>97653</osvdb>
<osvdb>97654</osvdb>
<osvdb>97655</osvdb>
<osvdb>97656</osvdb>
<cve>2013-3263</cve>
<cve>2013-3264</cve>
<secunia>53170</secunia>
<url>http://www.securityfocus.com/bid/62621</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-miniaudioplayer">
<vulnerability>
<title>mb.miniAudioPlayer 1.4.2 - TinyMCE Popup Unspecified Issue</title>
<references>
<osvdb>101718</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.3</fixed_in>
</vulnerability>
<vulnerability>
<title>miniAudioPlayer 1.3.8 - maplayertinymce.php Multiple Parameter XSS</title>
<references>
<osvdb>97768</osvdb>
<secunia>54979</secunia>
<url>http://packetstormsecurity.com/files/123372/</url>
<url>http://www.securityfocus.com/bid/62629</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-custom-website-data">
<vulnerability>
<title>Custom Website Data 1.2 - Record Deletion CSRF</title>
<references>
<osvdb>101642</osvdb>
<secunia>54823</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Custom Website Data 1.0 - wp-admin/admin.php ref Parameter XSS</title>
<references>
<osvdb>97668</osvdb>
<secunia>54865</secunia>
<url>http://www.securityfocus.com/bid/62624</url>
</references>
<type>XSS</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="complete-gallery-manager">
<vulnerability>
<title>Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability</title>
<references>
<osvdb>97481</osvdb>
<secunia>54894</secunia>
<cve>2013-5962</cve>
<exploitdb>28377</exploitdb>
<url>http://packetstormsecurity.com/files/123303/</url>
<url>http://xforce.iss.net/xforce/xfdb/87172</url>
</references>
<fixed_in>3.3.4</fixed_in>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lbg_zoominoutslider">
<vulnerability>
<title>LBG Zoominoutslider - add_banner.php name Parameter Stored XSS</title>
<references>
<osvdb>97887</osvdb>
<secunia>54983</secunia>
<url>http://packetstormsecurity.com/files/123367/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LBG Zoominoutslider - settings_form.php Multiple Parameter Stored XSS</title>
<references>
<osvdb>99339</osvdb>
<url>http://packetstormsecurity.com/files/123914/</url>
<url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LBG Zoominoutslider - add_playlist_record.php Multiple Parameter Stored XSS</title>
<references>
<osvdb>99340</osvdb>
<url>http://packetstormsecurity.com/files/123914/</url>
<url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LBG Zoominoutslider - add_banner.php Unspecified XSS</title>
<references>
<osvdb>99320</osvdb>
<url>http://packetstormsecurity.com/files/123367/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>99341</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="woopra">
<vulnerability>
<title>Woopra - Remote Code Execution</title>
<references>
<url>http://packetstormsecurity.com/files/123525/</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="fgallery_plus">
<vulnerability>
<title>fGallery_Plus - fim_rss.php album Parameter Reflected XSS</title>
<references>
<osvdb>97625</osvdb>
<url>http://packetstormsecurity.com/files/123347/</url>
<url>http://seclists.org/bugtraq/2013/Sep/105</url>
<url>http://seclists.org/bugtraq/2013/Sep/107</url>
<url>http://seclists.org/bugtraq/2013/Sep/108</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="nospampti">
<vulnerability>
<title>NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection</title>
<references>
<osvdb>97528</osvdb>
<exploitdb>28485</exploitdb>
<cve>2013-5917</cve>
<url>http://packetstormsecurity.com/files/123331/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="comment-attachment">
<vulnerability>
<title>Comment Attachment 1.0 - XSS Vulnerability</title>
<references>
<cve>2013-6010</cve>
<osvdb>97600</osvdb>
<url>http://packetstormsecurity.com/files/123327/</url>
<url>http://www.securityfocus.com/bid/62438</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mukioplayer-for-wordpress">
<vulnerability>
<title>Mukioplayer 1.6 - SQL Injection</title>
<references>
<osvdb>97609</osvdb>
<url>http://packetstormsecurity.com/files/123231/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="encrypted-blog">
<vulnerability>
<title>Encrypted Blog 0.0.6.2 - encrypt_blog_form.php redirect_to Parameter Arbitrary Site Redirect</title>
<references>
<osvdb>97881</osvdb>
<url>http://packetstormsecurity.com/files/122992/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>Encrypted Blog 0.0.6.2 - encrypt_blog_form.php redirect_to Parameter Reflected XSS</title>
<references>
<osvdb>97882</osvdb>
<url>http://packetstormsecurity.com/files/122992/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-simple-login-registration-plugin">
<vulnerability>
<title>Simple Login Registration 1.0.1 - XSS</title>
<references>
<osvdb>96660</osvdb>
<secunia>54583</secunia>
<url>http://packetstormsecurity.com/files/122963/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="post-gallery">
<vulnerability>
<title>Post Gallery - XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122957/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="proplayer">
<vulnerability>
<title>ProPlayer 4.7.9.1 - SQL Injection</title>
<references>
<exploitdb>25605</exploitdb>
<osvdb>93564</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="booking">
<vulnerability>
<title>Booking Calendar 4.1.4 - CSRF Vulnerability</title>
<references>
<osvdb>96088</osvdb>
<exploitdb>27399</exploitdb>
<secunia>54461</secunia>
<url>http://packetstormsecurity.com/files/122691/</url>
<url>http://wpbookingcalendar.com/</url>
</references>
<type>CSRF</type>
<fixed_in>4.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="thinkit-wp-contact-form">
<vulnerability>
<title>ThinkIT &lt;= 0.3 - wp-admin/admin.php Contact Form Deletion CSRF</title>
<references>
<osvdb>96514</osvdb>
<secunia>54592</secunia>
<exploitdb>27751</exploitdb>
<url>http://packetstormsecurity.com/files/122898/</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>ThinkIT &lt;= 0.2 - wp-admin/admin.php toitcf_current_id Parameter XSS</title>
<references>
<osvdb>96515</osvdb>
<secunia>54592</secunia>
<exploitdb>27751</exploitdb>
<url>http://packetstormsecurity.com/files/122898/</url>
</references>
<type>XSS</type>
<fixed_in>0.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="quick-contact-form">
<vulnerability>
<title>Quick Contact Form 6.2 - Unspecified XSS</title>
<references>
<osvdb>101782</osvdb>
</references>
<type>XSS</type>
<fixed_in>6.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Quick Contact Form 6.0 - Persistent XSS</title>
<references>
<osvdb>98279</osvdb>
<exploitdb>28808</exploitdb>
<secunia>55172</secunia>
<url>http://packetstormsecurity.com/files/123549/</url>
<url>http://quick-plugins.com/quick-contact-form/</url>
</references>
<type>XSS</type>
<fixed_in>6.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="quick-paypal-payments">
<vulnerability>
<title>Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS</title>
<references>
<osvdb>98715</osvdb>
<secunia>55292</secunia>
<url>http://packetstormsecurity.com/files/123662/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="email-newsletter">
<vulnerability>
<title>Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability</title>
<references>
<osvdb>83541</osvdb>
<secunia>49758</secunia>
<url>http://www.securityfocus.com/bid/53850</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Email Newsletter 8.0 - csv/export.php Direct Request Information Disclosure</title>
<references>
<osvdb>82812</osvdb>
<url>http://packetstormsecurity.org/files/113322/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="faqs-manager">
<vulnerability>
<title>IndiaNIC FAQs Manager 1.0 - Blind SQL Injection</title>
<references>
<osvdb>91623</osvdb>
<exploitdb>24868</exploitdb>
<url>http://packetstormsecurity.com/files/120911/</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>IndiaNIC FAQs Manager 1.0 - Ask Question Form question Parameter XSS</title>
<references>
<osvdb>91624</osvdb>
<exploitdb>24867</exploitdb>
<secunia>52780</secunia>
<url>http://packetstormsecurity.com/files/120910/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>IndiaNIC FAQs Manager 1.0 - CAPTCHA Value Disclosure</title>
<references>
<osvdb>91625</osvdb>
<exploitdb>24867</exploitdb>
<url>http://packetstormsecurity.com/files/120910/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
<vulnerability>
<title>IndiaNIC FAQs Manager 1.0 - FAQ Setting Manipulation CSRF</title>
<references>
<osvdb>91626</osvdb>
<secunia>52780</secunia>
<exploitdb>24867</exploitdb>
<url>http://packetstormsecurity.com/files/120910/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="booking-system">
<vulnerability>
<title>Booking System - events_facualty_list.php eid Parameter Reflected XSS</title>
<references>
<osvdb>96740</osvdb>
<url>http://packetstormsecurity.com/files/122289/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Booking System 1.2 - dopbs-backend-forms.php booking_form_id Parameter SQL injection</title>
<references>
<osvdb>107204</osvdb>
<cve>2014-3210</cve>
<url>http://www.securityfocus.com/archive/1/532168</url>
</references>
<type>SQLI</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="js-restaurant">
<vulnerability>
<title>JS Restaurant - popup.php restuarant_id Parameter SQL Injection</title>
<references>
<osvdb>96743</osvdb>
<url>http://packetstormsecurity.com/files/122316/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="FlagEm">
<vulnerability>
<title>FlagEm - flagit.php cID Parameter XSS</title>
<references>
<osvdb>98226</osvdb>
<url>http://www.securityfocus.com/bid/61401</url>
<url>http://xforce.iss.net/xforce/xfdb/85925</url>
<url>http://packetstormsecurity.com/files/122505/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="chat">
<vulnerability>
<title>Chat - message Parameter XSS</title>
<references>
<osvdb>95984</osvdb>
<secunia>54403</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="shareaholic">
<vulnerability>
<title>Shareaholic - Unspecified CSRF</title>
<references>
<osvdb>96321</osvdb>
<secunia>54529</secunia>
</references>
<type>CSRF</type>
<fixed_in>7.0.3.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="page-showcaser-boxes">
<vulnerability>
<title>Page Showcaser Boxes - Title Field Stored XSS</title>
<references>
<osvdb>97579</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="a-forms">
<vulnerability>
<title>A Forms 1.4.0 - a-forms.php a_form_tracking_page FunctionMultiple Parameters SQL Injection</title>
<references>
<osvdb>96404</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
<vulnerability>
<title>A Forms 1.4.0 - Form Submission CSRF</title>
<references>
<osvdb>96381</osvdb>
<secunia>54489</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.4.1</fixed_in>
</vulnerability>
<vulnerability>
<title>A Forms 1.4.0 - a-forms.php a_form_shortcode Function Multiple Parameter XSS</title>
<references>
<osvdb>96410</osvdb>
<secunia>54489</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
<vulnerability>
<title>A Forms 1.4.0 - a-forms.php aform_css_file_selector() Function css_file_selection Parameter XSS</title>
<references>
<osvdb>96809</osvdb>
<secunia>54489</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
<vulnerability>
<title>A Forms 1.4.0 - a-forms.php add_field_to_section Function Multiple Parameter XSS</title>
<references>
<osvdb>96810</osvdb>
<secunia>54489</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
<vulnerability>
<title>A Forms 1.4.0 - a-forms.php a_form_initial_page Function Multiple Parameter XSS</title>
<references>
<osvdb>96811</osvdb>
<secunia>54489</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
<vulnerability>
<title>A Forms 1.4.0 - a-forms.php a_form_page Function Multiple Parameter XSS</title>
<references>
<osvdb>96812</osvdb>
<secunia>54489</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
<vulnerability>
<title>A Forms 1.4.0 - a-forms.php a_form_section_page Function message Parameter XSS</title>
<references>
<osvdb>96813</osvdb>
<secunia>54489</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
<vulnerability>
<title>A Forms 1.4.0 - a-forms.php a_form_tracking_page Function Multiple Parameter XSS</title>
<references>
<osvdb>96814</osvdb>
<secunia>54489</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="share-this">
<vulnerability>
<title>ShareThis 7.0.3 - Setting Manipulation CSRF</title>
<references>
<osvdb>96884</osvdb>
<cve>2013-3479</cve>
<secunia>53135</secunia>
<url>http://www.securityfocus.com/bid/62154</url>
</references>
<type>CSRF</type>
<fixed_in>7.0.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="simple-flash-video">
<vulnerability>
<title>Simple Flash Video 1.7 - Cross Site Scripting</title>
<references>
<osvdb>98371</osvdb>
<url>http://packetstormsecurity.com/files/123562/</url>
<url>http://www.securityfocus.com/bid/62950</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="landing-pages">
<vulnerability>
<title>Landing Pages 1.2.3 - Unspecified Issue</title>
<references>
<osvdb>102442</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Landing Pages 1.2.1 - module.utils.php post Parameter SQL Injection</title>
<references>
<osvdb>98334</osvdb>
<cve>2013-6243</cve>
<secunia>55192</secunia>
<url>http://www.securityfocus.com/bid/62942</url>
<url>http://xforce.iss.net/xforce/xfdb/87803</url>
</references>
<type>SQLI</type>
<fixed_in>1.2.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Landing Pages 1.2.1 - module.redirect-ab-testing.php permalink_name Parameter SQL Injection</title>
<references>
<osvdb>102407</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.2.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="cart66-lite">
<vulnerability>
<title>Cart66 1.5.1.14 - admin.php cart66-products Page Product Manipulation CSRF</title>
