2260 lines
74 KiB
XML
2260 lines
74 KiB
XML
<?xml version="1.0"?>
|
|
<!--
|
|
WPScan - WordPress Security Scanner
|
|
Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
ryandewhurst at gmail
|
|
|
|
This file contains vulnerabilities associated with WordPress plugins.
|
|
TYPE = ["SQLI", "MULTI", "REDIRECT", "RCE", "RFI", "LFI", "UPLOAD", "UNKNOWN", "XSS", "CSRF"]
|
|
-->
|
|
<vulnerabilities>
|
|
<plugin name="resume-submissions-job-postings">
|
|
<vulnerability>
|
|
<title>Resume Submissions Job Posting v2.5.1 Unrestricted File Upload</title>
|
|
<reference>http://www.packetstormsecurity.org/files/114716</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-predict">
|
|
<vulnerability>
|
|
<title>WP-Predict v1.0 Blind SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/19715/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="backup">
|
|
<vulnerability>
|
|
<title>Backup Plugin 2.0.1 Information Disclosure</title>
|
|
<reference>http://www.exploit-db.com/exploits/19524/</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="moodthingy-mood-rating-widget">
|
|
<vulnerability>
|
|
<title>MoodThingy Widget v0.8.7 Blind SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/19572/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="paid-business-listings">
|
|
<vulnerability>
|
|
<title>Paid Business Listings v1.0.2 Blind SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/19481/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="website-faq">
|
|
<vulnerability>
|
|
<title>Website FAQ Plugin v1.0 SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/19400/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="radykal-fancy-gallery">
|
|
<vulnerability>
|
|
<title>Fancy Gallery 1.2.4 Shell Upload</title>
|
|
<reference>http://packetstormsecurity.org/files/114114/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="flipbook">
|
|
<vulnerability>
|
|
<title>Flip Book 1.0 Shell Upload</title>
|
|
<reference>http://packetstormsecurity.org/files/114112/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="ajax_multi_upload">
|
|
<vulnerability>
|
|
<title>Ajax Multi Upload 1.1 Shell Upload</title>
|
|
<reference>http://packetstormsecurity.org/files/114109/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="schreikasten">
|
|
<vulnerability>
|
|
<title>Schreikasten 0.14.13 XSS</title>
|
|
<reference>http://www.exploit-db.com/exploits/19294/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-automatic">
|
|
<vulnerability>
|
|
<title>Wordpress Automatic 2.0.3 CSRF</title>
|
|
<reference>http://packetstormsecurity.org/files/113763/</reference>
|
|
<type>CSRF</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="videowhisper-video-conference-integration">
|
|
<vulnerability>
|
|
<title>VideoWhisper Video Conference
|
|
4.51 Arbitrary File Upload Vulnerability</title>
|
|
<reference>http://packetstormsecurity.org/files/113580/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="auctionplugin">
|
|
<vulnerability>
|
|
<title>Auctions Plugin 2.0.1.3 Arbitrary
|
|
File Upload Vulnerability</title>
|
|
<reference>http://packetstormsecurity.org/files/113568/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="lb-mixed-slideshow">
|
|
<vulnerability>
|
|
<title>LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability</title>
|
|
<reference>http://packetstormsecurity.org/files/113844/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="lim4wp">
|
|
<vulnerability>
|
|
<title>Lim4wp 1.1.1 Arbitrary File Upload Vulnerability</title>
|
|
<reference>http://packetstormsecurity.org/files/113846/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-imagezoom">
|
|
<vulnerability>
|
|
<title>Wp-ImageZoom 1.0.3 Remote File Disclosure</title>
|
|
<reference>http://packetstormsecurity.org/files/113845/</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="invit0r">
|
|
<vulnerability>
|
|
<title>Invit0r 0.22 Shell Upload</title>
|
|
<reference>http://packetstormsecurity.org/files/113639/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="announces">
|
|
<vulnerability>
|
|
<title>Annonces 1.2.0.1 Shell Upload</title>
|
|
<reference>http://packetstormsecurity.org/files/113637/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="contus-video-galleryversion-10">
|
|
<vulnerability>
|
|
<title>Contus Video Gallery 1.3 Arbitrary
|
|
File Upload Vulnerability</title>
|
|
<reference>http://packetstormsecurity.org/files/113571/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="contus-hd-flv-player">
|
|
<vulnerability>
|
|
<title>Contus HD FLV Player 1.7 Arbitrary
|
|
File Upload Vulnerability</title>
|
|
<reference>http://packetstormsecurity.org/files/113570/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="user-meta">
|
|
<vulnerability>
|
|
<title>User Meta Version 1.1.1 Arbitrary File Upload Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/19052/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="topquark">
|
|
<vulnerability>
|
|
<title>Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/19053/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="sfbrowser">
|
|
<vulnerability>
|
|
<title>SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/19054/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="pica-photo-gallery">
|
|
<vulnerability>
|
|
<title>Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/19055/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="mac-dock-gallery">
|
|
<vulnerability>
|
|
<title>Mac Photo Gallery 2.7 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/19056/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="drag-drop-file-uploader">
|
|
<vulnerability>
|
|
<title>drag and drop file upload 0.1 Arbitrary File Upload Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/19057/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="custom-content-type-manager">
|
|
<vulnerability>
|
|
<title>Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/19058/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-gpx-map">
|
|
<vulnerability>
|
|
<title>wp-gpx-max version 1.1.21 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/19050/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="front-file-manager">
|
|
<vulnerability>
|
|
<title>Front File Manager Plugin 0.1 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/19012/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="front-end-upload">
|
|
<vulnerability>
|
|
<title>Front End Upload 0.5.3 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/19008/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Front End Upload v0.5.4 Arbitrary PHP File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/20083/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="omni-secure-files">
|
|
<vulnerability>
|
|
<title>Omni Secure Files 0.1.13 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/19009/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="easy-contact-forms-exporter">
