garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
7549d3778ca1f185b54799879b3ef1dd25991f9b
wpscan/data/plugin_vulns.xml
Peter van der Laan 7549d3778c Fixed a 'crucial typo'
2013-10-10 09:49:10 +02:00

7100 lines
200 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vuln.xsd">
<plugin name="content-slide">
<vulnerability>
<title>Content Slide Plugin Cross-Site Requst Forgery Vulnerability</title>
<type>CSRF</type>
<references>
<osvdb>93871</osvdb>
<secunia>52949</secunia>
</references>
</vulnerability>
</plugin>
<plugin name="wordpress-simple-paypal-shopping-cart">
<vulnerability>
<title>Simple Paypal Shopping Cart Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>52963</secunia>
<osvdb>93953</osvdb>
</references>
<type>CSRF</type>
<fixed_in>3.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-sendsms">
<vulnerability>
<title>WP-SendSMS Plugin for WordPress Setting Manipulation CSRF</title>
<references>
<secunia>53796</secunia>
<osvdb>94209</osvdb>
<exploitdb>26124</exploitdb>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>WP-SendSMS Plugin for WordPress wp-admin/admin.php Multiple Parameter XSS</title>
<references>
<osvdb>94210</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mail-subscribe-list">
<vulnerability>
<title>Mail Subscribe List Plugin Script Insertion Vulnerability</title>
<references>
<secunia>53732</secunia>
<osvdb>94197</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="s3-video">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53437</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>0.98</fixed_in>
</vulnerability>
</plugin>
<plugin name="video-embed-thumbnail-generator">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53426</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>4.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="1player">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53445</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>1.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="external-video-for-everybody">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53396</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="EasySqueezePage">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="crayon-syntax-highlighter">
<vulnerability>
<title>Crayon Syntax Highlighter Remote File Inclusion Vulnerability</title>
<references>
<secunia>50804</secunia>
<url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
</url>
</references>
<type>RFI</type>
<fixed_in>1.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="ungallery">
<vulnerability>
<title>UnGallery plugin &lt;= 1.5.8 Local File Disclosure Vulnerability</title>
<references>
<exploitdb>17704</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>UnGallery Arbitrary Command Execution</title>
<references>
<secunia>50875</secunia>
<url>http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/</url>
</references>
<type>RCE</type>
<fixed_in>2.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="thanks-you-counter-button">
<vulnerability>
<title>Thank You Counter Button XSS</title>
<references>
<secunia>50977</secunia>
</references>
<type>XSS</type>
<fixed_in>1.8.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="bookings">
<vulnerability>
<title>Bookings XSS</title>
<references>
<secunia>50975</secunia>
</references>
<type>XSS</type>
<fixed_in>1.8.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="cimy-user-manager">
<vulnerability>
<title>Cimy User Manager Arbitrary File Disclosure</title>
<references>
<secunia>50834</secunia>
<url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="fs-real-estate-plugin">
<vulnerability>
<title>WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability</title>
<references>
<secunia>51107</secunia>
</references>
<type>SQLI</type>
<fixed_in>2.06.04</fixed_in>
</vulnerability>
<vulnerability>
<title>FireStorm Professional Real Estate Plugin Multiple SQL Injection</title>
<references>
<secunia>50873</secunia>
<url>
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
</url>
</references>
<type>SQLI</type>
<fixed_in>2.06.03</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp125">
<vulnerability>
<title>WP125 Multiple XSS</title>
<references>
<secunia>50976</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress WP125 Plugin CSRF</title>
<references>
<url>http://www.securityfocus.com/bid/58934</url>
</references>
<type>CSRF</type>
<fixed_in>1.5.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="all-video-gallery">
<vulnerability>
<title>Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities</title>
<references>
<secunia>50874</secunia>
<url>http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="buddystream">
<vulnerability>
<title>BuddyStream XSS</title>
<references>
<secunia>50972</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="post-views">
<vulnerability>
<title>post-views XSS</title>
<references>
<secunia>50982</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="floating-social-media-links">
<vulnerability>
<title>Floating Social Media Links Remote File Inclusion</title>
<references>
<secunia>51346</secunia>
<url>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/</url>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-forum">
<vulnerability>
<title>Zingiri Forum Arbitrary File Disclosure</title>
<references>
<secunia>50833</secunia>
<url>http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="google-document-embedder">
<vulnerability>
<title>Google Document Embedder Arbitrary File Disclosure</title>
<references>
<exploitdb>23970</exploitdb>
<url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
</url>
<secunia>50832</secunia>
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
</references>
<type>UNKNOWN</type>
<fixed_in>2.5.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="extended-user-profile">