<references>
<osvdb>98352</osvdb>
<cve>2013-5977</cve>
<exploitdb>28959</exploitdb>
<secunia>55265</secunia>
<url>http://packetstormsecurity.com/files/123587/</url>
</references>
<type>CSRF</type>
<fixed_in>1.5.1.15</fixed_in>
</vulnerability>
<vulnerability>
<title>Cart66 - admin.php cart66-products Page Multiple Field Stored XSS</title>
<references>
<osvdb>98353</osvdb>
<cve>2013-5978</cve>
<exploitdb>28959</exploitdb>
<url>http://packetstormsecurity.com/files/123587/</url>
</references>
<type>XSS</type>
<fixed_in>1.5.1.15</fixed_in>
</vulnerability>
</plugin>
<plugin name="category-wise-search">
<vulnerability>
<title>Wise Search Widget 1.1 - s Parameter Reflected XSS</title>
<references>
<osvdb>97989</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="catholic-liturgical-calendar">
<vulnerability>
<title>Catholic Liturgical Calendar Widget 0.0.1 - Title Field Stored XSS</title>
<references>
<osvdb>98026</osvdb>
</references>
<type>XSS</type>
<fixed_in>0.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="zenphoto">
<vulnerability>
<title>Zenphoto 1.4.5.2 - wordpress_import.php wp_prefix Function SQL Injection</title>
<references>
<osvdb>98091</osvdb>
<url>http://packetstormsecurity.com/files/123501/</url>
<url>http://www.securityfocus.com/bid/62815</url>
<url>http://seclists.org/bugtraq/2013/Oct/20</url>
</references>
<type>SQLI</type>
<fixed_in>1.4.5.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="bp-group-documents">
<vulnerability>
<title>Group Documents 1.2.1 - Document Upload Multiple Field Stored XSS</title>
<references>
<osvdb>103475</osvdb>
<url>http://seclists.org/fulldisclosure/2014/Feb/170</url>
</references>
<type>XSS</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Group Documents 1.2.1 - bp-group-documents-settings.php file Parameter Remote Path Traversal File Location Manipulation</title>
<references>
<osvdb>103476</osvdb>
<url>http://seclists.org/fulldisclosure/2014/Feb/170</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Group Documents 1.2.1 - Document Property Manipulation CSRF</title>
<references>
<osvdb>103477</osvdb>
<url>http://seclists.org/fulldisclosure/2014/Feb/170</url>
</references>
<type>CSRF</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Group Documents 1.2 - File Uploading Multiple Parameter Stored XSS</title>
<references>
<osvdb>98246</osvdb>
<secunia>55130</secunia>
<url>http://www.securityfocus.com/bid/62886</url>
</references>
<type>XSS</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="ab-categories-search-widget">
<vulnerability>
<title>AB Categories Search Widget 0.1 - s Parameter Reflected XSS</title>
<references>
<osvdb>97987</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sl-user-create">
<vulnerability>
<title>SL User Create 0.2.4 - LSL script Secret String Weakness Information Disclosure</title>
<references>
<osvdb>98456</osvdb>
<secunia>55262</secunia>
<url>http://www.securityfocus.com/bid/63009</url>
</references>
<type>UNKNOWN</type>
<fixed_in>0.2.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="player">
<vulnerability>
<title>Spider Video Player 2.1 - settings.php theme Parameter SQL Injection</title>
<references>
<osvdb>92264</osvdb>
<cve>2013-3532</cve>
<url>http://packetstormsecurity.com/files/121250/</url>
<url>http://www.securityfocus.com/bid/59021</url>
<url>http://xforce.iss.net/xforce/xfdb/83374</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Spider Video Player 2.1 - settings.php s_v_player_id Parameter Reflected XSS</title>
<references>
<osvdb>100848</osvdb>
<url>http://packetstormsecurity.com/files/124353/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="finalist">
<vulnerability>
<title>Finalist - vote.php id Parameter Reflected XSS</title>
<references>
<osvdb>98665</osvdb>
<url>http://packetstormsecurity.com/files/123597/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Finalist - vote.php id Parameter SQL Injection</title>
<references>
<osvdb>98665</osvdb>
<url>http://packetstormsecurity.com/files/120951/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dexs-pm-system">
<vulnerability>
<title>Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS</title>
<references>
<osvdb>98668</osvdb>
<secunia>55296</secunia>
<exploitdb>28970</exploitdb>
<url>http://packetstormsecurity.com/files/123634/</url>
<url>http://www.securityfocus.com/bid/63021</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="video-metabox">
<vulnerability>
<title>Video Metabox 1.1 - Persistent XSS Vulnerability Disclosure</title>
<references>
<osvdb>98641</osvdb>
<secunia>55257</secunia>
<url>http://www.securityfocus.com/bid/63172</url>
<url>http://securityundefined.com/wordpress-video-metabox-plugin-persistent-xss-vulnerability-disclosure/</url>
</references>
<type>XSS</type>
<fixed_in>1.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-realty">
<vulnerability>
<title>WP Realty - MySQL Time Based Injection</title>
<references>
<osvdb>98748</osvdb>
<exploitdb>29021</exploitdb>
<url>http://packetstormsecurity.com/files/123655/</url>
<url>http://www.securityfocus.com/bid/63217</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Realty - index_ext.php listing_id Parameter Reflected XSS</title>
<references>
<osvdb>101583</osvdb>
<url>http://packetstormsecurity.com/files/124418/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="feed">
<vulnerability>
<title>Feed - news_dt.php nid Parameter SQL Injection</title>
<references>
<osvdb>94804</osvdb>
<url>http://packetstormsecurity.com/files/122260/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="social-sharing-toolkit">
<vulnerability>
<title>Social Sharing Toolkit 2.1.1 - Setting Manipulation CSRF</title>
<references>
<osvdb>98717</osvdb>
<cve>2013-2701</cve>
<secunia>52951</secunia>
<url>http://www.securityfocus.com/bid/63198</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>Social Sharing Toolkit 2.1.1 - Unspecified XSS</title>
<references>
<osvdb>98931</osvdb>
<cve>2013-6280</cve>
</references>
<type>XSS</type>
<fixed_in>2.1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="videowall">
<vulnerability>
<title>Videowall - index.php page_id Parameter Reflected XSS</title>
<references>
<osvdb>98765</osvdb>
<url>http://packetstormsecurity.com/files/123693/</url>
<url>http://seclists.org/bugtraq/2013/Oct/98</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="really-simple-facebook-twitter-share-buttons">
<vulnerability>
<title>Really simple Facebook Twitter share buttons 2.10.4 - Settings Page Manipulation CSRF</title>
<references>
<osvdb>97190</osvdb>
<secunia>54707</secunia>
<url>http://www.securityfocus.com/bid/62268</url>
</references>
<type>CSRF</type>
<fixed_in>2.10.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="car-demon">
<vulnerability>
<title>Car Demon 1.0.1 - /wp-admin/edit.php Multiple Parameter XSS</title>
<references>
<osvdb>90365</osvdb>
<secunia>51088</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS</title>
<references>
<osvdb>90366</osvdb>
<secunia>51088</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="blue-wrench-videos-widget">
<vulnerability>
<title>Blue Wrench Video Widget 1.0.2 - admin.php bw-videos Page Multiple Action CSRF</title>
<references>
<cve>2013-6797</cve>
<osvdb>98922</osvdb>
<secunia>55456</secunia>
<url>http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>Blue-Wrench-Video-Widget 1.0.2 - admin.php bw-videos Page Multiple Parameter Stored XSS</title>
<references>
<cve>2013-6797</cve>
<osvdb>98923</osvdb>
<secunia>55456</secunia>
<url>http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-mailup">
<vulnerability>
<title>MailUp 1.3.2 - ajax.functions.php Ajax Function Call Handling XSS Weakness</title>
<references>
<osvdb>91274</osvdb>
<cve>2013-0731</cve>
<cve>2013-2640</cve>
<secunia>51917</secunia>
</references>
<type>XSS</type>
<fixed_in>1.3.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-online-store">
<vulnerability>
<title>WP Online Store 1.3.1 - index.php slug Parameter Traversal Local File Inclusion</title>
<references>
<osvdb>90243</osvdb>
<secunia>50836</secunia>
</references>
<type>LFI</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Online Store 1.3.1 - index.php Multiple Parameter Traversal Arbitrary File Access</title>
<references>
<osvdb>90244</osvdb>
<secunia>50836</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="payment-gateways-caller-for-wp-e-commerce">
<vulnerability>
<title>Payment Gateways Caller for WP e-Commerce 0.1.0 - load_merchant Parameter Traversal Local file Inclusion</title>
<references>
<osvdb>98916</osvdb>
<url>http://packetstormsecurity.com/files/123744/</url>
</references>
<type>LFI</type>
<fixed_in>0.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="easy-photo-album">
<vulnerability>
<title>Easy Photo Album 1.1.5 - Album Information Disclosure</title>
<references>
<osvdb>98802</osvdb>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="hungred-post-thumbnail">
<vulnerability>
<title>Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution</title>
<references>
<osvdb>82830</osvdb>
<url>http://packetstormsecurity.com/files/113402/</url>
<url>http://www.securityfocus.com/bid/53898</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="dhtmlxspreadsheet">
<vulnerability>
<title>Spreadsheet - /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS</title>
<references>
<osvdb>98831</osvdb>
<cve>2013-6281</cve>
<secunia>55396</secunia>
<url>http://packetstormsecurity.com/files/123699/</url>
<url>http://www.securityfocus.com/bid/63256</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="tweet-blender">
<vulnerability>
<title>Tweet Blender 4.0.1 - Unspecified XSS</title>
<references>
<osvdb>98978</osvdb>
<cve>2013-6342</cve>
<secunia>55780</secunia>
<url>http://packetstormsecurity.com/files/124047/</url>
</references>
<type>XSS</type>
<fixed_in>4.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="sb-uploader">
<vulnerability>
<title>WordPress SB Uploader 3.9 - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/119159/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="connections">
<vulnerability>
<title>Connections Business Directory 0.7.9.3 - includes/template/class.template-parts.php Pagination URL Handling XSS</title>
<references>
<osvdb>106558</osvdb>
</references>
<type>XSS</type>
<fixed_in>0.7.9.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Connections &lt;= 0.7.1.5 - Unspecified Security Vulnerability</title>
<references>
<cve>2011-5254</cve>
<url>http://www.securityfocus.com/bid/51204</url>
</references>
<type>XSS</type>
<fixed_in>0.7.1.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="gallery-bank">
<vulnerability>
<title>Gallery Bank 2.0.19 - edit-album.php album_id Parameter Reflected XSS</title>
<references>
<osvdb>99045</osvdb>
<secunia>55443</secunia>
<url>http://packetstormsecurity.com/files/123924/</url>
<url>http://www.securityfocus.com/bid/63382</url>
</references>
<type>XSS</type>
<fixed_in>2.0.20</fixed_in>
</vulnerability>
<vulnerability>
<title>Gallery Bank 2.0.19 - Multiple Unspecified Issues</title>
<references>
<osvdb>99046</osvdb>
<secunia>55443</secunia>
<url>http://www.securityfocus.com/bid/63382</url>
</references>
<type>UNKNOWN</type>
<fixed_in>2.0.20</fixed_in>
</vulnerability>
<vulnerability>
<title>Gallery Bank 2.0.19 - album-gallery-bank-class.php recordsArray Parameter Reflected XSS</title>
<references>
<osvdb>99345</osvdb>
<secunia>55443</secunia>
<url>http://www.securityfocus.com/bid/63385</url>
<url>http://seclists.org/fulldisclosure/2013/Nov/38</url>
</references>
<type>XSS</type>
<fixed_in>2.0.20</fixed_in>
</vulnerability>
</plugin>
<plugin name="rockhoist-ratings">
<vulnerability>
<title>Rockhoist Ratings 1.2.2 - wp-admin/admin-ajax.php postID Parameter SQL Injection</title>
<references>
<osvdb>99195</osvdb>
<secunia>55445</secunia>
<url>http://www.securityfocus.com/bid/63441</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wordpress-checkout">
<vulnerability>
<title>Checkout Plugin - File Upload Remote Code Execution</title>
<references>
<osvdb>99225</osvdb>
<url>http://packetstormsecurity.com/files/123866/</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="mobilechief-mobile-site-creator">
<vulnerability>
<title>MobileChief - jQuery Validation Cross-Site Scripting Vulnerability</title>
<references>
<secunia>55501</secunia>
<url>http://packetstormsecurity.com/files/123809/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="timeline">
<vulnerability>
<title>Facebook Survey Pro - timeline/index.php id Parameter SQL Injection</title>
<references>
<secunia>87817</secunia>
<exploitdb>22853</exploitdb>
<url>http://packetstormsecurity.com/files/118238/</url>
<url>http://www.securityfocus.com/bid/56595</url>
<url>http://xforce.iss.net/xforce/xfdb/80141</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="live-comment-preview">
<vulnerability>
<title>Live Comment Preview 2.0.2 - Comment Field Preview XSS</title>
<references>
<osvdb>92944</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="polldaddy">
<vulnerability>
<title>Polldaddy Polls and Rating 2.0.24 - polldaddy-org.php unique_id Ratings Shortcode XSS</title>
<references>
<osvdb>108640</osvdb>
<cve>2014-4856</cve>
<secunia>59323</secunia>
<url>http://www.securityfocus.com/bid/68512</url>
</references>
<type>XSS</type>
<fixed_in>2.0.25</fixed_in>
</vulnerability>
<vulnerability>
<title>Polldaddy Polls and Rating 2.0.23 - polldaddy-org.php polldaddy-ratings-title-filter Parameter Reflected XSS</title>
<references>
<osvdb>108641</osvdb>
<url>http://www.securityfocus.com/bid/68512</url>
</references>
<type>XSS</type>
<fixed_in>2.0.24</fixed_in>
</vulnerability>