|
|
<vulnerability>
|
|
<title>Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/19013/</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="pica-photo-gallery">
|
|
<vulnerability>
|
|
<title>PICA Photo Gallery 1.0 Remote File Disclosure</title>
|
|
<reference>http://www.exploit-db.com/exploits/19016/</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="plugin-newsletter">
|
|
<vulnerability>
|
|
<title>Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/19018/</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="rbxgallery">
|
|
<vulnerability>
|
|
<title>RBX Gallery 2.1 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/19019/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="simple-download-button-shortcode">
|
|
<vulnerability>
|
|
<title>Simple Download Button Shortcode 1.0 Remote File Disclosure</title>
|
|
<reference>http://www.exploit-db.com/exploits/19020/</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="thinkun-remind">
|
|
<vulnerability>
|
|
<title>Thinkun Remind 1.1.3 Remote File Disclosure</title>
|
|
<reference>http://www.exploit-db.com/exploits/19021/</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="tinymce-thumbnail-gallery">
|
|
<vulnerability>
|
|
<title>Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure</title>
|
|
<reference>http://www.exploit-db.com/exploits/19022/</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wpstorecart">
|
|
<vulnerability>
|
|
<title>wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/19023/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="gallery-plugin">
|
|
<vulnerability>
|
|
<title>Gallery 3.06 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/18998/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="font-uploader">
|
|
<vulnerability>
|
|
<title>Font Uploader 1.2.4 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/18994/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-property">
|
|
<vulnerability>
|
|
<title>WP-Property 1.35.0 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/18987/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wpmarketplace">
|
|
<vulnerability>
|
|
<title>WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/18988/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="store-locator-le">
|
|
<vulnerability>
|
|
<title>Google Maps via Store Locator Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/18989/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="html5avmanager">
|
|
<vulnerability>
|
|
<title>HTML5 AV Manager 0.2.7 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/18990/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="foxypress">
|
|
<vulnerability>
|
|
<title>Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload</title>
|
|
<reference>http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/, http://www.exploit-db.com/exploits/19100/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="asset-manager">
|
|
<vulnerability>
|
|
<title>Asset Manager 0.2 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/18993/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="track-that-stat">
|
|
<vulnerability>
|
|
<title>Track That Stat <= 1.0.8 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112722/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-facethumb">
|
|
<vulnerability>
|
|
<title>WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112658/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-survey-and-quiz-tool">
|
|
<vulnerability>
|
|
<title>Survey And Quiz Tool <= 2.9.2 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112685/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-statistics">
|
|
<vulnerability>
|
|
<title>WP Statistics <= 2.2.4 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112686/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-easy-gallery">
|
|
<vulnerability>
|
|
<title>WP Easy Gallery <= 1.7 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112687/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="subscribe2">
|
|
<vulnerability>
|
|
<title>Subscribe2 <= 8.0 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112688/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="soundcloud-is-gold">
|
|
<vulnerability>
|
|
<title>Soundcloud Is Gold <= 2.1 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112689/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="sharebar">
|
|
<vulnerability>
|
|
<title>Sharebar <= 1.2.1 SQL Injection / Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112690/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="share-and-follow">
|
|
<vulnerability>
|
|
<title>Share And Follow <= 1.80.3 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112691/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="sabre">
|
|
<vulnerability>
|
|
<title>SABRE <= 1.2.0 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112692/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="pretty-link">
|
|
<vulnerability>
|
|
<title>Pretty Link Lite <= 1.5.2 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112693/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="newsletter-manager">
|
|
<vulnerability>
|
|
<title>Newsletter Manager <= 1.0 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112694/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="network-publisher">
|
|
<vulnerability>
|
|
<title>Network Publisher <= 5.0.1 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112695/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="leaguemanager">
|
|
<vulnerability>
|
|
<title>LeagueManager <= 3.7 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112698/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="leaflet">
|
|
<vulnerability>
|
|
<title>Leaflet <= 0.0.1 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112699/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="joliprint">
|
|
<vulnerability>
|
|
<title>PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112700/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="iframe-admin-pages">
|
|
<vulnerability>
|
|
<title>IFrame Admin Pages <= 0.1 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112701/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="ezpz-one-click-backup">
|
|
<vulnerability>
|
|
<title>EZPZ One Click Backup <= 12.03.10 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112705/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="dynamic-widgets">
|
|
<vulnerability>
|
|
<title>Dynamic Widgets <= 1.5.1 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112706/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="download-monitor">
|
|
<vulnerability>
|
|
<title>Download Monitor <= 3.3.5.4 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112707/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="download-manager">
|
|
<vulnerability>
|
|
<title>Download Manager <= 2.2 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112708/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="codestyling-localization">