<vulnerability>
<title>extended-user-profile Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20118</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="superslider-show">
<vulnerability>
<title>superslider-show Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20117</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wordpress-multibox-plugin">
<vulnerability>
<title>multibox plugin Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20119</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="contest/OpenInviter">
<vulnerability>
<title>OpenInviter Information Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/119265/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wp_rokbox">
<vulnerability>
<title>RokBox Multiple Vulnerabilities</title>
<references>
<url>http://1337day.com/exploit/19981</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>RokBox &lt;= 2.13 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/118884/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_rokintroscroller">
<vulnerability>
<title>RokIntroScroller &lt;= 1.8 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123302/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_rokmicronews">
<vulnerability>
<title>RokMicroNews &lt;= 1.5 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123312/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_roknewspager">
<vulnerability>
<title>RokNewsPager &lt;= 1.17 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123271/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_rokstories">
<vulnerability>
<title>RokStories &lt;= 1.25 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123270/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="grou-random-image-widget">
<vulnerability>
<title>grou-random-image-widget Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20047</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="sintic_gallery">
<vulnerability>
<title>sintic_gallery Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19993</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>sintic_gallery Path Disclosure Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20020</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wp-useronline">
<vulnerability>
<title>WP-UserOnline Full Path Disclosure</title>
<references>
<url>http://seclists.org/fulldisclosure/2010/Jul/8</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Wp-UserOnline &lt;= 0.62 Persistent XSS</title>
<references>
<url>http://seclists.org/fulldisclosure/2010/Jul/8</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="levelfourstorefront">
<vulnerability>
<title>Shopping Cart Shell Upload / SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/119217/</url>
<secunia>51690</secunia>
</references>
<type>MULTI</type>
<fixed_in>8.1.15</fixed_in>
</vulnerability>
</plugin>
<plugin name="reflex-gallery">
<vulnerability>
<title>ReFlex Gallery Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/119218/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="uploader">
<vulnerability>
<title>Uploader 1.0.4 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/119219/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="xerte-online">
<vulnerability>
<title>Xerte Online 0.32 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/119220/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="advanced-custom-fields">
<vulnerability>
<title>Advanced Custom Fields &lt;= 3.5.1 Remote File Inclusion</title>
<references>
<url>http://packetstormsecurity.com/files/119221/</url>
<secunia>51037</secunia>
<exploitdb>23856</exploitdb>
<osvdb>87353</osvdb>
<metasploit>exploit/unix/webapp/wp_advanced_custom_fields_exec</metasploit>
</references>
<type>RFI</type>
<fixed_in>3.5.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="sitepress-multilingual-cms">
<vulnerability>
<title>Wordpress sitepress-multilingual-cms Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20067</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="asset-manager">
<vulnerability>
<title>Asset Manager 0.2 Arbitrary File Upload</title>
<references>
<exploitdb>18993</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>WordPress plugin Asset manager upload.php Arbitrary Code Execution</title>
<references>
<url>
http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="apptha-banner">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="apptha-slider-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="blaze-slide-show-for-wordpress">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="comment-extra-field">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-rich-inline-edit">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-pager">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-uploader">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-ui-options">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fresh-page">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mac-dock-photogallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pdw-file-browser">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="power-zoomer">
<vulnerability>
<title>powerzoomer Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20253</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slide-show-pro">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="smart-slide-show">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="spotlightyour">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sprapid">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ultimate-tinymce">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
<secunia>51224</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-3dbanner-rotator">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-3dflick-slideshow">
<vulnerability>