<vulnerability>
<title>Polldaddy Polls and Ratings 2.0.20 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>99515</osvdb>
<secunia>55464</secunia>
<url>http://www.securityfocus.com/bid/63557</url>
</references>
<type>CSRF</type>
<fixed_in>2.0.21</fixed_in>
</vulnerability>
</plugin>
<plugin name="jigoshop">
<vulnerability>
<title>Jigoshop 1.8 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>99485</osvdb>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="fcchat">
<vulnerability>
<title>FCChat 2.2.11-2.2.13 - Upload.php Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/53855</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="another-wordpress-classifieds-plugin">
<vulnerability>
<title>Another WordPress Classifieds - Unspecified Image Upload Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/52861</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="picturesurf-gallery">
<vulnerability>
<title>Picturesurf Gallery 1.2 - upload.php Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/53894</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="social-slider-2">
<vulnerability>
<title>Social Slider &lt;= 5.6.5 - social-slider-2/ajax.php rA Parameter SQL Injection</title>
<references>
<osvdb>74421</osvdb>
<secunia>45549</secunia>
<exploitdb>17617</exploitdb>
</references>
<type>SQLI</type>
<fixed_in>6.0.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="redirection">
<vulnerability>
<title>Redirection 2.3.3 - view/admin/item.php URL Handling Reflected XSS</title>
<references>
<osvdb>101774</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.3.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Redirection - view/admin/log_item.php Non-existent Posts Referer HTTP Header XSS</title>
<references>
<cve>2011-4562</cve>
<osvdb>76092</osvdb>
<osvdb>77447</osvdb>
<secunia>46310</secunia>
</references>
<type>XSS</type>
<fixed_in>2.2.10</fixed_in>
</vulnerability>
<vulnerability>
<title>Redirection - wp-admin/tools.php id Parameter XSS</title>
<references>
<osvdb>74783</osvdb>
<secunia>45782</secunia>
</references>
<type>XSS</type>
<fixed_in>2.2.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="eshop">
<vulnerability>
<title>eShop - wp-admin/admin.php Multiple Parameter XSS</title>
<references>
<osvdb>74464</osvdb>
<secunia>45553</secunia>
<url>http://seclists.org/bugtraq/2011/Aug/52</url>
<url>http://www.htbridge.ch/advisory/multiple_xss_in_eshop_for_wordpress.html</url>
</references>
<type>XSS</type>
<fixed_in>6.2.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="all-in-one-adsense-and-ypn">
<vulnerability>
<title>All in One Adsense YPN 2.0.1 - all-in-one-adsense-and-ypn.php Unspecified XSS</title>
<references>
<osvdb>74900</osvdb>
<secunia>45579</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>All in One Adsense YPN 2.0.1 - all-in-one-adsense-and-ypn.php Direct Request AdSense Account Manipulation</title>
<references>
<osvdb>74899</osvdb>
<secunia>45579</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="SearchNSave">
<vulnerability>
<title>Search N Save - SearchNSave/error_log Direct Request Path Disclosure</title>
<references>
<osvdb>95196</osvdb>
<secunia>54078</secunia>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="taggator">
<vulnerability>
<title>TagGator - 'tagid' Parameter SQL Injection Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/52908</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="uploadify-integration">
<vulnerability>
<title>Uploadify Integration 0.9.6 - Multiple Cross Site Scripting Vulnerabilities</title>
<references>
<osvdb>81093</osvdb>
<osvdb>81094</osvdb>
<osvdb>81095</osvdb>
<url>http://www.securityfocus.com/bid/52944</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wpsc-mijnpress">
<vulnerability>
<title>WPsc MijnPress - 'rwflush' Parameter Cross Site Scripting Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/53302</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="leaflet-maps-marker">
<vulnerability>
<title>Leaflet Maps Marker 3.5.2 - Two SQL Injection Vulnerabilities</title>
<references>
<secunia>53855</secunia>
</references>
<type>SQLI</type>
<fixed_in>3.5.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="google-xml-sitemaps-generator">
<vulnerability>
<title>XML Sitemap Generator 3.2.8 - XML File Overwrite Arbitrary Code Execution</title>
<references>
<osvdb>89411</osvdb>
<url>http://packetstormsecurity.com/files/119357/</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="spam-free-wordpress">
<vulnerability>
<title>Spam Free Plugin 1.9.2 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>88954</osvdb>
<url>http://xforce.iss.net/xforce/xfdb/81007</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Spam Free Plugin 1.9.2 - IP Blocklist Restriction Bypass</title>
<references>
<osvdb>88955</osvdb>
<url>http://xforce.iss.net/xforce/xfdb/81006</url>
<url>http://packetstormsecurity.com/files/119274/</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="editorial-calendar">
<vulnerability>
<title>Editorial Calendar 2.6 - Post Title XSS</title>
<references>
<osvdb>90226</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.7</fixed_in>
</vulnerability>
<vulnerability>
<title>Editorial Calendar 2.6 - Permission Verification Arbitrary Calendar Post Deletion</title>
<references>
<osvdb>90227</osvdb>
<secunia>52218</secunia>
</references>
<type>AUTHBYPASS</type>
<fixed_in>2.7</fixed_in>
</vulnerability>
<vulnerability>
<title>Editorial Calendar 2.6 - Post Query Multiple Filter SQL Injection</title>
<references>
<osvdb>90228</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="shareyourcart">
<vulnerability>
<title>ShareYourCart 1.6.1 - SDK Multiple Unspecified Path Disclosure</title>
<references>
<osvdb>81618</osvdb>
<cve>2012-4332</cve>
<secunia>48960</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.7.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="alo-easymail">
<vulnerability>
<title>ALO EasyMail Newsletter 2.4.7 - Multiple Unspecified XSS</title>
<references>
<osvdb>82324</osvdb>
<secunia>49320</secunia>
</references>
<type>XSS</type>
<fixed_in>2.4.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="contact-form-7">
<vulnerability>
<title>Contact Form 7 &lt;= 3.7.1 - Security Bypass Vulnerability</title>
<references>
<cve>2014-2265</cve>
<url>http://www.securityfocus.com/bid/66381/</url>
</references>
<type>AUTHBYPASS</type>
<fixed_in>3.7.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Contact Form 7 &amp; Old WP Versions - Crafted File Extension Upload Remote Code Execution</title>
<references>
<osvdb>102776</osvdb>
<url>http://packetstormsecurity.com/files/125018/</url>
<url>http://seclists.org/fulldisclosure/2014/Feb/0</url>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>Contact Form 7 &lt;= 3.5.2 - Arbitrary File Upload Remote Code Execution</title>
<references>
<osvdb>100189</osvdb>
<url>http://packetstormsecurity.com/files/124154/</url>
</references>
<type>UPLOAD</type>
<fixed_in>3.5.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="store-locator">
<vulnerability>
<title>Store Locator &lt;= 2.6.1 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>100485</osvdb>
<secunia>55276</secunia>
</references>
<type>CSRF</type>
<fixed_in>2.12</fixed_in>
</vulnerability>
</plugin>
<plugin name="optinfirex">
<vulnerability>
<title>Optinfirex - lp/index.php id Parameter Reflected XSS</title>
<references>
<osvdb>100435</osvdb>
<url>http://packetstormsecurity.com/files/124188/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="amerisale-re">
<vulnerability>
<title>Amerisale-Re - Remote Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/124992/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Amerisale-Re - netriesdetail/upload.php edit Parameter Reflected XSS</title>
<references>
<osvdb>100434</osvdb>
<url>http://packetstormsecurity.com/files/124187/</url>
<url>http://xforce.iss.net/xforce/xfdb/89263</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="js-multihotel">
<vulnerability>
<title>JS MultiHotel 2.2.1 - includes/show_image.php file Parameter Remote File Inclusion DoS</title>
<references>
<osvdb>105185</osvdb>
<url>http://packetstormsecurity.com/files/125959/</url>
<url>http://seclists.org/fulldisclosure/2014/Mar/428</url>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>JS MultiHotel 2.2.1 - includes/delete_img.php path Parameter Reflected XSS</title>
<references>
<osvdb>105186</osvdb>
<url>http://packetstormsecurity.com/files/125959/</url>
<url>http://seclists.org/fulldisclosure/2014/Mar/428</url>
<url>http://www.securityfocus.com/bid/66529</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>JS MultiHotel 2.2.1 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>105187</osvdb>
<url>http://packetstormsecurity.com/files/125959/</url>
<url>http://seclists.org/fulldisclosure/2014/Mar/428</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>JS MultiHotel 2.2.1 - includes/timthumb.php src Parameter Direct Request Path Disclosure</title>
<references>
<osvdb>105119</osvdb>
<url>http://seclists.org/fulldisclosure/2014/Mar/413</url>
<url>http://www.securityfocus.com/bid/66529</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>JS MultiHotel 2.2.1 - refreshDate.php roomid Parameter Reflected XSS</title>
<references>
<osvdb>100575</osvdb>
<secunia>55919</secunia>
<url>http://packetstormsecurity.com/files/124239/</url>
<url>http://www.securityfocus.com/bid/64045</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dzs-videogallery">
<vulnerability>
<title>DZS Video Gallery - ajax.php source Parameter Reflected XSS</title>
<references>
<osvdb>103283</osvdb>
<secunia>56904</secunia>
<url>http://packetstormsecurity.com/files/125179/</url>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>DZS Video Gallery - upload.php File Upload Remote Code Execution</title>
<references>
<osvdb>100620</osvdb>
<exploitdb>29834</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>DZS Video Gallery 3.1.3 - Remote File Disclosure</title>
<references>
<osvdb>100750</osvdb>
<url>http://packetstormsecurity.com/files/124317/</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>DZS Video Gallery - preview_allchars.swf logoLink Parameter Reflected XSS</title>
<references>
<osvdb>107521</osvdb>
<cve>2014-3923</cve>
<url>http://packetstormsecurity.com/files/126846/</url>
<url>http://www.securityfocus.com/bid/67698</url>
<url>http://seclists.org/fulldisclosure/2014/May/157</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>DZS Video Gallery - deploy/preview_skin_overlay.swf logoLink Parameter Reflected XSS</title>
<references>
<osvdb>107522</osvdb>
<cve>2014-3923</cve>
<url>http://packetstormsecurity.com/files/126846/</url>
<url>http://www.securityfocus.com/bid/67698</url>
<url>http://seclists.org/fulldisclosure/2014/May/157</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>DZS Video Gallery - deploy/preview.swf logoLink Parameter Reflected XSS</title>
<references>
<osvdb>107523</osvdb>
<cve>2014-3923</cve>
<url>http://packetstormsecurity.com/files/126846/</url>
<url>http://www.securityfocus.com/bid/67698</url>
<url>http://seclists.org/fulldisclosure/2014/May/157</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>DZS Video Gallery - preview_skin_rouge.swf logoLink Parameter Reflected XSS</title>
<references>
<osvdb>107524</osvdb>
<cve>2014-3923</cve>
<url>http://packetstormsecurity.com/files/126846/</url>
<url>http://www.securityfocus.com/bid/67698</url>
<url>http://seclists.org/fulldisclosure/2014/May/157</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="askapache-firefox-adsense">
<vulnerability>
<title>AskApache Firefox Adsense 3.0 - Unspecified CSRF</title>
<references>
<osvdb>100662</osvdb>
<cve>2013-6992</cve>
<url>https://www.htbridge.com/advisory/HTB23188</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="ad-minister">
<vulnerability>
<title>Ad-minister 0.6 - Unspecified XSS</title>
<references>
<osvdb>100663</osvdb>
<cve>2013-6993</cve>
<url>http://packetstormsecurity.com/files/124604/</url>
<url>https://www.htbridge.com/advisory/HTB23187</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="tdo-mini-forms">
<vulnerability>
<title>TDO Mini Forms 0.13.9 - tdomf-upload-inline.php File Upload Remote Code Execution</title>
<references>
<osvdb>100847</osvdb>
<url>http://packetstormsecurity.com/files/124352/</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="huskerportfolio">
<vulnerability>
<title>HuskerPortfolio 0.3 - huskerPortfolio.php File Upload CSRF</title>
<references>
<osvdb>100845</osvdb>
<url>http://packetstormsecurity.com/files/124359/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="formcraft">
<vulnerability>
<title>FormCraft - form.php id Parameter SQL Injection</title>
<references>
<osvdb>100877</osvdb>
<secunia>56044</secunia>
<url>http://packetstormsecurity.com/files/124343/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<!-- Fake vuln, see: Commit https://github.com/wpscanteam/wpscan/commit/40f96dd2bde8ed262c6d9428734624510a93fad4
<plugin name="photosmash-galleries">
<vulnerability>
<title>PhotoSmash Galleries 1.0.7 - bwbps-uploader.php File Upload Remote Code Execution</title>
<references>
<osvdb>100878</osvdb>
<url>http://packetstormsecurity.com/files/124342/</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
-->
<plugin name="zarzadzanie_kontem">
<vulnerability>
<title>Zarzadzanie Kontem - ajaxfilemanager.php File Upload Arbitrary Code Execution</title>
<references>
<osvdb>87834</osvdb>
<url>http://packetstormsecurity.com/files/118322/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="ads-box">
<vulnerability>
<title>Ads Box - iframe_ampl.php count Parameter SQL Injection</title>
<references>