|
|
<vulnerability>
|
|
<title>Code Styling Localization <= 1.99.16 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112709/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="catablog">
|
|
<vulnerability>
|
|
<title>Catablog <= 1.6 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112619/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="bad-behavior">
|
|
<vulnerability>
|
|
<title>Bad Behavior <= 2.24 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112619/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="bulletproof-security">
|
|
<vulnerability>
|
|
<title>BulletProof Security <= 0.47 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112618/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="better-wp-security">
|
|
<vulnerability>
|
|
<title>Better WP Security <= 3.2.4 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112617/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="custom-contact-forms">
|
|
<vulnerability>
|
|
<title>Custom Contact Forms <= 5.0.0.1 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112616/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="2-click-socialmedia-button">
|
|
<vulnerability>
|
|
<title>2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112615/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>2-Click-Socialmedia-Buttons <= 0.32.2 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112711/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="login-with-ajax">
|
|
<vulnerability>
|
|
<title>Login With Ajax plugin < 3.0.4.1 Cross Site Scripting</title>
|
|
<reference>http://secunia.com/advisories/49013/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="media-library-categories">
|
|
<vulnerability>
|
|
<title>Media Library Categories plugin <= 1.0.6 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17628/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Media Library Categories plugin <= 1.1.1 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112697/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="deans-fckeditor-with-pwwangs-code-plugin-for-wordpress">
|
|
<vulnerability>
|
|
<title>FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload</title>
|
|
<reference>http://packetstormsecurity.org/files/111319/</reference>
|
|
<type>RFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="zingiri-web-shop">
|
|
<vulnerability>
|
|
<title>Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/18787/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Zingiri Web Shop <= 2.3.5 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112684/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Zingiri Web Shop 2.4.3 Shell Upload</title>
|
|
<reference>http://packetstormsecurity.org/files/113668/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="organizer">
|
|
<vulnerability>
|
|
<title>Organizer 1.2.1 Cross Site Scripting / Path Disclosure</title>
|
|
<reference>http://packetstormsecurity.org/files/112086, http://packetstormsecurity.org/files/113800</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="zingiri-tickets">
|
|
<vulnerability>
|
|
<title>Zingiri Tickets plugin File Disclosure</title>
|
|
<reference>http://packetstormsecurity.org/files/111904</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="cms-tree-page-view">
|
|
<vulnerability>
|
|
<title>XSS vulnerability in CMS Tree Page View Plugin</title>
|
|
<reference>https://www.htbridge.com/advisory/HTB23083</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="all-in-one-event-calendar">
|
|
<vulnerability>
|
|
<title>Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress</title>
|
|
<reference>http://seclists.org/bugtraq/2012/Apr/70</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="buddypress">
|
|
<vulnerability>
|
|
<title>Buddypress <= 1.5.5 SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/18690/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="register-plus-redux">
|
|
<vulnerability>
|
|
<title>Register Plus Redux <= 3.8.3 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/111367</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="magn-html5-drag-and-drop-media-uploader">
|
|
<vulnerability>
|
|
<title>Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability</title>
|
|
<reference>http://packetstormsecurity.org/files/110103</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="kish-guest-posting">
|
|
<vulnerability>
|
|
<title>Kish Guest Posting 1.0 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/18412/</reference>
|
|
<type>RFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="allwebmenus-wordpress-menu-plugin">
|
|
<vulnerability>
|
|
<title>AllWebMenus Shell Upload <= 1.1.9 Shell Upload</title>
|
|
<reference>http://packetstormsecurity.org/files/108946/</reference>
|
|
<type>RFI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>AllWebMenus 1.1.3 Remote File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/17861/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php</uri>
|
|
<postdata>abspath=XXpathXX</postdata>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="shortcode-redirect">
|
|
<vulnerability>
|
|
<title>Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/108914/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="ucan-post">
|
|
<vulnerability>
|
|
<title>uCan Post plugin <= 1.0.09 Stored XSS</title>
|
|
<reference>http://www.exploit-db.com/exploits/18390/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-cycle-playlist">
|
|
<vulnerability>
|
|
<title>WP Cycle Playlist plugin Multiple Vulnerabilities</title>
|
|
<reference>http://1337day.com/exploits/17396</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="myeasybackup">
|
|
<vulnerability>
|
|
<title>myEASYbackup 1.0.8.1 Directory Traversal</title>
|
|
<reference>http://packetstormsecurity.org/files/108711</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="count-per-day">
|
|
<vulnerability>
|
|
<title>Count Per Day 3.1.1 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/114787/SSCHADV2012-015.txt</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Count Per Day plugin <= 3.1.1 Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/18355/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Count per Day plugin <= 2.17 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17857/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-autoyoutube">
|
|
<vulnerability>
|
|
<title>WP-AutoYoutube plugin <= 0.1 Blind SQL Injection Vulnerability</title>
|
|
<reference>http://1337day.com/exploits/17368</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="age-verification">
|
|
<vulnerability>
|
|
<title>Age Verification plugin <= 0.4 Open Redirect</title>
|
|
<reference>http://www.exploit-db.com/exploits/18350</reference>
|
|
<type>REDIRECT</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="yousaytoo-auto-publishing-plugin">