<title>wp-3dflick-slideshow Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20255</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-bliss-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-carouselslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
<secunia>51250</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities</title>
<references>
<secunia>50377</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>3.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-dreamworkgallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-ecommerce-cvs-importer">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-extended">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-flipslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-homepage-slideshow">
<vulnerability>
<title>wp-homepage-slideshow Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20260</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-image-news-slider">
<vulnerability>
<title>wp-image-news-slider Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20259</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Image News slider Plugin Unspecified Vulnerabilities</title>
<references>
<secunia>50390</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>3.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-levoslideshow">
<vulnerability>
<title>wp-levoslideshow Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20250</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-matrix-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-powerplaygallery">
<vulnerability>
<title>wp-powerplaygallery Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20252</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-royal-gallery">
<vulnerability>
<title>wp-royal-gallery Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20261</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-superb-slideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp superb Slideshow Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/19979</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wp-vertical-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-yasslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cardoza-ajax-search">
<vulnerability>
<title>Ajax Post Search Sql Injection</title>
<references>
<url>http://seclists.org/bugtraq/2012/Nov/33</url>
<secunia>51205</secunia>
<url>http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html</url>
</references>
<type>SQLI</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="answer-my-question">
<vulnerability>
<title>Answer My Question 1.1 Multiple XSS</title>
<references>
<url>http://www.securityfocus.com/archive/1/524625/30/0/threaded</url>
<secunia>50655</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="catalog">
<vulnerability>
<title>Catalog HTML Code Injection and Cross-site scripting</title>
<references>
<url>http://packetstormsecurity.com/files/117820/</url>
<secunia>51143</secunia>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/60079/info</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities</title>
<references>
<exploitdb>25724</exploitdb>
<osvdb>93591</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wordfence">
<vulnerability>
<title>Wordfence 3.3.5 XSS and IAA</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Oct/139</url>
<secunia>51055</secunia>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Wordfence 3.8.1 - XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122993/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slideshow-jquery-image-gallery">
<vulnerability>
<title>Slideshow jQuery Image Gallery Multiple Vulnerabilities</title>
<references>
<url>http://www.waraxe.us/advisory-92.html</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities</title>
<references>
<secunia>51135</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="social-discussions">
<vulnerability>
<title>Social Discussions Multiple Vulnerabilities</title>
<references>
<url>http://www.waraxe.us/advisory-93.html</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="abtest">
<vulnerability>
<title>ABtest Directory Traversal</title>
<references>
<url>
http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="bbpress">
<vulnerability>
<title>BBPress - SQL Injection / Path Disclosure</title>
<references>
<exploitdb>22396</exploitdb>
<osvdb>86400</osvdb>
<url>http://xforce.iss.net/xforce/xfdb/78244</url>
<url>http://packetstormsecurity.com/files/116123/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="nextgen_cu3er_gallery">
<vulnerability>
<title>NextGen Cu3er Gallery Information Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/116150/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="rich-widget">
<vulnerability>
<title>Rich Widget File Upload</title>
<references>
<url>http://packetstormsecurity.com/files/115787/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="monsters-editor-10-for-wp-super-edit">
<vulnerability>
<title>Monsters Editor Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/115788/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="quick-post-widget">
<vulnerability>
<title>Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities</title>
<references>
<url>http://seclists.org/bugtraq/2012/Aug/66</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="threewp-email-reflector">
<vulnerability>
<title>ThreeWP Email Reflector 1.13 Stored XSS</title>
<references>
<exploitdb>20365</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-simplemail">
<vulnerability>
<title>SimpleMail 1.0.6 Stored XSS</title>
<references>
<exploitdb>20361</exploitdb>
<secunia>50208</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="postie">
<vulnerability>
<title>Postie 1.4.3 Stored XSS</title>
<references>
<exploitdb>20360</exploitdb>