<osvdb>88257</osvdb>
<url>http://packetstormsecurity.com/files/118342/</url>
<url>http://www.securityfocus.com/bid/56681</url>
<url>http://xforce.iss.net/xforce/xfdb/80256</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="broken-link-checker">
<vulnerability>
<title>Broken Link Checker 1.9.1 - Bulk Action Form URL Handling XSS</title>
<references>
<osvdb>101059</osvdb>
<secunia>56053</secunia>
</references>
<type>XSS</type>
<fixed_in>1.9.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Broken Link Checker 1.9.1 - Sort Direction Query Argument Handling XSS</title>
<references>
<osvdb>101066</osvdb>
<secunia>56053</secunia>
</references>
<type>XSS</type>
<fixed_in>1.9.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="easy-career-openings">
<vulnerability>
<title>Easy Career Openings - jobid Parameter SQL Injection</title>
<references>
<osvdb>100677</osvdb>
<url>http://packetstormsecurity.com/files/124309/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="q-and-a">
<vulnerability>
<title>Q and A 1.0.6.2 - Multiple Scripts Direct Request Path Disclosure</title>
<references>
<osvdb>100793</osvdb>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="ml-slider">
<vulnerability>
<title>Meta Slider 2.5 - metaslider.php id Parameter XSS</title>
<references>
<osvdb>108611</osvdb>
<cve>2014-4846</cve>
<url>http://packetstormsecurity.com/files/127288/</url>
<url>http://www.securityfocus.com/bid/68283</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Meta Slider 2.1.6 - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>100794</osvdb>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="custom-tables">
<vulnerability>
<title>Custom Tables 3.4.4 - iframe.php key Parameter XSS</title>
<references>
<osvdb>83646</osvdb>
<secunia>49823</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-socializer">
<vulnerability>
<title>WP Socializer 2.4.2 - admin/wpsr-services-selector.php val Parameter XSS</title>
<references>
<osvdb>83645</osvdb>
<secunia>49824</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="church-admin">
<vulnerability>
<title>church_admin 0.33.4.5 - includes/validate.php id Parameter XSS</title>
<references>
<osvdb>83644</osvdb>
<secunia>49827</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="phpfreechat">
<vulnerability>
<title>PHPFreeChat 0.2.8 - lib/csstidy-1.2/css_optimiser.php url Parameter XSS</title>
<references>
<osvdb>83642</osvdb>
<secunia>49826</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-embed-code">
<vulnerability>
<title>Artiss Code Embed 2.0.1 - wp-admin/admin.php suffix Parameter XSS</title>
<references>
<osvdb>83686</osvdb>
<secunia>49848</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="dewplayer-flash-mp3-player">
<vulnerability>
<title>Dewplayer - dewplayer-vinyl.swf xml Parameter XML File Handling XSS</title>
<references>
<osvdb>101353</osvdb>
<url>http://packetstormsecurity.com/files/124582/</url>
<url>http://www.securityfocus.com/bid/64506</url>
<url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Dewplayer - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS</title>
<references>
<osvdb>101352</osvdb>
<url>http://packetstormsecurity.com/files/124582/</url>
<url>http://www.securityfocus.com/bid/64506</url>
<url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Dewplayer &lt;= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness</title>
<references>
<osvdb>101440</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Dec/209</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="advanced-dewplayer">
<vulnerability>
<title>Advanced Dewplayer - dewplayer-vinyl.swf xml Parameter XML File Handling XSS</title>
<references>
<osvdb>101353</osvdb>
<url>http://packetstormsecurity.com/files/124582/</url>
<url>http://www.securityfocus.com/bid/64506</url>
<url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Dewplayer - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS</title>
<references>
<osvdb>101352</osvdb>
<url>http://packetstormsecurity.com/files/124582/</url>
<url>http://www.securityfocus.com/bid/64506</url>
<url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Advanced Dewplayer &lt;= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness</title>
<references>
<osvdb>101440</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Dec/209</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Advanced Dewplayer &lt;= 1.2 - download-file.php dew_file Parameter Traversal Arbitrary File Access</title>
<references>
<osvdb>101513</osvdb>
<secunia>55941</secunia>
<url>http://seclists.org/oss-sec/2013/q4/566</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="sem-wysiwyg">
<vulnerability>
<title>SEM WYSIWYG - Arbitrary File Upload</title>
<references>
<url>http://packetstormsecurity.com/files/115789/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="recommend-a-friend">
<vulnerability>
<title>Recommend a friend 2.0.2 - inc/raf_form.php current_url Parameter Reflected XSS</title>
<references>
<osvdb>101487</osvdb>
<secunia>56209</secunia>
<cve>2013-7276</cve>
<url>http://packetstormsecurity.com/files/124587/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="securimage-wp">
<vulnerability>
<title>Securimage-WP 3.2.4 - siwp_test.php URI XSS</title>
<references>
<osvdb>93259</osvdb>
<secunia>53376</secunia>
<url>http://packetstormsecurity.com/files/121588/</url>
<url>http://xforce.iss.net/xforce/xfdb/84186</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="amazon-affiliate-link-localizer">
<vulnerability>
<title>Amazon Affiliate Link Localizer 1.8.2 - amazon_affiliate_link_localizer.php amzn_com Parameter XSS</title>
<references>
<osvdb>100783</osvdb>
<url>http://www.dfcode.org/code.php?id=27</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="maxbuttons">
<vulnerability>
<title>MaxButtons 1.19.0 - includes/maxbuttons-button-css.php Authentication Bypass</title>
<references>
<osvdb>101773</osvdb>
<secunia>56272</secunia>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.20.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="aprils-super-functions-pack">
<vulnerability>
<title>April's Super Functions Pack 1.4.7 - readme.php page Parameter Reflected XSS</title>
<references>
<osvdb>101807</osvdb>
<secunia>55576</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-connect">
<vulnerability>
<title>WordPress Connect 2.0.3 - Editor Pages Unspecified XSS</title>
<references>
<osvdb>101716</osvdb>
<secunia>56238</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="page-layout-builder">
<vulnerability>
<title>Page Layout Builder 1.3.4 - includes/layout-settings.php layout_settings_id Parameter Reflected XSS</title>
<references>
<osvdb>101723</osvdb>
<secunia>56214</secunia>
</references>
<type>XSS</type>
<fixed_in>1.3.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Page Layout Builder 1.3.4 - Unspecified Issue</title>
<references>
<osvdb>101724</osvdb>
<secunia>56214</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.3.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="foliopress-wysiwyg">
<vulnerability>
<title>Foliopress WYSIWYG - Unspecified XSS</title>
<references>
<osvdb>101726</osvdb>
<secunia>56261</secunia>
</references>
<type>XSS</type>
<fixed_in>2.6.8.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="intouch">
<vulnerability>
<title>intouch 2.0 - intouch.js.php intouch_failure Parameter Reflected XSS</title>
<references>
<osvdb>101822</osvdb>
<url>http://packetstormsecurity.com/files/124687/</url>
<url>http://www.securityfocus.com/bid/64680</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="nmedia-mailchimp-widget">
<vulnerability>
<title>Nmedia MailChimp 3.1 - api_mailchimp/postToMailChimp.php abs_path Parameter XSS</title>
<references>
<osvdb>83083</osvdb>
<secunia>49538</secunia>
</references>
<type>XSS</type>
<fixed_in>3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="ns-utilities">
<vulnerability>
<title>NS Utilities 1.0 - Unspecified Remote Issue</title>
<references>
<osvdb>82944</osvdb>
<secunia>49476</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="spiffy">
<vulnerability>
<title>Spiffy XSPF Player 0.1 - playlist.php playlist_id Parameter SQL Injection</title>
<references>
<osvdb>92258</osvdb>
<cve>2013-3530</cve>
<url>http://packetstormsecurity.com/files/121204/</url>
<url>http://www.securityfocus.com/bid/58976</url>
<url>http://xforce.iss.net/xforce/xfdb/83345</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="easy-media-gallery">
<vulnerability>
<title>Easy Media Gallery 1.2.29 - wp-admin/edit.php Multiple Parameter Stored XSS</title>
<references>
<osvdb>103779</osvdb>
<url>http://packetstormsecurity.com/files/125396/</url>
<url>http://www.securityfocus.com/bid/65804</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Easy Media Gallery 1.2.25 - includes/emg-settings.php spg_add_admin Function Admin User Creation CSRF</title>
<references>
<osvdb>101941</osvdb>
<secunia>56408</secunia>
<url>http://incolumitas.com/2013/12/17/exploiting-wordpress-plugins-using-insecure-admin-forms-no-3-example-exploit-included/</url>
</references>
<type>CSRF</type>
<fixed_in>1.2.27</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-members">
<vulnerability>
<title>WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS</title>
<references>
<osvdb>101946</osvdb>
<secunia>56271</secunia>
<url>http://packetstormsecurity.com/files/124720/</url>
<url>http://www.securityfocus.com/bid/64713</url>
</references>
<type>XSS</type>
<fixed_in>2.8.10</fixed_in>
</vulnerability>
<vulnerability>
<title>WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS</title>
<references>
<osvdb>101947</osvdb>
<secunia>56271</secunia>
<url>http://packetstormsecurity.com/files/124720/</url>
<url>http://www.securityfocus.com/bid/64713</url>
</references>
<type>XSS</type>
<fixed_in>2.8.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="wpmbytplayer">
<vulnerability>
<title>mb.YTPlayer for background videos 1.7.2 - TinyMCE Popup Unspecified Issue</title>
<references>
<osvdb>101718</osvdb>
<secunia>56270</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.7.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="keyring">
<vulnerability>
<title>Keyring 1.5 - OAuth Example Page XSS</title>
<references>
<secunia>56367</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="avchat-3">
<vulnerability>
<title>AVChat Video Chat 1.4.1 - index_popup.php Multiple Parameters Reflected XSS</title>
<references>
<osvdb>102206</osvdb>
<secunia>56447</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="groupdocs-comparison">
<vulnerability>
<title>GroupDocs Comparison 1.0.2 - grpdocscomparison.php Multiple Parameter XSS</title>
<references>
<osvdb>102297</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="groupdocs-signature">
<vulnerability>
<title>GroupDocs Signature 1.2.0 - grpdocs-dialog.php Multiple Parameter XSS</title>
<references>
<osvdb>102298</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.2.1</fixed_in>
</vulnerability>
<vulnerability>
<title>GroupDocs Signature 1.2.0 - options.php Multiple Parameter XSS</title>
<references>
<osvdb>102299</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="groupdocs-viewer">
<vulnerability>
<title>GroupDocs Viewer 1.4.1 - options.php Multiple Parameter XSS</title>
<references>
<osvdb>102299</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
<vulnerability>
<title>GroupDocs Viewer 1.4.1 - grpdocs-dialog.php Multiple Parameter XSS</title>
<references>
<osvdb>102300</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.4.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="groupdocs-documents-annotation">
<vulnerability>
<title>GroupDocs Document Annotation 1.3.8 - options.php Multiple Parameter XSS</title>
<references>
<osvdb>102299</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.3.9</fixed_in>
</vulnerability>
<vulnerability>
<title>GroupDocs Document Annotation 1.3.8 - grpdocs-dialog.php Multiple Parameter XSS</title>
<references>
<osvdb>102301</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.3.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="athlon-manage-calameo-publications">
<vulnerability>
<title>Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS</title>
<references>
<osvdb>102433</osvdb>
<secunia>56428</secunia>
</references>
<type>XSS</type>
<fixed_in>1.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="ss-downloads">
<vulnerability>
<title>SS Downloads 1.4.4.1 - services/getfile.php file Parameter XSS</title>
<references>
<osvdb>102501</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
<vulnerability>
<title>SS Downloads 1.4.4.1 - ss-downloads.php Multiple Variables XSS</title>
<references>
<osvdb>102502</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
<vulnerability>
<title>SS Downloads 1.4.4.1 - templates/download.php Multiple Parameters Reflected XSS</title>
<references>
<osvdb>102503</osvdb>
<secunia>56428</secunia>
</references>
<type>XSS</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
<vulnerability>
<title>SS Downloads 1.4.4.1 - templates/register.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>102504</osvdb>
<secunia>56428</secunia>
</references>
<type>XSS</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
<vulnerability>
<title>SS Downloads 1.4.4.1 - templates/emailsent.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>102537</osvdb>
<secunia>56532</secunia>
</references>
<type>XSS</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
<vulnerability>
<title>SS Downloads 1.4.4.1 - templates/emailform.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>102538</osvdb>
<secunia>56532</secunia>
<url>http://packetstormsecurity.com/files/124958/</url>
</references>