|
|
<vulnerability>
|
|
<title>Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/108470</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="pay-with-tweet">
|
|
<vulnerability>
|
|
<title>Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/18330/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-whois">
|
|
<vulnerability>
|
|
<title>Whois Search <= 1.4.2 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/108271</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="upm-polls">
|
|
<vulnerability>
|
|
<title>BLIND SQL injection UPM-POLLS plugin 1.0.4</title>
|
|
<reference>http://www.exploit-db.com/exploits/18231/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="disqus-comment-system">
|
|
<vulnerability>
|
|
<title>Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS)</title>
|
|
<reference>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-recaptcha">
|
|
<vulnerability>
|
|
<title>Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability </title>
|
|
<reference>http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="link-library">
|
|
<vulnerability>
|
|
<title>Link Library plugin <= 5.2.1 SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/17887/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="cevhershare">
|
|
<vulnerability>
|
|
<title>CevherShare 2.0 plugin SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17891/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-glossary">
|
|
<vulnerability>
|
|
<title>WP Glossary plugin SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/18055/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="jetpack">
|
|
<vulnerability>
|
|
<title>jetpack plugin SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/18126/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="meenews">
|
|
<vulnerability>
|
|
<title>meenews 5.1 plugin Cross-Site Scripting Vulnerabilities</title>
|
|
<reference>http://seclists.org/bugtraq/2011/Nov/151</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="clickdesk-live-support-chat">
|
|
<vulnerability>
|
|
<title>Click Desk Live Support Chat < 2.0 Cross Site Scripting Vulnerability</title>
|
|
<reference>http://seclists.org/bugtraq/2011/Nov/148</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="adminimize">
|
|
<vulnerability>
|
|
<title>adminimize 1.7.21 Cross-Site Scripting Vulnerabilities</title>
|
|
<reference>http://seclists.org/bugtraq/2011/Nov/135</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="advanced-text-widget">
|
|
<vulnerability>
|
|
<title>Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability</title>
|
|
<reference>http://seclists.org/bugtraq/2011/Nov/133</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="mm-duplicate">
|
|
<vulnerability>
|
|
<title>MM Duplicate plugin <= 1.2 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17707/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="ungallery">
|
|
<vulnerability>
|
|
<title>UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17704/</reference>
|
|
<type>LFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-menu-creator">
|
|
<vulnerability>
|
|
<title>Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17689/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="allow-php-in-posts-and-pages">
|
|
<vulnerability>
|
|
<title>Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17688/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="global-content-blocks">
|
|
<vulnerability>
|
|
<title>Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17687/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="ajaxgallery">
|
|
<vulnerability>
|
|
<title>Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17686/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-ds-faq">
|
|
<vulnerability>
|
|
<title>WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17683/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="odihost-newsletter-plugin">
|
|
<vulnerability>
|
|
<title>OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17681/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="easy-contact-form-lite">
|
|
<vulnerability>
|
|
<title>Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17680/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-symposium">
|
|
<vulnerability>
|
|
<title>WP Symposium plugin <= 0.64 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17679/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="contus-hd-flv-player">
|
|
<vulnerability>
|
|
<title>Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17678/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="file-groups">
|
|
<vulnerability>
|
|
<title>File Groups plugin <= 1.1.2 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17677/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="ip-logger">
|
|
<vulnerability>
|
|
<title>IP-Logger plugin <= 3.0 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17673/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="beer-recipes">
|
|
<vulnerability>
|
|
<title>Beer Recipes v.1.0 XSS</title>
|
|
<reference>http://www.exploit-db.com/exploits/17453/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="is-human">
|
|
<vulnerability>
|
|
<title>Is-human <=1.4.2 Remote Command Execution Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17299/</reference>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="editormonkey">
|
|
<vulnerability>
|
|
<title>EditorMonkey plugin (FCKeditor) Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/17284/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="sermon-browser">
|
|
<vulnerability>
|
|
<title>SermonBrowser 0.43 SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/17214/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="ajax-category-dropdown">
|
|
<vulnerability>
|
|
<title>Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/17207/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-custom-pages">
|
|
<vulnerability>
|
|
<title>WP Custom Pages 0.5.0.1 LFI Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17119/</reference>
|
|
<type>LFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="flash-album-gallery">
|
|
<vulnerability>
|
|
<title>GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/16947/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>GRAND Flash Album Gallery <= 1.56 XSS Vulnerability</title>
|
|
<reference>http://seclists.org/bugtraq/2011/Nov/186</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>GRAND Flash Album Gallery <= 1.71 XSS Vulnerability</title>
|
|
<reference>http://packetstormsecurity.org/files/112704</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="php_speedy_wp">
|
|
<vulnerability>
|
|
<title>PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit</title>
|
|
<reference>http://www.exploit-db.com/exploits/16273/</reference>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="old-post-spinner">
|
|
<vulnerability>
|
|