<secunia>50207</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="rsvpmaker">
<vulnerability>
<title>RSVPMaker v2.5.4 Persistent XSS</title>
<references>
<exploitdb>20474</exploitdb>
<secunia>50289</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mz-jajak">
<vulnerability>
<title>Mz-jajak &lt;= 2.1 SQL Injection Vulnerability</title>
<references>
<exploitdb>20416</exploitdb>
<secunia>50217</secunia>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="resume-submissions-job-postings">
<vulnerability>
<title>Resume Submissions Job Posting v2.5.1 Unrestricted File Upload</title>
<references>
<url>http://packetstormsecurity.com/files/114716/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-predict">
<vulnerability>
<title>WP-Predict v1.0 Blind SQL Injection</title>
<references>
<exploitdb>19715</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="backup">
<vulnerability>
<title>Backup Plugin Information Disclosure</title>
<references>
<exploitdb>19524</exploitdb>
<secunia>50038</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="moodthingy-mood-rating-widget">
<vulnerability>
<title>MoodThingy Widget v0.8.7 Blind SQL Injection</title>
<references>
<exploitdb>19572</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="paid-business-listings">
<vulnerability>
<title>Paid Business Listings v1.0.2 Blind SQL Injection</title>
<references>
<exploitdb>19481</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="website-faq">
<vulnerability>
<title>Website FAQ Plugin v1.0 SQL Injection</title>
<references>
<exploitdb>19400</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="radykal-fancy-gallery">
<vulnerability>
<title>Fancy Gallery 1.2.4 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/114114/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="flipbook">
<vulnerability>
<title>Flip Book 1.0 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/114112/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="ajax_multi_upload">
<vulnerability>
<title>Ajax Multi Upload 1.1 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/114109/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="schreikasten">
<vulnerability>
<title>Schreikasten 0.14.13 XSS</title>
<references>
<exploitdb>19294</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-automatic">
<vulnerability>
<title>Wordpress Automatic 2.0.3 CSRF</title>
<references>
<url>http://packetstormsecurity.com/files/113763/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="videowhisper-video-conference-integration">
<vulnerability>
<title>VideoWhisper Video Conference 4.51 - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/113580/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Video Whisper - XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122943/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="auctionplugin">
<vulnerability>
<title>Auctions Plugin 2.0.1.3 Arbitrary
File Upload Vulnerability
</title>
<references>
<url>http://packetstormsecurity.com/files/113568/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lb-mixed-slideshow">
<vulnerability>
<title>LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/113844/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lim4wp">
<vulnerability>
<title>Lim4wp 1.1.1 Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/113846/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-imagezoom">
<vulnerability>
<title>Wp-ImageZoom 1.0.3 Remote File Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/113845/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="invit0r">
<vulnerability>
<title>Invit0r 0.22 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/113639/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="announces">
<vulnerability>
<title>Annonces 1.2.0.1 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/113637/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="contus-video-galleryversion-10">
<vulnerability>
<title>Contus Video Gallery 1.3 Arbitrary
File Upload Vulnerability
</title>
<references>
<url>http://packetstormsecurity.com/files/113571/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="contus-hd-flv-player">
<vulnerability>
<title>Contus HD FLV Player plugin &lt;= 1.3 SQL Injection Vulnerability</title>
<references>
<exploitdb>17678</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Contus HD FLV Player 1.7 Arbitrary
File Upload Vulnerability
</title>
<references>
<url>http://packetstormsecurity.com/files/113570/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="user-meta">
<vulnerability>
<title>User Meta Version 1.1.1 Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19052</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="topquark">
<vulnerability>
<title>Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19053</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="sfbrowser">
<vulnerability>
<title>SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19054</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="pica-photo-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19055</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>PICA Photo Gallery 1.0 Remote File Disclosure</title>
<references>
<exploitdb>19016</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="mac-dock-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues</title>
<references>
<secunia>49923</secunia>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
<vulnerability>
<title>WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities</title>
<references>
<secunia>49836</secunia>
</references>
<type>XSS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
<vulnerability>
<title>Mac Photo Gallery 2.7 Arbitrary File Upload</title>
<references>
<exploitdb>19056</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="drag-drop-file-uploader">
<vulnerability>