<type>XSS</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
<vulnerability>
<title>SS Downloads 1.4.4.1 - templates/emailandnameform.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>102539</osvdb>
<secunia>56532</secunia>
</references>
<type>XSS</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="global-flash-galleries">
<vulnerability>
<title>Global Flash Galleries - popup.php id Parameter SQL Injection</title>
<references>
<osvdb>104907</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Global Flash Galleries - swfupload.php Unauthenticated Image Upload Weakness</title>
<references>
<osvdb>102423</osvdb>
<url>http://packetstormsecurity.com/files/124850/</url>
<url>http://www.securityfocus.com/bid/65060</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="social-connect">
<vulnerability>
<title>Social Connect 0.10.1 - diagnostics/test.php testing Parameter Reflected XSS</title>
<references>
<osvdb>102411</osvdb>
<secunia>56587</secunia>
</references>
<type>XSS</type>
<fixed_in>0.10.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="let-them-unsubscribe">
<vulnerability>
<title>Let Them Unsubscribe 1.0 - let-them-unsubscribe.php Multiple Unspecified Issues</title>
<references>
<osvdb>102500</osvdb>
<secunia>56659</secunia>
</references>
<type>MULTI</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="seo-image">
<vulnerability>
<title>SEO Friendly Images 2.7.4 - seo-friendly-images.php Add Page CSRF</title>
<references>
<osvdb>101789</osvdb>
</references>
<type>CSRF</type>
<fixed_in>2.7.5</fixed_in>
</vulnerability>
<vulnerability>
<title>SEO Friendly Images 2.7.4 - seo-friendly-images.php Multiple Parameters XSS</title>
<references>
<osvdb>101790</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.7.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-social-ring">
<vulnerability>
<title>Social Ring 1.0 - share.php url Parameter Reflected XSS</title>
<references>
<osvdb>102424</osvdb>
<url>http://packetstormsecurity.com/files/124851/</url>
</references>
<type>XSS</type>
<fixed_in>1.1.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="flagallery-skins">
<vulnerability>
<title>GRAND FlAGallery Skins - compact_music_player/gallery.php playlist Parameter SQL Injection</title>
<references>
<osvdb>93581</osvdb>
<url>http://packetstormsecurity.com/files/121699/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="contus-video-gallery">
<vulnerability>
<title>Contus Video Gallery - index.php playid Parameter SQL Injection</title>
<references>
<osvdb>93369</osvdb>
<cve>2013-3478</cve>
<secunia>51344</secunia>
<url>http://www.securityfocus.com/bid/59845</url>
<url>http://xforce.iss.net/xforce/xfdb/84239</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="webengage">
<vulnerability>
<title>WebEngage 2.0.0 - callback.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>102560</osvdb>
<secunia>56700</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WebEngage 2.0.0 - renderer.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>102561</osvdb>
<secunia>56700</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WebEngage 2.0.0 - resize.php height Parameter XSS</title>
<references>
<osvdb>102562</osvdb>
<secunia>56700</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="fetch-tweets">
<vulnerability>
<title>Fetch Tweets 1.3.3.6 - class/FetchTweets_Event_.php Missing Permission Check Unspecified Issue</title>
<references>
<osvdb>102578</osvdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="seolinkrotator">
<vulnerability>
<title>Seo Link Rotator - pusher.php title Parameter Reflected XSS</title>
<references>
<osvdb>102594</osvdb>
<secunia>56710</secunia>
<url>http://packetstormsecurity.com/files/124959/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="nokia-mapsplaces">
<vulnerability>
<title>Nokia Maps and Places 1.6.6 - place.html href Parameter Reflected XSS</title>
<references>
<osvdb>102669</osvdb>
<cve>2014-1750</cve>
<secunia>56604</secunia>
</references>
<type>XSS</type>
<fixed_in>1.6.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="webinar_plugin">
<vulnerability>
<title>Easy Webinar - get_widget.php wid Parameter SQL Injection</title>
<references>
<osvdb>86754</osvdb>
<exploitdb>22300</exploitdb>
</references>
<type>SQLI</type>
<fixed_in>1.6.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-social-invitations">
<vulnerability>
<title>WP Social Invitations &lt;=1.4.4.2 - test.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>102741</osvdb>
<secunia>56711</secunia>
</references>
<type>XSS</type>
<fixed_in>1.4.4.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="infusionsoft">
<vulnerability>
<title>Infusionsoft Gravity Forms Add-on 1.5.6 - Unspecified XSS</title>
<references>
<osvdb>102742</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.5.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="comment-control">
<vulnerability>
<title>Comment Control 0.3.0 - comment-control.php type Parameter SQL Injection</title>
<references>
<osvdb>102581</osvdb>
</references>
<type>SQLI</type>
<fixed_in>0.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="wptouch">
<vulnerability>
<title>WPtouch 3.x - Insecure Nonce Generation</title>
<references>
<url>http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html</url>
<metasploit>exploit/unix/webapp/wp_wptouch_file_upload</metasploit>
</references>
<type>UPLOAD</type>
<fixed_in>3.4.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WPtouch 1.9.27 - 'wptouch_redirect' Parameter URI Redirection Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/48348</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.9.30</fixed_in>
</vulnerability>
<vulnerability>
<title>WPtouch 1.9.19.4 - wp-content/plugins/wptouch/include/adsense-new.php wptouch_settings Parameter XSS</title>
<references>
<osvdb>69538</osvdb>
<cve>2010-4779</cve>
<secunia>42438</secunia>
<url>http://www.securityfocus.com/bid/45139</url>
</references>
<type>XSS</type>
<fixed_in>1.9.20</fixed_in>
</vulnerability>
<vulnerability>
<title>WPtouch 1.9.8 - ajax/file_upload.php Crafted Content-Type File Upload Remote Code Execution</title>
<references>
<osvdb>102582</osvdb>
</references>
<type>RCE</type>
<fixed_in>1.9.8.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WPtouch 1.9.8 - include/submit.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>102583</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.9.8.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="better-search">
<vulnerability>
<title>Better Search 1.2.1 - admin.inc.php Setting Manipulation CSRF</title>
<references>
<osvdb>102584</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="very-simple-contact-form">
<vulnerability>
<title>Very Simple Contact Form 1.1 - Unspecified Issue</title>
<references>
<osvdb>102798</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="stop-user-enumeration">
<vulnerability>
<title>Stop User Enumeration 1.2.4 - POST Request Protection Bypass</title>
<references>
<osvdb>102799</osvdb>
<secunia>56643</secunia>
<url>http://packetstormsecurity.com/files/125035/</url>
<url>http://seclists.org/fulldisclosure/2014/Feb/3</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="delightful-downloads">
<vulnerability>
<title>Delightful Downloads 1.3.1.1 - meta-boxes.php dedo_meta_boxes_save Function Multiple Action Authorization Bypass</title>
<references>
<osvdb>102932</osvdb>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Delightful Downloads 1.3.1.1 - includes/functions.php User-Agent HTTP Header Stored XSS</title>
<references>
<osvdb>102928</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="mobiloud-mobile-app-plugin">
<vulnerability>
<title>Mobiloud 1.9.0 - comments/disqus_count.php shortname Parameter Reflected XSS</title>
<references>
<osvdb>102898</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Mobiloud 1.9.0 - comments/disqus.php shortname Parameter Reflected XSS</title>
<references>
<osvdb>102899</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.9.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="all_in_one_carousel">
<vulnerability>
<title>all_in_one_carousel 1.2.20 - /tpl/add_carousel.php id Parameter Reflected XSS</title>
<references>
<osvdb>103351</osvdb>
<secunia>56962</secunia>
<url>http://seclists.org/bugtraq/2014/Feb/38</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="frontend-uploader">
<vulnerability>
<title>Frontend Uploader - Unspecified File Upload Remote Code Execution</title>
<references>
<osvdb>103454</osvdb>
<exploitdb>31570</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="wp-security-scan">
<vulnerability>
<title>Acunetix WP Security 4.0.3 - /wp-admin/admin.php wps-database Page Backup Generation CSRF Weakness</title>
<references>
<osvdb>103467</osvdb>
<url>http://packetstormsecurity.com/files/125218/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="aryo-activity-log">
<vulnerability>
<title>Aryo Activity Log - Full Path Disclosure</title>
<references>
<url>https://github.com/KingYes/wordpress-aryo-activity-log/pull/27</url>
</references>
<type>FPD</type>
<fixed_in>2.0.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-jquery-spam">
<vulnerability>
<title>WP jQuery Spam 1.1 - dynamic.php id Parameter Reflected XSS</title>
<references>
<osvdb>103579</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="media-file-renamer">
<vulnerability>
<title>Media File Renamer v1.7.0 - Persistent XSS</title>
<references>
<cve>2014-2040</cve>
<url>http://packetstormsecurity.com/files/125378/</url>
<url>http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="flash-player-widget">
<vulnerability>
<title>Flash Player Widget - dewplayer.swf Content Spoofing</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/12/30/5</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="alpine-photo-tile-for-instagram">
<vulnerability>
<title>Alpine PhotoTile For Instagram 1.2.6.5 - wp-admin/options-general.php general_lightbox_params Parameter XSS Weakness</title>
<references>
<osvdb>103822</osvdb>
<secunia>57198</secunia>
<url>http://packetstormsecurity.com/files/125418/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="widget-control-powered-by-everyblock">
<vulnerability>
<title>Widget Control Powered By Everyblock 1.0.1 - wp-admin/admin.php idDropdown Parameter XSS Weakness</title>
<references>
<osvdb>103831</osvdb>
<secunia>57203</secunia>
<url>http://packetstormsecurity.com/files/125421/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="search-everything">
<vulnerability>
<title>Search Everything 8.1.0 - options.php Unspecified CSRF</title>
<references>
<osvdb>106733</osvdb>
</references>
<type>CSRF</type>
<fixed_in>8.1.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Search Everything 7.0.4 - Unspecified Issue</title>
<references>
<osvdb>104058</osvdb>
</references>
<type>SQLI</type>
<fixed_in>8.0</fixed_in>
</vulnerability>
<vulnerability>
<title>Search Everything 7.0.2 - search-everything.php s Parameter SQL Injection</title>
<references>
<osvdb>103718</osvdb>
<secunia>56802</secunia>
<url>http://www.securityfocus.com/bid/65765</url>
<cve>2014-2316</cve>
</references>
<type>SQLI</type>
<fixed_in>7.0.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="zedity">
<vulnerability>
<title>Zedity 2.5 - wp-admin/admin-ajax.php zedity_ajax Action zaction Parameter XSS</title>
<references>
<osvdb>103789</osvdb>
<secunia>57026</secunia>
<url>http://www.securityfocus.com/bid/65799</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Zedity 2.4 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/125402/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-post-to-pdf">
<vulnerability>
<title>WP Post to PDF 2.3.1 - wp-admin/options.php wpptopdf headerFontSize Parameter XSS</title>
<references>
<osvdb>103872</osvdb>
<url>http://packetstormsecurity.com/files/125432/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bsk-pdf-manager">
<vulnerability>
<title>BSK PDF Manager 1.3.2 - wp-admin/admin.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>108913</osvdb>
<cve>2014-4944</cve>
<url>http://packetstormsecurity.com/files/127407/</url>
<url>http://www.securityfocus.com/bid/68488</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>BSK PDF Manager 1.3 - wp-admin/admin.php Multiple Parameter XSS</title>
<references>
<osvdb>103873</osvdb>
<url>http://packetstormsecurity.com/files/125422/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mp3-jplayer">
<vulnerability>
<title>MP3-jPlayer 1.8.7 - wp-admin/options-general.php Multiple Parameter XSS</title>
<references>
<osvdb>103875</osvdb>
<url>http://packetstormsecurity.com/files/125417/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>MP3-jPlayer 1.8.3 - jPlayer.swf XSS</title>
<references>
<osvdb>92254</osvdb>
</references>
<fixed_in>1.8.4</fixed_in>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="google-analytics-mu">
<vulnerability>
<title>Google Analytics MU 2.3 - google-analytics-mu-network.php Analytics Code Manipulation CSRF</title>
<references>
<osvdb>103937</osvdb>
<secunia>56157</secunia>
<url>http://packetstormsecurity.com/files/125514/</url>
<url>http://seclists.org/fulldisclosure/2014/Mar/20</url>
<url>http://www.securityfocus.com/bid/65926</url>
</references>
<type>CSRF</type>
<fixed_in>2.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="repagent">
<vulnerability>
<title>Repagent - dewplayer-vinyl.swf xml Parameter XML File Handling XSS</title>
<references>
<osvdb>101353</osvdb>
<url>http://packetstormsecurity.com/files/124582/</url>
<url>http://www.securityfocus.com/bid/64506</url>
<url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Repagent - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS</title>