<title>OPS Old Post Spinner 2.2.1 LFI Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/16251/</reference>
|
|
<type>LFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="jquery-mega-menu">
|
|
<vulnerability>
|
|
<title>jQuery Mega Menu 1.0 Local File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/16250/</reference>
|
|
<type>LFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="iwant-one-ihave-one">
|
|
<vulnerability>
|
|
<title>IWantOneButton 3.0.1 Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/16236/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="forum-server">
|
|
<vulnerability>
|
|
<title>WP Forum Server 1.6.5 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/16235/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>WP Forum Server plugin <= 1.7 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17828/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>WP Forum Server plugin <= 1.7.3 SQL Injection / XSS Vulnerabilities</title>
|
|
<reference>http://www.packetstormsecurity.org/files/112703</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="relevanssi">
|
|
<vulnerability>
|
|
<title>Relevanssi 2.7.2 Stored XSS Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/16233/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="gigpress">
|
|
<vulnerability>
|
|
<title>GigPress 2.1.10 Stored XSS Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/16232/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="comment-rating">
|
|
<vulnerability>
|
|
<title>Comment Rating 2.9.23 Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/16221/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="z-vote">
|
|
<vulnerability>
|
|
<title>Z-Vote 1.1 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/16218/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="user-photo">
|
|
<vulnerability>
|
|
<title>User Photo Component Remote File Upload Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/16181/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="enable-media-replace">
|
|
<vulnerability>
|
|
<title>Enable Media Replace Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/16144/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="mingle-forum">
|
|
<vulnerability>
|
|
<title>Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection</title>
|
|
<reference>http://packetstormsecurity.org/files/108915/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Mingle Forum plugin <= 1.0.31 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17894/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Mingle Forum (Plugin) <= 1.0.26 Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/15943/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Mingle Forum <= 1.0.33 Cross Site Scripting</title>
|
|
<reference>http://packetstormsecurity.org/files/112696/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="accept-signups">
|
|
<vulnerability>
|
|
<title>Accept Signups 0.1 XSS</title>
|
|
<reference>http://www.exploit-db.com/exploits/15808/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="events-manager-extended">
|
|
<vulnerability>
|
|
<title>Events Manager Extended Persistent XSS Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/14923/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="nextgen-smooth-gallery">
|
|
<vulnerability>
|
|
<title>NextGEN Smooth Gallery Blind SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/14541/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="mylinksdump">
|
|
<vulnerability>
|
|
<title>myLDlinker SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/14441/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="firestats">
|
|
<vulnerability>
|
|
<title>Firestats Remote Configuration File Download</title>
|
|
<reference>http://www.exploit-db.com/exploits/14308/</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="simple-press">
|
|
<vulnerability>
|
|
<title>Simple:Press SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/14198/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="cimy-counter">
|
|
<vulnerability>
|
|
<title>Vulnerabilities in Cimy Counter for WordPress</title>
|
|
<reference>http://www.exploit-db.com/exploits/14057/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="nextgen-gallery">
|
|
<vulnerability>
|
|
<title>XSS in NextGEN Gallery <= 1.5.1</title>
|
|
<reference>http://www.exploit-db.com/exploits/12098/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="cpl">
|
|
<vulnerability>
|
|
<title>Copperleaf Photolog SQL injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/11458/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="events-calendar">
|
|
<vulnerability>
|
|
<title>Events SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/10929/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="ImageManager">
|
|
<vulnerability>
|
|
<title>Image Manager Plugins Shell Upload Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/10325/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-cumulus">
|
|
<vulnerability>
|
|
<title>Vulnerabilities in WP-Cumulus <= 1.20 for WordPress</title>
|
|
<reference>http://www.exploit-db.com/exploits/10228/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>WP-Cumulus < 1.23 Cross Site Scripting Vulnerabily</title>
|
|
<reference>http://seclists.org/fulldisclosure/2011/Nov/340</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-syntax">
|
|
<vulnerability>
|
|
<title>WP-Syntax <= 0.9.1 Remote Command Execution</title>
|
|
<reference>http://www.exploit-db.com/exploits/9431/</reference>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="my-category-order">
|
|
<vulnerability>
|
|
<title>My Category Order <= 2.8 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/9150/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="related-sites">
|
|
<vulnerability>
|
|
<title>Related Sites 2.1 Blind SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/9054/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="dm-albums">
|
|
<vulnerability>
|
|
<title>DM Albums 1.9.2 Remote File Disclosure Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/9048/</reference>
|
|
<type>LFI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>DM Albums 1.9.2 Remote File Inclusion Vuln</title>
|
|
<reference>http://www.exploit-db.com/exploits/9043/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="photoracer">
|
|
<vulnerability>
|
|
<title>Photoracer 1.0 (id) SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/8961/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Photoracer plugin <= 1.0 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17720/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Photoracer plugin <= 1.0 Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/17731/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-lytebox">
|
|
<vulnerability>
|
|
<title>Lytebox (wp-lytebox) Local File Inclusion Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/8791/</reference>