<title>drag and drop file upload 0.1 Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19057</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="custom-content-type-manager">
<vulnerability>
<title>Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19058</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-gpx-map">
<vulnerability>
<title>wp-gpx-max version 1.1.21 Arbitrary File Upload</title>
<references>
<exploitdb>19050</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="front-file-manager">
<vulnerability>
<title>Front File Manager Plugin 0.1 Arbitrary File Upload</title>
<references>
<exploitdb>19012</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="front-end-upload">
<vulnerability>
<title>Front End Upload 0.5.3 Arbitrary File Upload</title>
<references>
<exploitdb>19008</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Front End Upload v0.5.4 Arbitrary PHP File Upload</title>
<references>
<exploitdb>20083</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="omni-secure-files">
<vulnerability>
<title>Omni Secure Files 0.1.13 Arbitrary File Upload</title>
<references>
<exploitdb>19009</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="easy-contact-forms-exporter">
<vulnerability>
<title>Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability</title>
<references>
<exploitdb>19013</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="plugin-newsletter">
<vulnerability>
<title>Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>19018</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="rbxgallery">
<vulnerability>
<title>RBX Gallery 2.1 Arbitrary File Upload</title>
<references>
<exploitdb>19019</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="simple-download-button-shortcode">
<vulnerability>
<title>Simple Download Button Shortcode 1.0 Remote File Disclosure</title>
<references>
<exploitdb>19020</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="thinkun-remind">
<vulnerability>
<title>Thinkun Remind 1.1.3 Remote File Disclosure</title>
<references>
<exploitdb>19021</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="tinymce-thumbnail-gallery">
<vulnerability>
<title>Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure</title>
<references>
<exploitdb>19022</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wpstorecart">
<vulnerability>
<title>wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload</title>
<references>
<exploitdb>19023</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="gallery-plugin">
<vulnerability>
<title>Gallery 3.06 Arbitrary File Upload</title>
<references>
<exploitdb>18998</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="font-uploader">
<vulnerability>
<title>Font Uploader 1.2.4 Arbitrary File Upload</title>
<references>
<exploitdb>18994</exploitdb>
<osvdb>82657</osvdb>
<cve>2012-3814</cve>
<url>http://www.securityfocus.com/bid/53853</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-property">
<vulnerability>
<title>WP Property &lt;=1.35.0 - Arbitrary File Upload</title>
<references>
<exploitdb>18987</exploitdb>
<exploitdb>23651</exploitdb>
<osvdb>82656</osvdb>
<secunia>49394</secunia>
<url>http://packetstormsecurity.com/files/113274/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wpmarketplace">
<vulnerability>
<title>WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload</title>
<references>
<exploitdb>18988</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="store-locator-le">
<vulnerability>
<title>Google Maps via Store Locator Multiple Vulnerabilities</title>
<references>
<exploitdb>18989</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>store-locator-le SQL Injection</title>
<references>
<secunia>51757</secunia>
</references>
<type>SQLI</type>
<fixed_in>3.8.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="html5avmanager">
<vulnerability>
<title>HTML5 AV Manager 0.2.7 - Arbitrary File Upload</title>
<references>
<exploitdb>18990</exploitdb>
<url>http://www.securityfocus.com/bid/53804</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="foxypress">
<vulnerability>
<title>Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload</title>
<references>
<url>http://packetstormsecurity.com/files/113576/</url>
<exploitdb>18991</exploitdb>
<exploitdb>19100</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/117768/</url>
<secunia>51109</secunia>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="track-that-stat">
<vulnerability>
<title>Track That Stat &lt;= 1.0.8 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112722/</url>
<url>http://www.securityfocus.com/bid/53551</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-facethumb">
<vulnerability>
<title>WP-Facethumb Gallery &lt;= 0.1 Reflected Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112658/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-survey-and-quiz-tool">
<vulnerability>
<title>Survey And Quiz Tool &lt;= 2.9.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112685/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-statistics">
<vulnerability>
<title>WP Statistics &lt;= 2.2.4 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112686/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-easy-gallery">
<vulnerability>
<title>WP Easy Gallery &lt;= 1.7 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112687/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Easy Gallery &lt;= 2.7 CSRF</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=669527%40wp-easy-gallery&amp;new=669527%40wp-easy-gallery</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="subscribe2">
<vulnerability>
<title>Subscribe2 &lt;= 8.0 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112688/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="soundcloud-is-gold">
<vulnerability>