<references>
<osvdb>101352</osvdb>
<url>http://packetstormsecurity.com/files/124582/</url>
<url>http://www.securityfocus.com/bid/64506</url>
<url>http://seclists.org/fulldisclosure/2013/Dec/192</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="LayerSlider">
<vulnerability>
<title>LayerSlider 4.6.1 - wp-admin/admin.php Style Editing CSRF</title>
<references>
<osvdb>104393</osvdb>
<secunia>57930</secunia>
<url>http://packetstormsecurity.com/files/125637/</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>LayerSlider 4.6.1 - LayerSlider/editor.php skin Parameter Remote Path Traversal File Access</title>
<references>
<osvdb>104394</osvdb>
<secunia>57309</secunia>
<url>http://packetstormsecurity.com/files/125637/</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="xcloner-backup-and-restore">
<vulnerability>
<title>XCloner 3.1.0 - Multiple Actions CSRF</title>
<references>
<cve>2014-2340</cve>
<cve>2014-2579</cve>
<osvdb>104402</osvdb>
<secunia>57362</secunia>
<exploitdb>32701</exploitdb>
<url>http://packetstormsecurity.com/files/125991/</url>
<url>https://www.htbridge.com/advisory/HTB23206</url>
<url>https://www.htbridge.com/advisory/HTB23207</url>
</references>
<type>CSRF</type>
<fixed_in>3.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="guiform">
<vulnerability>
<title>GuiForm 1.4.10 - class/class-ajax.php Entry Saving CSRF</title>
<references>
<osvdb>104399</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.5.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="clickdesk-live-support-chat-plugin">
<vulnerability>
<title>ClickDesk - Live Chat Widget Multiple Field XSS</title>
<references>
<osvdb>104037</osvdb>
<url>http://packetstormsecurity.com/files/125528/</url>
<url>http://www.securityfocus.com/bid/65971</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="duplicate-post">
<vulnerability>
<title>Duplicate Post 2.5 - duplicate-post-admin.php User Login Cookie Value SQL Injection</title>
<references>
<osvdb>104669</osvdb>
</references>
<type>SQLI</type>
<fixed_in>2.6</fixed_in>
</vulnerability>
<vulnerability>
<title>Duplicate Post 2.5 - options-general.php post Parameter Reflected XSS</title>
<references>
<osvdb>104670</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="mtouch-quiz">
<vulnerability>
<title>mTouch Quiz 3.0.6 - question.php quiz Parameter Reflected XSS</title>
<references>
<osvdb>104667</osvdb>
<url>http://www.securityfocus.com/bid/66306</url>
</references>
<type>XSS</type>
<fixed_in>3.0.7</fixed_in>
</vulnerability>
<vulnerability>
<title>mTouch Quiz 3.0.6 - question.php quiz Parameter SQL Injection</title>
<references>
<osvdb>104668</osvdb>
<url>http://www.securityfocus.com/bid/66306</url>
</references>
<type>SQLI</type>
<fixed_in>3.0.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="simple-retail-menus">
<vulnerability>
<title>Simple Retail Menus 4.0.1 - includes/actions.php targetmenu Parameter SQL Injection</title>
<references>
<osvdb>104680</osvdb>
</references>
<type>SQLI</type>
<fixed_in>4.1</fixed_in>
</vulnerability>
<vulnerability>
<title>Simple Retail Menus 4.0.1 - includes/mode-edit.php targetmenu Parameter SQL Injection</title>
<references>
<osvdb>104682</osvdb>
</references>
<type>SQLI</type>
<fixed_in>4.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="user-domain-whitelist">
<vulnerability>
<title>User Domain Whitelist 1.4 - user-domain-whitelist.php domain_whitelist Parameter Stored XSS</title>
<references>
<osvdb>104681</osvdb>
<secunia>57490</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>User Domain Whitelist 1.4 - user-domain-whitelist.php Domain Whitelisting Manipulation CSRF</title>
<references>
<osvdb>104683</osvdb>
<secunia>57490</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="subscribe-to-comments-reloaded">
<vulnerability>
<title>Subscribe To Comments Reloaded 140204 - options/index.php manager_page Parameter Stored XSS Weakness</title>
<references>
<osvdb>104698</osvdb>
<secunia>57015</secunia>
<url>http://www.securityfocus.com/bid/66288</url>
</references>
<type>XSS</type>
<fixed_in>140219</fixed_in>
</vulnerability>
<vulnerability>
<title>Subscribe To Comments Reloaded 140204 - options/index.php Admin Settings Manipulation CSRF</title>
<references>
<osvdb>104699</osvdb>
<secunia>57015</secunia>
<url>http://www.securityfocus.com/bid/66288</url>
</references>
<type>CSRF</type>
<fixed_in>140219</fixed_in>
</vulnerability>
</plugin>
<plugin name="analytics360">
<vulnerability>
<title>Analytics360 1.2.1 - analytics360.php Multiple Action CSRF</title>
<references>
<osvdb>104743</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Analytics360 1.2 - analytics360.php a360_error Parameter Reflected XSS</title>
<references>
<osvdb>104744</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="the-events-calendar">
<vulnerability>
<title>The Events Calendar 3.0 - lib/template-classes/month.php tribe-bar-search Parameter Reflected XSS</title>
<references>
<osvdb>104785</osvdb>
</references>
<type>XSS</type>
<fixed_in>3.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="form-maker">
<vulnerability>
<title>Form Maker 1.6.4 - front_end_form_maker.php Unspecified XSS</title>
<references>
<osvdb>104870</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.6.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="1-jquery-photo-gallery-slideshow-flash">
<vulnerability>
<title>ZooEffect 1.08 - wp-1pluginjquery.php HTTP Referer Header Reflected XSS</title>
<references>
<osvdb>104876</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.09</fixed_in>
</vulnerability>
</plugin>
<plugin name="google-analytics-dashboard">
<vulnerability>
<title>Google Analytics Dashboard 2.0.4 - gad-admin-pages-posts.php pid Parameter SQL Injection</title>
<references>
<osvdb>104877</osvdb>
</references>
<type>SQLI</type>
<fixed_in>2.0.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="blogvault-real-time-backup">
<vulnerability>
<title>blogVault 1.08 - Missing Account Empty Secret Key Generation</title>
<references>
<osvdb>107570</osvdb>
</references>
<type>BYPASS</type>
<fixed_in>1.09</fixed_in>
</vulnerability>
<vulnerability>
<title>blogVault 1.05 - admin.php blogVault Key Setting CSRF</title>
<references>
<osvdb>104906</osvdb>
</references>
<type>SQLI</type>
<fixed_in>1.06</fixed_in>
</vulnerability>
</plugin>
<plugin name="captcha">
<vulnerability>
<title>Captcha 2.12-3.8.1 - captcha bypass</title>
<references>
<url>http://www.antoine-cervoise.fr/2014/03/27/contournement-du-plugin-captcha-pour-wordpress-v-3-8-1-et-anterieures/</url>
<url>https://github.com/cervoise/pentest-scripts/blob/master/web/cms/captcha-bypass/wordpress-plugins/captcha/bypass-3.8.1-and-previous.php</url>
</references>
<type>BYPASS</type>
<fixed_in>3.8.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-html-sitemap">
<vulnerability>
<title>WP HTML Sitemap 1.2 - wp-html-sitemap.html Sitemap Deletion CSRF</title>
<references>
<osvdb>105084</osvdb>
<url>http://packetstormsecurity.com/files/125933/</url>
<url>http://seclists.org/fulldisclosure/2014/Mar/400</url>
<url>https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="groups">
<vulnerability>
<title>Groups 1.4.5 - Negated Role Capability Handling Elevated Privilege Issue</title>
<references>
<osvdb>104940</osvdb>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.4.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="html5-jquery-audio-player">
<vulnerability>
<title>HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php Multiple Parameter Stored XSS Weakness</title>
<references>
<osvdb>104951</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.4</fixed_in>
</vulnerability>
<vulnerability>
<title>HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php id Parameter SQL Injection</title>
<references>
<osvdb>104952</osvdb>
</references>
<type>SQLI</type>
<fixed_in>2.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="shrimptest">
<vulnerability>
<title>ShrimpTest 1.0b2 - plugins/metric-conversion.php Multiple Unspecified XSS</title>
<references>
<osvdb>104956</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0b3</fixed_in>
</vulnerability>
<vulnerability>
<title>ShrimpTest 1.0b2 - plugins/plugin-notification.php Unspecified XSS</title>
<references>
<osvdb>104957</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0b3</fixed_in>
</vulnerability>
<vulnerability>
<title>ShrimpTest 1.0b2 - plugins/variant-shortcode.php Unspecified XSS</title>
<references>
<osvdb>104958</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0b3</fixed_in>
</vulnerability>
<vulnerability>
<title>ShrimpTest 1.0b2 - admin/experiments.php Multiple Unspecified XSS</title>
<references>
<osvdb>104959</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0b3</fixed_in>
</vulnerability>
<vulnerability>
<title>ShrimpTest 1.0b2 - admin/experiment-new.php Multiple Unspecified XSS</title>
<references>
<osvdb>104960</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0b3</fixed_in>
</vulnerability>
</plugin>
<plugin name="activehelper-livehelp">
<vulnerability>
<title>ActiveHelper LiveHelp Server 3.2.2 - server/import/status.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>104990</osvdb>
</references>
<type>SQLI</type>
<fixed_in>3.4.0</fixed_in>
</vulnerability>
<vulnerability>
<title>ActiveHelper LiveHelp Server 3.2.2 - server/import/tracker.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>104991</osvdb>
</references>
<type>SQLI</type>
<fixed_in>3.4.0</fixed_in>
</vulnerability>
<vulnerability>
<title>ActiveHelper LiveHelp Server 3.2.2 - server/import/javascript.php Multiple Vector SQL Injection</title>
<references>
<osvdb>104992</osvdb>
</references>
<type>SQLI</type>
<fixed_in>3.4.0</fixed_in>
</vulnerability>
<vulnerability>
<title>ActiveHelper LiveHelp Server 3.2.2 - server/frames.php DEPARTMENT Parameter SQL Injection</title>
<references>
<osvdb>104993</osvdb>
</references>
<type>SQLI</type>
<fixed_in>3.4.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="springboard-video-quick-publish">
<vulnerability>
<title>Springboard Video Quick Publish 0.2.6 - videolist.php paged Parameter Reflected XSS</title>
<references>
<osvdb>105992</osvdb>
</references>
<type>XSS</type>
<fixed_in>0.2.7</fixed_in>
</vulnerability>
<vulnerability>
<title>Springboard Video Quick Publish 0.2.6 - springboardvideo.php video_id Parameter XSS</title>
<references>
<osvdb>105993</osvdb>
</references>
<type>XSS</type>
<fixed_in>0.2.7</fixed_in>
</vulnerability>
<vulnerability>
<title>Springboard Video Quick Publish 0.2.6 - sb_search.php paged Parameter Reflected XSS</title>
<references>
<osvdb>105994</osvdb>
</references>
<type>XSS</type>
<fixed_in>0.2.7</fixed_in>
</vulnerability>
<vulnerability>
<title>Springboard Video Quick Publish 0.2.4 - Unspecified Issue</title>
<references>
<osvdb>105007</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>0.2.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="ignitiondeck">
<vulnerability>
<title>IgnitionDeck 1.1 - Purchase Form Unspecified XSS</title>
<references>
<osvdb>105008</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="ajax-pagination">
<vulnerability>
<title>Ajax Pagination 1.1 - wp-admin/admin-ajax.php loop Parameter Local File Inclusion</title>
<references>
<osvdb>105087</osvdb>
<exploitdb>32622</exploitdb>
<url>http://packetstormsecurity.com/files/125929/</url>
<url>http://seclists.org/fulldisclosure/2014/Mar/398</url>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="tt-guest-post-submit">
<vulnerability>
<title>TT Guest Post Submit 1.0.0 - tt-guest-post-submit-submit.php rootpath Parameter Remote File Inclusion</title>
<references>
<osvdb>105120</osvdb>
</references>
<type>RFI</type>
<fixed_in>1.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="salesforce-wordpress-to-lead">
<vulnerability>
<title>WordPress-to-Lead for Salesforce CRM 1.0.4 - ov_plugin_tools.php textinput Function XSS</title>
<references>
<osvdb>105146</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0.5</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress-to-Lead for Salesforce CRM 1.0.1 - salesforce.php salesforce_form_shortcode Function Error Message Handling XSS</title>
<references>
<osvdb>105148</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0.2</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress-to-Lead for Salesforce CRM 1.0 - salesforce.php Multiple Parameter XSS</title>
<references>
<osvdb>105147</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="disable-comments">
<vulnerability>
<title>Disable Comments 1.0.3 - disable_comments_settings.php Comment Status Manipulation CSRF</title>
<references>
<osvdb>105245</osvdb>
<cve>2014-2550</cve>
<secunia>57613</secunia>
<url>http://www.securityfocus.com/bid/66564</url>
</references>
<type>CSRF</type>
<fixed_in>1.0.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-business-intelligence-lite">
<vulnerability>
<title>WP Business intelligence lite &lt;= 1.0.6 - Remote Code Execution Exploit</title>
<references>
<secunia>57590</secunia>
<url>http://packetstormsecurity.com/files/125927/</url>
<url>http://cxsecurity.com/issue/WLB-2014030243</url>
</references>
<type>RCE</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="barclaycart">
<vulnerability>
<title>Barclaycart - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/125552/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="Premium_Gallery_Manager">
<vulnerability>
<title>Premium Gallery Manager - Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/125586/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="jetpack">
<vulnerability>
<title>Jetpack &lt;= 2.9.2 - class.jetpack.php XML-RPC Access Control Bypass</title>
<references>