|
|
<type>LFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="fmoblog">
|
|
<vulnerability>
|
|
<title>fMoblog 2.1 (id) SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/8229/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="page-flip-image-gallery">
|
|
<vulnerability>
|
|
<title>Page Flip Image Gallery <= 0.2.2 Remote FD Vuln</title>
|
|
<reference>http://www.exploit-db.com/exploits/7543/</reference>
|
|
<type>LFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-shopping-cart">
|
|
<vulnerability>
|
|
<title>e-Commerce <= 3.4 Arbitrary File Upload Exploit</title>
|
|
<reference>http://www.exploit-db.com/exploits/6867/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="downloads-manager">
|
|
<vulnerability>
|
|
<title>Download Manager 0.2 Arbitrary File Upload Exploit</title>
|
|
<reference>http://www.exploit-db.com/exploits/6127/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wpSS">
|
|
<vulnerability>
|
|
<title>Spreadsheet <= 0.6 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/5486/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-download">
|
|
<vulnerability>
|
|
<title>Download (dl_id) SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/5326/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="sniplets">
|
|
<vulnerability>
|
|
<title>Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/5194/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-photo-album">
|
|
<vulnerability>
|
|
<title>Photo album Remote SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/5135/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="sf-forum">
|
|
<vulnerability>
|
|
<title>Simple Forum 2.0-2.1 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/5126/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Simple Forum 1.10-1.11 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/5127/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="st_newsletter">
|
|
<vulnerability>
|
|
<title>st_newsletter Remote SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/5053/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>st_newsletter (stnl_iframe.php) SQL Injection Vuln</title>
|
|
<reference>http://www.exploit-db.com/exploits/6777/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wordspew">
|
|
<vulnerability>
|
|
<title>Wordspew Remote SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/5039/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="dmsguestbook">
|
|
<vulnerability>
|
|
<title>dmsguestbook 1.7.0 Multiple Remote Vulnerabilities</title>
|
|
<reference>http://www.exploit-db.com/exploits/5035/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wassup">
|
|
<vulnerability>
|
|
<title>WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit</title>
|
|
<reference>http://www.exploit-db.com/exploits/5017/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-adserve">
|
|
<vulnerability>
|
|
<title>Adserve 0.2 adclick.php SQL Injection Exploit</title>
|
|
<reference>http://www.exploit-db.com/exploits/5013/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="fgallery">
|
|
<vulnerability>
|
|
<title>plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/4993/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-cal">
|
|
<vulnerability>
|
|
<title>WP-Cal 0.3 editevent.php SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/4992/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wpforum">
|
|
<vulnerability>
|
|
<title>plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/4939/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/7738/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-filemanager">
|
|
<vulnerability>
|
|
<title>Wp-FileManager 1.2 Remote Upload Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/4844/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="pictpress">
|
|
<vulnerability>
|
|
<title>PictPress <= 0.91 Remote File Disclosure Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/4695/</reference>
|
|
<type>LFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="backupwordpress">
|
|
<vulnerability>
|
|
<title>BackUp<= 0.4.2b RFI Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/4593/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/BackUp/Archive.php?bkpwp_plugin_path=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="myflash">
|
|
<vulnerability>
|
|
<title>plugin myflash <= 1.00 (wppath) RFI Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/3828/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/myflash/myflash-button.php?wpPATH=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wordtube">
|
|
<vulnerability>
|
|
<title>plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/3825/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/wordtube/wordtube-button.php?wpPATH=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-table">
|
|
<vulnerability>
|
|
<title>plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/3824/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="mygallery">
|
|
<vulnerability>
|
|
<title>myGallery <= 1.4b4 Remote File Inclusion Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/3814/</reference>
|
|
<type>RFI</type>
|
|
<uri>/mygallery/myfunctions/mygallerybrowser.php?myPath=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="sendit">
|
|
<vulnerability>
|
|
<title>SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17716/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="js-appointment">
|
|
<vulnerability>
|
|
<title>Js-appointment plugin <= 1.5 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17724/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="mm-forms-community">
|
|
<vulnerability>
|
|
<title>MM Forms Community <= 1.2.3 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17725/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>MM Forms Community 2.2.6 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/18997/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="super-captcha">
|
|
<vulnerability>
|
|
<title>Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17728/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="collision-testimonials">
|
|
<vulnerability>
|
|
<title>Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17729/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="oqey-headers">
|
|
<vulnerability>
|
|
<title>Oqey Headers plugin <= 0.3 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17730/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="fbpromotions">
|
|
<vulnerability>
|
|
<title>Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17737/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="evarisk">
|
|
<vulnerability>
|
|
<title>Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17738/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Evarisk 5.1.5.4 Shell Upload</title>
|
|
<reference>http://packetstormsecurity.org/files/113638/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="profiles">