<title>Soundcloud Is Gold &lt;= 2.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112689/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sharebar">
<vulnerability>
<title>Sharebar &lt;= 1.2.5 - sharebar-admin.php page Parameter XSS</title>
<references>
<osvdb>98078</osvdb>
<url>http://packetstormsecurity.com/files/123365/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Sharebar &lt;= 1.2.5 - Button Manipulation CSRF</title>
<references>
<osvdb>94843</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>Sharebar &lt;= 1.2.1 - SQL Injection / Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112690/</url>
</references>
<type>MULTI</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="share-and-follow">
<vulnerability>
<title>Share And Follow &lt;= 1.80.3 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112691/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sabre">
<vulnerability>
<title>SABRE &lt;= 1.2.0 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112692/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pretty-link">
<vulnerability>
<title>Pretty Link Lite &lt;= 1.5.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112693/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Pretty Link Lite &lt;= 1.6.1 Cross Site Scripting</title>
<references>
<secunia>50980</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress pretty-link plugin XSS in SWF</title>
<references>
<url>http://seclists.org/bugtraq/2013/Feb/100</url>
<url>http://packetstormsecurity.com/files/120433/</url>
<cve>2013-1636</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="newsletter-manager">
<vulnerability>
<title>Newsletter Manager &lt;= 1.0 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112694/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="network-publisher">
<vulnerability>
<title>Network Publisher &lt;= 5.0.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112695/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="leaguemanager">
<vulnerability>
<title>LeagueManager &lt;= 3.7 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112698/</url>
<secunia>49949</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LeagueManager v3.8 SQL Injection</title>
<references>
<exploitdb>24789</exploitdb>
<cve>2013-1852</cve>
<osvdb>91442</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="leaflet">
<vulnerability>
<title>Leaflet &lt;= 0.0.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112699/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="joliprint">
<vulnerability>
<title>PDF And Print Button Joliprint &lt;= 1.3.0 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112700/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="iframe-admin-pages">
<vulnerability>
<title>IFrame Admin Pages &lt;= 0.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112701/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ezpz-one-click-backup">
<vulnerability>
<title>EZPZ One Click Backup &lt;= 12.03.10 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112705/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dynamic-widgets">
<vulnerability>
<title>Dynamic Widgets &lt;= 1.5.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112706/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="download-monitor">
<vulnerability>
<title>Download Monitor &lt; 3.3.6.2 Cross Site Scripting</title>
<references>
<url>http://www.securityfocus.com/bid/61407</url>
<secunia>53116</secunia>
<cve>2013-5098</cve>
<cve>2013-3262</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.6.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Download Monitor &lt;= 3.3.5.7 Cross Site Scripting</title>
<references>
<url>http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html</url>
<secunia>50511</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Download Monitor &lt;= 3.3.5.4 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112707/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="download-manager">
<vulnerability>
<title>Download Manager &lt;= 2.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112708/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="codestyling-localization">
<vulnerability>
<title>Code Styling Localization &lt;= 1.99.16 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112709/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="catablog">
<vulnerability>
<title>Catablog &lt;= 1.6 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112619/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bad-behavior">
<vulnerability>
<title>Bad Behavior &lt;= 2.24 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112619/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bulletproof-security">
<vulnerability>
<title>BulletProof Security &lt;= 0.47 - Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112618/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>BulletProof Security - Security Log Script Insertion Vulnerability</title>
<references>
<osvdb>95928</osvdb>
<osvdb>95929</osvdb>
<osvdb>95930</osvdb>
<cve>2013-3487</cve>
<secunia>53614</secunia>
</references>
<fixed_in>0.49</fixed_in>
</vulnerability>
</plugin>
<plugin name="better-wp-security">
<vulnerability>
<title>Better WP Security &lt;= 3.5.3 Stored XSS</title>
<references>
<url>https://github.com/wpscanteam/wpscan/issues/251</url>
<url>http://www.securityfocus.com/archive/1/527634/30/0/threaded</url>
<osvdb>95884</osvdb>
<secunia>54299</secunia>
<exploitdb>27290</exploitdb>
</references>
<type>XSS</type>
<fixed_in>3.5.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security v3.4.3 Multiple XSS</title>
<references>
<url>http://seclists.org/bugtraq/2012/Oct/9</url>
</references>
<type>XSS</type>
<fixed_in>3.4.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security &lt;= 3.2.4 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112617/</url>