<osvdb>105714</osvdb>
<cve>2014-0173</cve>
<secunia>57729</secunia>
<url>http://jetpack.me/2014/04/10/jetpack-security-update/</url>
</references>
<type>BYPASS</type>
<fixed_in>2.9.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="lazyest-gallery">
<vulnerability>
<title>Lazyest Gallery &lt;= 1.1.20 - EXIF Script Insertion Vulnerability</title>
<references>
<cve>2014-2333</cve>
<osvdb>105680</osvdb>
<secunia>57746</secunia>
</references>
<type>XSS</type>
<fixed_in>1.1.21</fixed_in>
</vulnerability>
<vulnerability>
<title>Lazyest Gallery 1.1.7 - Crafted Folder Name Unspecified Issue</title>
<references>
<osvdb>105728</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.1.8</fixed_in>
</vulnerability>
<vulnerability>
<title>Lazyest Gallery 0.10.4.3 - Multiple File/Directory Insecure Permissions Local Content Manipulation</title>
<references>
<osvdb>105818</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>0.10.4.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Lazyest Gallery 0.4.2 - Multiple Unspecified Issues</title>
<references>
<osvdb>107400</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="post-expirator">
<vulnerability>
<title>Post Expirator &lt;= 2.1.1 - Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>57503</secunia>
</references>
<type>CSRF</type>
<fixed_in>2.1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="quick-pagepost-redirect-plugin">
<vulnerability>
<title>Quick Page Post Redirect 5.0.4 - redirect-updates.php quickppr_redirects Parameter Stored XSS</title>
<references>
<osvdb>105707</osvdb>
<cve>2014-2598</cve>
<secunia>57883</secunia>
<exploitdb>32867</exploitdb>
<url>http://www.securityfocus.com/bid/66790</url>
<url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/</url>
</references>
<type>XSS</type>
<fixed_in>5.0.5</fixed_in>
</vulnerability>
<vulnerability>
<title>Quick Page Post Redirect 5.0.4 - redirect-updates.php Multiple Admin Function CSRF</title>
<references>
<osvdb>105708</osvdb>
<cve>2014-2598</cve>
<secunia>57883</secunia>
<exploitdb>32867</exploitdb>
<url>http://www.securityfocus.com/bid/66790</url>
<url>https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/</url>
</references>
<type>CSRF</type>
<fixed_in>5.0.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="twitget">
<vulnerability>
<title>Twitget 3.3.1 - twitget.php Twitter Setting Manipulation CSRF</title>
<references>
<osvdb>105705</osvdb>
<cve>2014-2559</cve>
<exploitdb>32868</exploitdb>
<url>https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1/</url>
</references>
<type>CSRF</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
<vulnerability>
<title>Twitget 3.3.1 - twitget.php twitget_consumer_key Parameter Stored XSS</title>
<references>
<osvdb>105704</osvdb>
<cve>2014-2559</cve>
<exploitdb>32868</exploitdb>
<url>https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1/</url>
</references>
<type>XSS</type>
<fixed_in>3.3.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="hk-exif-tags">
<vulnerability>
<title>HK Exif Tags 1.11 - hk_exif_tags.php hk_exif_tags_images_process Function EXIF Tags Handling Stored XSS</title>
<references>
<osvdb>105725</osvdb>
<secunia>57753</secunia>
</references>
<type>XSS</type>
<fixed_in>1.12</fixed_in>
</vulnerability>
</plugin>
<plugin name="unconfirmed">
<vulnerability>
<title>Unconfirmed &lt;= 1.2.4 - unconfirmed.php s Parameter Reflected XSS</title>
<references>
<osvdb>105722</osvdb>
<secunia>57838</secunia>
</references>
<type>XSS</type>
<fixed_in>1.2.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="liveoptim">
<vulnerability>
<title>LiveOptim 1.4.3 - Configuration Setting Manipulation CSRF</title>
<references>
<osvdb>105986</osvdb>
<secunia>57990</secunia>
<url>http://www.securityfocus.com/bid/66939</url>
</references>
<type>CSRF</type>
<fixed_in>1.4.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-conditional-captcha">
<vulnerability>
<title>Conditional CAPTCHA 3.6 - wp-conditional-captcha.php Settings Page CSRF</title>
<references>
<osvdb>106014</osvdb>
</references>
<type>CSRF</type>
<fixed_in>3.6.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-js-external-link-info">
<vulnerability>
<title>JS External Link Info 1.21 - redirect.php blog Parameter XSS</title>
<references>
<osvdb>106125</osvdb>
<url>http://packetstormsecurity.com/files/126238/</url>
<url>http://www.securityfocus.com/bid/66999</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-fields">
<vulnerability>
<title>Simple Fields 1.1.6 - inc-admin-options.php Admin Functions CSRF</title>
<references>
<osvdb>106316</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Simple Fields 0.3.5 - simple_fields.php wp_abspath Parameter Remote File Inclusion</title>
<references>
<osvdb>106622</osvdb>
</references>
<type>RFI</type>
<fixed_in>0.3.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="work-the-flow-file-upload">
<vulnerability>
<title>Work The Flow File Upload 1.2.1 - wp-admin/admin-ajax.php accept_file_types Parameter Manipulation File Upload Restriction Bypass</title>
<references>
<osvdb>106366</osvdb>
<secunia>58216</secunia>
<url>http://www.securityfocus.com/bid/67083</url>
<url>http://packetstormsecurity.com/files/126333/</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="file-gallery">
<vulnerability>
<title>File Gallery 1.7.9 - Settings Page create_function Function Remote Command Execution</title>
<references>
<osvdb>106417</osvdb>
<cve>2014-2558</cve>
<secunia>58216</secunia>
<url>http://www.securityfocus.com/bid/67120</url>
</references>
<type>RCE</type>
<fixed_in>1.7.9.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="nextcellent-gallery-nextgen-legacy">
<vulnerability>
<title>NextCellent Gallery 1.9.13 - admin/manage-images.php Multiple Field Stored XSS Weakness</title>
<references>
<osvdb>106474</osvdb>
<url>http://www.securityfocus.com/bid/67085</url>
</references>
<type>XSS</type>
<fixed_in>1.9.18</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-affiliate-platform">
<vulnerability>
<title>WP Affiliate Manager - login.php msg Parameter XSS</title>
<references>
<osvdb>106533</osvdb>
<url>http://packetstormsecurity.com/files/126424/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="query-interface">
<vulnerability>
<title>Query Interface 1.1 - Multiple Unspecified Issues</title>
<references>
<osvdb>106642</osvdb>
</references>
<type>MULTI</type>
<fixed_in>1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="photo-gallery">
<vulnerability>
<title>Photo-Gallery - UploadHandler.php File Upload CSRF</title>
<references>
<osvdb>106732</osvdb>
<url>http://packetstormsecurity.com/files/126521/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="infusion4wp">
<vulnerability>
<title>iMember360is 3.9.001 - XSS / Disclosure / Code Execution</title>
<references>
<url>http://1337day.com/exploit/22184</url>
</references>
<type>MULTI</type>
<fixed_in>3.9.002</fixed_in>
</vulnerability>
</plugin>
<plugin name="acumbamail-signup-forms">
<vulnerability>
<title>Acumbamail 1.0.4 - acumbamail.class.php callAPI() Function MitM Information Disclosure</title>
<references>
<osvdb>106711</osvdb>
<secunia>67220</secunia>
<url>http://www.securityfocus.com/bid/67220</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.0.4.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="tinymce-colorpicker">
<vulnerability>
<title>TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Color Saving CSRF</title>
<references>
<osvdb>106854</osvdb>
<secunia>58095</secunia>
<url>http://www.securityfocus.com/bid/67333</url>
</references>
<type>CSRF</type>
<fixed_in>1.2</fixed_in>
</vulnerability>
<vulnerability>
<title>TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Missing edit_others_posts Capability Check</title>
<references>
<osvdb>106854</osvdb>
<secunia>58095</secunia>
<url>http://www.securityfocus.com/bid/67333</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="contact-bank">
<vulnerability>
<title>Contact Bank 2.0.19 - Multiple Unspecified Issues</title>
<references>
<osvdb>106868</osvdb>
<secunia>67334</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>2.0.20</fixed_in>
</vulnerability>
</plugin>
<plugin name="bonuspressx">
<vulnerability>
<title>Bonuspressx - ar_submit.php n Parameter XSS</title>
<references>
<osvdb>106931</osvdb>
<url>http://packetstormsecurity.com/files/126595/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="profile-builder">
<vulnerability>
<title>Profile Builder 1.1.59 - front-end/wppb.recover.password.php Password Recovery Bypass</title>
<references>
<osvdb>106986</osvdb>
<secunia>58511</secunia>
<url>http://www.securityfocus.com/bid/67331</url>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.1.60</fixed_in>
</vulnerability>
</plugin>
<plugin name="basic-google-maps-placemarks">
<vulnerability>
<title>Basic Google Maps Placemarks 1.10.2 - settings.php Multiple Fields Stored XSS Weakness</title>
<references>
<osvdb>107121</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.10.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="simple-popup">
<vulnerability>
<title>Simple Popup - popup.php z Parameter XSS</title>
<references>
<osvdb>107294</osvdb>
<cve>2014-3921</cve>
<url>http://packetstormsecurity.com/files/126763/</url>
<url>http://www.securityfocus.com/bid/67562</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bib2html">
<vulnerability>
<title>bib2html 0.9.3 - /OSBiB/create/index.php styleShortName Parameter XSS</title>
<references>
<osvdb>107296</osvdb>
<cve>2014-3870</cve>
<url>http://packetstormsecurity.com/files/126782/</url>
<url>http://www.securityfocus.com/bid/67589</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="conversionninja">
<vulnerability>
<title>Conversion Ninja - /lp/index.php id Parameter XSS</title>
<references>
<cve>2014-4017</cve>
<osvdb>107297</osvdb>
<url>http://packetstormsecurity.com/files/126781/</url>
<url>http://www.securityfocus.com/bid/67590</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cool-video-gallery">
<vulnerability>
<title>Cool Video Gallery 1.8 - admin/gallery-details.php Multiple Actions CSRF</title>
<references>
<osvdb>107354</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Cool Video Gallery 1.8 - admin/gallery-manage.php Gallery Deletion CSRF</title>
<references>
<osvdb>107355</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Cool Video Gallery 1.8 - admin/gallery-settings.php Gallery Settings Manipulation CSRF</title>
<references>
<osvdb>107356</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Cool Video Gallery 1.8 - admin/gallery-sort.php Gallery Sort Order Manipulation CSRF</title>
<references>
<osvdb>107357</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Cool Video Gallery 1.8 - admin/player-settings.php Player Settings Manipulation CSRF</title>
<references>
<osvdb>107358</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Cool Video Gallery 1.8 - admin/plugin-uninstall.php Plugin Uninstallation CSRF</title>
<references>
<osvdb>107359</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Cool Video Gallery 1.8 - admin/video-sitemap.php XML Video Sitemap Generation CSRF</title>
<references>
<osvdb>107360</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Cool Video Gallery 1.8 - lib/core.php Multiple Actions CSRF</title>
<references>
<osvdb>107361</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="gtranslate">
<vulnerability>
<title>GTranslate 1.0.12 - gtranslate.php Widget Code Editing CSRF</title>
<references>
<osvdb>107399</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.0.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="world-of-warcraft-armory-table">
<vulnerability>
<title>World of Warcraft Armory Table 0.2.5 - WoWArmoryTable.php page Parameter Reflected XSS</title>
<references>
<osvdb>107479</osvdb>
<secunia>58596</secunia>
<url>http://www.securityfocus.com/bid/67628</url>
</references>
<type>XSS</type>
<fixed_in>0.2.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="participants-database">
<vulnerability>
<title>Participants Database 1.5.4.8 - pdb-signup CSV_type Action query Parameter SQL Injection</title>
<references>
<osvdb>107626</osvdb>
<cve>2014-3961</cve>
<secunia>58816</secunia>
<url>http://www.exploit-db.com/exploits/33613</url>
<url>http://packetstormsecurity.com/files/126878/</url>
<url>http://www.securityfocus.com/bid/67769</url>
<url>http://www.securityfocus.com/bid/67938</url>
</references>
<type>SQLI</type>
<fixed_in>1.5.4.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="popup-images">
<vulnerability>
<title>Popup Images - popup-images/popup.php z Parameter XSS</title>
<references>
<osvdb>107627</osvdb>
<url>http://packetstormsecurity.com/files/126872/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ose-firewall">
<vulnerability>
<title>Centrora Security 3.2.1 - Multiple Admin Actions CSRF</title>
<references>
<osvdb>107658</osvdb>
</references>
<type>CSRF</type>
<fixed_in>3.3.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="lively-chat-support">
<vulnerability>
<title>Lively Chat Support 1.0.29 - Unspecified Issue</title>
<references>
<osvdb>107689</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.0.30</fixed_in>
</vulnerability>
</plugin>
<plugin name="feature-comments">
<vulnerability>
<title>Featured Comments 1.2.1 - wp-admin/admin-ajax.php Comment Status Manipulation CSRF</title>
<references>
<osvdb>107844</osvdb>
<cve>2014-4163</cve>
<url>https://security.dxw.com/advisories/csrf-in-featured-comments-1-2-1-allows-an-attacker-to-set-and-unset-comment-statuses/</url>
<url>http://www.securityfocus.com/bid/67955</url>
<url>http://packetstormsecurity.com/files/127023/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wp-football">