|
|
<vulnerability>
|
|
<title>Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17739/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="mystat">
|
|
<vulnerability>
|
|
<title>mySTAT plugin <= 2.6 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17740/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="sh-slideshow">
|
|
<vulnerability>
|
|
<title>SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17748/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="copyright-licensing-tools">
|
|
<vulnerability>
|
|
<title>iCopyright(R) Article Tools plugin <= 1.1.4 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17749/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="advertizer">
|
|
<vulnerability>
|
|
<title>Advertizer plugin <= 1.0 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17750/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="event-registration">
|
|
<vulnerability>
|
|
<title>Event Registration plugin <= 5.44 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17814/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Event Registration plugin <= 5.43 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17751/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Event Registration 5.32 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/15513/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="crawlrate-tracker">
|
|
<vulnerability>
|
|
<title>Craw Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17755/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-audio-gallery-playlist">
|
|
<vulnerability>
|
|
<title>wp audio gallery playlist plugin <= 0.12 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17756/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="yolink-search">
|
|
<vulnerability>
|
|
<title>yolink Search plugin <= 1.1.4 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17757/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="pure-html">
|
|
<vulnerability>
|
|
<title>PureHTML plugin <= 1.0.0 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17758/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="couponer">
|
|
<vulnerability>
|
|
<title>Couponer plugin <= 1.2 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17759/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="grapefile">
|
|
<vulnerability>
|
|
<title>grapefile plugin <= 1.1 Arbitrary File Upload</title>
|
|
<reference>http://www.exploit-db.com/exploits/17760/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="image-gallery-with-slideshow">
|
|
<vulnerability>
|
|
<title>image-gallery-with-slideshow plugin <= 1.5 Arbitrary File Upload / SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/17761/</reference>
|
|
<type>MULTI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg">
|
|
<vulnerability>
|
|
<title>Donation plugin <= 1.0 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17763/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-bannerize">
|
|
<vulnerability>
|
|
<title>WP Bannerize plugin <= 2.8.6 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17764/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17906/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="search-autocomplete">
|
|
<vulnerability>
|
|
<title>SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17767/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="videowhisper-video-presentation">
|
|
<vulnerability>
|
|
<title>VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17771/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="facebook-opengraph-meta-plugin">
|
|
<vulnerability>
|
|
<title>Facebook Opengraph Meta plugin <= 1.0 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17773/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="zotpress">
|
|
<vulnerability>
|
|
<title>Zotpress plugin <= 4.4 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17778/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="oqey-gallery">
|
|
<vulnerability>
|
|
<title>oQey Gallery plugin <= 0.4.8 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17779/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="tweet-old-post">
|
|
<vulnerability>
|
|
<title>Tweet Old Post plugin <= 3.2.5 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17789/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="post-highlights">
|
|
<vulnerability>
|
|
<title>post highlights plugin <= 2.2 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17790/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="knr-author-list-widget">
|
|
<vulnerability>
|
|
<title>KNR Author List Widget plugin <= 2.0.0 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17791/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="scormcloud">
|
|
<vulnerability>
|
|
<title>SCORM Cloud plugin <= 1.0.6.6 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17793/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="eventify">
|
|
<vulnerability>
|
|
<title>Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17794/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="paid-downloads">
|
|
<vulnerability>
|
|
<title>Paid Downloads plugin <= 2.01 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17797/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="community-events">
|
|
<vulnerability>
|
|
<title>Community Events plugin <= 1.2.1 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17798/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="1-flash-gallery">
|
|
<vulnerability>
|
|
<title>1 Flash Gallery Arbiraty File Upload Exploit (MSF)</title>
|
|
<reference>http://www.exploit-db.com/exploits/17801/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-filebase">
|
|
<vulnerability>
|
|
<title>WP-Filebase Download Manager plugin <= 0.2.9 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17808/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="a-to-z-category-listing">
|
|
<vulnerability>
|
|
<title>A to Z Category Listing plugin <= 1.3 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17809/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-e-commerce">
|
|
<vulnerability>
|
|
<title>WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17832/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="filedownload">
|
|
<vulnerability>
|
|
<title>Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17858/</reference>
|
|
<type>LFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="thecartpress">
|
|
<vulnerability>
|
|
<title>TheCartPress <= 1.6 Cross Site Sripting</title>
|
|
<reference>http://packetstormsecurity.org/files/108272/</reference>
|
|
<type>XSS</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>TheCartPress 1.1.1 Remote File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/17860/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/thecartpress/checkout/CheckoutEditor.php?tcp_save_fields=true&tcp_class_name=asdf&tcp_class_path=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wpeasystats">
|
|
<vulnerability>
|
|
<title>WPEasyStats 1.8 Remote File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/17862/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/wpeasystats/export.php?homep=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="annonces">
|
|
<vulnerability>
|
|
<title>Annonces 1.2.0.0 Remote File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/17863/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php?abspath=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="livesig">
|
|
<vulnerability>
|
|
<title>Livesig 0.4 Remote File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/17864/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/livesig/livesig-ajax-backend.php</uri>
|
|
<postdata>wp-root=XXpathXX&action=asdf</postdata>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="disclosure-policy-plugin">
|
|
<vulnerability>
|
|
<title>Disclosure Policy 1.0 Remote File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/17865/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&blogUrl=asdf&abspath=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="mailz">
|
|
<vulnerability>
|
|
<title>Mailing List 1.3.2 Remote File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/17866/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/mailz/lists/config/config.php?wpabspath=XXpathXX</uri>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Mailing List < 1.4.1 Arbitrary file download</title>
|
|
<reference>http://www.exploit-db.com/exploits/18276/</reference>
|
|
<type>UNKNOWN</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="g-web-shop">
|
|
<vulnerability>
|
|
<title>Zingiri Web Shop 2.2.0 Remote File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/17867/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/g-web-shop/fws/ajax/init.inc.php?wpabspath=XXpathXX</uri>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>Zingiri Web Shop <= 2.2.3 Remote Code Execution</title>
|
|
<reference>http://www.exploit-db.com/exploits/18111/</reference>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="mini-mail-dashboard-widget">
|
|
<vulnerability>
|
|
<title>Mini Mail Dashboard Widget 1.36 Remote File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/17868/</reference>
|
|
<type>RFI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="relocate-upload">
|
|
<vulnerability>
|
|
<title>Relocate Upload 0.14 Remote File Inclusion</title>
|
|
<reference>http://www.exploit-db.com/exploits/17869/</reference>
|
|
<type>RFI</type>
|
|
<uri>/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=XXpathXX</uri>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="category-grid-view-gallery">
|
|
<vulnerability>
|
|
<title>Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="auto-attachments">
|
|
<vulnerability>
|
|
<title>Auto Attachments plugin 0.2.9 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-marketplace">
|
|
<vulnerability>
|
|
<title>WP Marketplace plugin 1.1.0 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="dp-thumbnail">
|
|
<vulnerability>
|
|
<title>DP Thumbnail plugin 1.0 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="vk-gallery">
|
|
<vulnerability>
|
|
<title>Vk Gallery plugin 1.1.0 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="rekt-slideshow">
|
|
<vulnerability>
|
|
<title>Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="cac-featured-content">
|
|
<vulnerability>
|
|
<title>CAC Featured Content plugin 0.8 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="rent-a-car">
|
|
<vulnerability>
|
|
<title>Rent A Car plugin 1.0 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="lisl-last-image-slider">
|
|
<vulnerability>
|
|
<title>LISL Last Image Slider plugin 1.0 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="islidex">
|
|
<vulnerability>
|
|
<title>Islidex plugin 2.7 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="kino-gallery">
|
|
<vulnerability>
|
|
<title>Kino Gallery plugin 1.0 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="cms-pack-cache">
|
|
<vulnerability>
|
|
<title>Cms Pack plugin 1.3 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="a-gallery">
|
|
<vulnerability>
|
|
<title>A Gallery plugin 0.9 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="category-list-portfolio-page">
|
|
<vulnerability>
|
|
<title>Category List Portfolio Page plugin 0.9 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="really-easy-slider">
|
|
<vulnerability>
|
|
<title>Really Easy Slider plugin 0.1 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="verve-meta-boxes">
|
|
<vulnerability>
|
|
<title>Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="user-avatar">
|
|
<vulnerability>
|
|
<title>User Avatar plugin 1.3.7 shell upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="extend-wordpress">
|
|
<vulnerability>
|
|
<title>Extend plugin 1.3.7 Shell Upload vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17872/</reference>
|
|
<type>UPLOAD</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="adrotate">
|
|
<vulnerability>
|
|
<title>AdRotate plugin <= 3.6.5 SQL Injection Vulnerability</title>
|
|
<reference>http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>AdRotate plugin <= 3.6.6 SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/18114/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-spamfree">
|
|
<vulnerability>
|
|
<title>WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability</title>
|
|
<reference>http://www.exploit-db.com/exploits/17970/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="gd-star-rating">
|
|
<vulnerability>
|
|
<title>GD Star Rating plugin <= 1.9.10 SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/17973/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>GD Star Rating plugin <= 1.9.16 Cross Site Scripting</title>
|
|
<reference>http://www.packetstormsecurity.org/files/112702</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="contact-form-wordpress">
|
|
<vulnerability>
|
|
<title>Contact Form plugin <= 2.7.5 SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/17980/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="wp-photo-album-plus">
|
|
<vulnerability>
|
|
<title>WP Photo Album Plus <= 4.1.1 SQL Injection</title>
|
|
<reference>http://www.exploit-db.com/exploits/17983/</reference>
|
|
<type>SQLI</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
<plugin name="backwpup">
|
|
<vulnerability>
|
|
<title>BackWPUp 2.1.4 Code Execution</title>
|
|
<reference>http://www.exploit-db.com/exploits/17987/</reference>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
<vulnerability>
|
|
<title>plugin BackWPup 1.5.2, 1.6.1, 1.7.1 Remote and Local Code Execution Vulnerability</title>
|
|
<reference>http://osvdb.org/show/osvdb/71481</reference>
|
|
<type>RCE</type>
|
|
</vulnerability>
|
|
</plugin>
|
|
|
|
</vulnerabilities>
|