<vulnerability>
<title>wp-football 1.1 - templates/template_worldCup_preview.php league Parameter Reflected XSS</title>
<references>
<osvdb>108336</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp-football 1.1 - templates/template_default_preview.php league Parameter Reflected XSS</title>
<references>
<osvdb>108337</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp-football 1.1 - football_phases_list.php id Parameter Reflected XSS</title>
<references>
<osvdb>108338</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp-football 1.1 - football_matches_phase.php id Parameter Reflected XSS</title>
<references>
<osvdb>108339</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp-football 1.1 - football_matches_load.php id_league Parameter Reflected XSS</title>
<references>
<osvdb>108340</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp-football 1.1 - football_matches_list.php id Parameter Reflected XSS</title>
<references>
<osvdb>108341</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp-football 1.1 - football_groups_list.php id Parameter Reflected XSS</title>
<references>
<osvdb>108342</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp-football 1.1 - football-functions.php f Parameter Reflected XSS</title>
<references>
<osvdb>108343</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp-football 1.1 - football_criteria.php league Parameter Reflected XSS</title>
<references>
<osvdb>108344</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp-football 1.1 - football_classification.php league Parameter Reflected XSS</title>
<references>
<osvdb>108345</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="member-approval">
<vulnerability>
<title>Member Approval 131109 - wp-admin/options-general.php Option Manipulation CSRF</title>
<references>
<osvdb>107845</osvdb>
<cve>2014-3850</cve>
<url>http://www.securityfocus.com/bid/67952</url>
<url>http://packetstormsecurity.com/files/127024/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="jw-player-plugin-for-wordpress">
<vulnerability>
<title>JW Player 2.1.2 - wp-admin/admin.php Player Deletion CSRF</title>
<references>
<cve>2014-4030</cve>
<osvdb>107846</osvdb>
<url>http://www.securityfocus.com/bid/67954</url>
<url>http://packetstormsecurity.com/files/127025/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="adminonline">
<vulnerability>
<title>AdminOnline - download.php file Parameter Remote Path Traversal File Access</title>
<references>
<osvdb>108024</osvdb>
<url>http://packetstormsecurity.com/files/127046/</url>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="ruven-toolkit">
<vulnerability>
<title>Ruven Toolkit 1.1 - tinymce/popup.php popup Parameter Reflected XSS</title>
<references>
<osvdb>108312</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="verification-code-for-comments">
<vulnerability>
<title>Verification Code for Comments 2.1.0 - vcc.js.php Multiple Parameter Reflected XSS</title>
<references>
<osvdb>108313</osvdb>
<cve>2014-4565</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wpcb">
<vulnerability>
<title>wpcb 2.4.8 - facture.php id Parameter Reflected XSS</title>
<references>
<osvdb>108407</osvdb>
<cve>2014-4581</cve>
<url>http://www.securityfocus.com/bid/68357</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-app-maker">
<vulnerability>
<title>WP App Maker 1.0.16.4 - icons-launcher.php uid Parameter Reflected XSS</title>
<references>
<osvdb>108408</osvdb>
<cve>2014-4578</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-amasin-the-amazon-affiliate-shop">
<vulnerability>
<title>wp-amasin-the-amazon-affiliate-shop 0.9.6 - reviews.php url Parameter Local File Inclusion</title>
<references>
<osvdb>108501</osvdb>
<cve>2014-4577</cve>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="cross-rss">
<vulnerability>
<title>Cross RSS 1.7 - proxy.php rss Parameter Local File Inclusion</title>
<references>
<osvdb>108502</osvdb>
<cve>2014-4941</cve>
<url>http://www.securityfocus.com/bid/68555</url>
<url>http://codevigilant.com/disclosure/wp-plugin-cross-rss-local-file-inclusion/</url>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="wphotfiles">
<vulnerability>
<title>Hot Files &lt; 1.0.0 - Cross-site scripting (XSS) vulnerability in tpls/editmedia.php</title>
<references>
<cve>2014-4588</cve>
<osvdb>108720</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="yahoo-updates-for-wordpress">
<vulnerability>
<title>Yahoo Updates &lt; 1.0 - XSS vulnerabilities in yupdates_application.php</title>
<references>
<cve>2014-4603</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="toolpage">
<vulnerability>
<title>Toolpage 1.6.1 - XSS vulnerability in includes/getTipo.php</title>
<references>
<cve>2014-4560</cve>
<osvdb>108704</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="url-cloak-encrypt">
<vulnerability>
<title>Cloak and Encrypt &lt; 2.0 - XSS vulnerability in go.php</title>
<references>
<cve>2014-4563</cve>
<osvdb>108895</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-url-cloak-encrypt-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="validated">
<vulnerability>
<title>Validated &lt; 1.0.2 - XSS vulnerability in check.php</title>
<references>
<osvdb>108659</osvdb>
<cve>2014-4564</cve>
<url>http://www.securityfocus.com/bid/68320</url>
<url>http://codevigilant.com/disclosure/wp-plugin-validated-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="verweise-wordpress-twitter">
<vulnerability>
<title>Verwei.se WordPress Twitter &lt; 1.0 2 - XSS vulnerability in res/fake_twitter/frame.php</title>
<references>
<cve>2014-4566</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-verweise-wordpress-twitter-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="easy-banners">
<vulnerability>
<title>Easy Banners 1.4 - XSS vulnerability in wp-admin/options-general.php</title>
<references>
<osvdb>108626</osvdb>
<cve>2014-4723</cve>
<url>http://packetstormsecurity.com/files/127293/</url>
<url>http://www.securityfocus.com/bid/68281</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="custom-banners">
<vulnerability>
<title>Custom Banners plugin 1.2.2.2 - XSS vulnerability in custom_banners_registered_name parameter to wp-admin/options.php</title>
<references>
<osvdb>108683</osvdb>
<cve>2014-4724</cve>
<url>http://packetstormsecurity.com/files/127291/</url>
<url>http://www.securityfocus.com/bid/68279</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="video-posts-webcam-recorder">
<vulnerability>
<title>Video Posts Webcam Recorder plugin &lt; 1.55.4 - XSS vulnerability in posts/videowhisper/r_logout.php</title>
<references>
<cve>2014-4568</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-video-posts-webcam-recorder-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="zeenshare">
<vulnerability>
<title>ZeenShare plugin &lt; 1.0.1 - XSS vulnerability in redirect_to_zeenshare.php via the zs_sid parameter</title>
<references>
<cve>2014-4606</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-zeenshare-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="zdstats">
<vulnerability>
<title>ZdStatistics &lt; 2.0.1 - XSS vulnerability in cal/test.php via the lang parameter</title>
<references>
<cve>2014-4605</cve>
<osvdb>108731</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-zdstats-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="your-text-manager">
<vulnerability>
<title>Your Text Manager &lt; 0.3.0 - XSS vulnerability in settings/pwsettings.php via the ytmpw parameter</title>
<references>
<cve>2014-4604</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-your-text-manager-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xen-carousel">
<vulnerability>
<title>XEN Carousel &lt; 0.12.2 - XSS vulnerabilities in xencarousel-admin.js.php via path or ajaxpath parameter</title>
<references>
<cve>2014-4602</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-xen-carousel-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-media-player">
<vulnerability>
<title>WP Silverlight Media Player &lt; 0.8 - XSS vulnerability in uploader.php via the post_id parameter</title>
<references>
<cve>2014-4589</cve>
<osvdb>108721</osvdb>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-media-player-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-microblogs">
<vulnerability>
<title>WP Microblogs plugin &lt; 0.4.0 - XSS vulnerability in get.php via the oauth_verifier parameter</title>
<references>
<cve>2014-4590</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-microblogs-a3-cross-site-scripting-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-php-widget">
<vulnerability>
<title>WP PHP Widget 1.0.2 - Full Path Disclosure vulnerability</title>
<references>
<cve>2013-0721</cve>
<osvdb>88846</osvdb>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="socialgrid">
<vulnerability>
<title>SocialGrid 2.3 - inline-admin.js.php default_services Parameter XSS</title>
<references>
<osvdb>71966</osvdb>
<secunia>44256</secunia>
<url>http://seclists.org/bugtraq/2011/Apr/176</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-easycart">
<vulnerability>
<title>EasyCart 2.0.5 - inc/admin/phpinfo.php Direct Request Remote Information Disclosure</title>
<references>
<osvdb>109030</osvdb>
<cve>2014-4942</cve>
<url>http://www.securityfocus.com/bid/68692</url>
</references>
<type>UNKNOWN</type>
<fixed_in>2.0.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="simple-slider">
<vulnerability>
<title>Simple Slider 1.0 - New Image URL Field XSS</title>
<references>
<osvdb>87806</osvdb>
<url>http://packetstormsecurity.org/files/118309/</url>
<url>http://xforce.iss.net/xforce/xfdb/80260</url>
<url>http://seclists.org/bugtraq/2012/Nov/89</url>
</references>
<type>XSS</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="bookx">
<vulnerability>
<title>BookX 1.7 - includes/bookx_export.php file Parameter Remote Path Traversal File Access</title>
<references>
<osvdb>109022</osvdb>
<cve>2014-4937</cve>
<url>http://www.securityfocus.com/bid/68556</url>
<url>http://codevigilant.com/disclosure/wp-plugin-bookx-local-file-inclusion/</url>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="wp-rss-poster">
<vulnerability>
<title>WP Rss Poster 1.0.0 - wp-admin/admin.php wrp-add-new Page id Parameter SQL Injection</title>
<references>
<osvdb>109023</osvdb>
<cve>2014-4938</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-wp-rss-poster-a1-injection/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="bannerman">
<vulnerability>
<title>BannerMan 0.2.4 - XSS in wp-admin/options-general.php via bannerman_background parameter</title>
<references>
<osvdb>108682</osvdb>
<cve>2014-4845</cve>
<url>http://packetstormsecurity.com/files/127289/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="random-banner">
<vulnerability>
<title>Random Banner 1.1.2.1 - random-banner/random-banner.php buffercode_RBanner_url_banner1 Parameter XSS</title>
<references>
<osvdb>108627</osvdb>
<cve>2014-4847</cve>
<url>http://packetstormsecurity.com/files/127292/</url>
<url>http://www.securityfocus.com/bid/68280</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="blogstand-smart-banner">
<vulnerability>
<title>Blogstand Smart Banner 1.0 - blogstand-banner.php bs_blog_id Parameter XSS</title>
<references>
<osvdb>108625</osvdb>
<cve>2014-4848</cve>
<url>http://packetstormsecurity.com/files/127290/</url>
<url>http://www.securityfocus.com/bid/68282</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-construction-mode">
<vulnerability>
<title>Construction Mode 1.8 - under-construction.php wuc_logo Parameter XSS</title>
<references>
<osvdb>108630</osvdb>
<cve>2014-4854</cve>
<secunia>58932</secunia>
<url>http://packetstormsecurity.com/files/127287/</url>
<url>http://www.securityfocus.com/bid/68287</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="polylang">
<vulnerability>
<title>Polylang 1.5.1 - User Description Handling Stored XSS</title>
<references>
<osvdb>108634</osvdb>
<cve>2014-4855</cve>
<secunia>59357</secunia>
<url>http://www.securityfocus.com/bid/68509</url>
</references>
<type>XSS</type>
<fixed_in>1.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Polylang 1.4.5 - Multiple Unspecified Issues</title>
<references>
<osvdb>108953</osvdb>
</references>
<type>MULTI</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="enl-newsletter">
<vulnerability>
<title>ENL Newsletter 1.0.1 - wp-admin/admin.php enl-add-new Page id Parameter SQL Injection</title>
<references>
<osvdb>109027</osvdb>
<cve>2014-4939</cve>
<url>http://codevigilant.com/disclosure/wp-plugin-enl-newsletter-a1-injection/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="tera-charts">
<vulnerability>
<title>Tera Charts 0.1 - charts/zoomabletreemap.php fn Parameter Remote Path Traversal File Disclosure</title>
<references>
<osvdb>109029</osvdb>
<cve>2014-4940</cve>
<url>http://www.securityfocus.com/bid/68662</url>
<url>http://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/</url>
</references>
<type>FPD</type>
<fixed_in>1.0</fixed_in>
</vulnerability>
<vulnerability>
<title>Tera Charts 0.1 - charts/treemap.php fn Parameter Remote Path Traversal File Disclosure</title>
<references>
<osvdb>109028</osvdb>
<cve>2014-4940</cve>
<url>http://www.securityfocus.com/bid/68662</url>
<url>http://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/</url>
</references>
<type>FPD</type>
<fixed_in>1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="starbox-voting">
<vulnerability>
<title>Starbox Voting - ajax.php Full Path Disclosure vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Feb/222</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
</vulnerabilities>
Reference in New Issue View Git Blame Copy Permalink