</references>
<type>XSS</type>
<fixed_in>3.2.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="custom-contact-forms">
<vulnerability>
<title>Custom Contact Forms &lt;= 5.0.0.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112616/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="2-click-socialmedia-button">
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.34 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112615/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.32.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112711/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="login-with-ajax">
<vulnerability>
<title>Login With Ajax plugin Cross Site Scripting</title>
<references>
<secunia>49013</secunia>
</references>
<type>XSS</type>
<fixed_in>3.0.4.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress Login With Ajax Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>52950</secunia>
</references>
<type>CSRF</type>
<fixed_in>3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="media-library-categories">
<vulnerability>
<title>Media Library Categories plugin &lt;= 1.0.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17628</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Media Library Categories plugin &lt;= 1.1.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112697/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="deans-fckeditor-with-pwwangs-code-plugin-for-wordpress">
<vulnerability>
<title>FCKeditor Deans With Pwwangs Code &lt;= 1.0.0 Remote Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/111319/</url>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-web-shop">
<vulnerability>
<title>WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability</title>
<references>
<secunia>49398</secunia>
</references>
<type>SQLI</type>
<fixed_in>2.4.8</fixed_in>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.4.0 Multiple XSS Vulnerabilities</title>
<references>
<exploitdb>18787</exploitdb>
<secunia>48991</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.3.5 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112684/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop 2.4.3 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/113668/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="organizer">
<vulnerability>
<title>Organizer 1.2.1 Cross Site Scripting / Path Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/112086/</url>
<url>http://packetstormsecurity.com/files/113800/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-tickets">
<vulnerability>
<title>Zingiri Tickets plugin File Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/111904/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="cms-tree-page-view">
<vulnerability>
<title>XSS vulnerability in CMS Tree Page View Plugin</title>
<references>
<url>https://www.htbridge.com/advisory/HTB23083</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="all-in-one-event-calendar">
<vulnerability>
<title>Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress</title>
<references>
<url>http://seclists.org/bugtraq/2012/Apr/70</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="buddypress">
<vulnerability>
<title>Buddypress &lt;= 1.5.5 SQL Injection</title>
<references>
<exploitdb>18690</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="register-plus-redux">
<vulnerability>
<title>Register Plus Redux &lt;= 3.8.3 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/111367/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="magn-html5-drag-and-drop-media-uploader">
<vulnerability>
<title>Magn WP Drag and Drop &lt;= 1.1.4 Upload Shell Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/110103/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="kish-guest-posting">
<vulnerability>
<title>Kish Guest Posting 1.0 Arbitrary File Upload</title>
<references>
<exploitdb>18412</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="allwebmenus-wordpress-menu-plugin">
<vulnerability>
<title>AllWebMenus Shell Upload &lt;= 1.1.9 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/108946/</url>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>AllWebMenus 1.1.3 Remote File Inclusion</title>
<references>
<exploitdb>17861</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="shortcode-redirect">
<vulnerability>
<title>Shortcode Redirect &lt;= 1.0.01 Stored Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/108914/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ucan-post">
<vulnerability>
<title>uCan Post plugin &lt;= 1.0.09 Stored XSS</title>
<references>
<exploitdb>18390</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-cycle-playlist">
<vulnerability>
<title>WP Cycle Playlist plugin Multiple Vulnerabilities</title>
<references>
<url>http://1337day.com/exploits/17396</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="myeasybackup">
<vulnerability>
<title>myEASYbackup 1.0.8.1 Directory Traversal</title>
<references>
<url>http://packetstormsecurity.com/files/108711/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="count-per-day">
<vulnerability>
<title>Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability</title>
<references>
<exploitdb>24859</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.2.3 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/115904/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.1.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/114787/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day plugin &lt;= 3.1.1 Multiple Vulnerabilities</title>
<references>
<exploitdb>18355</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Count per Day plugin &lt;= 2.17 SQL Injection Vulnerability</title>
<references>
<exploitdb>17857</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-autoyoutube">
<vulnerability>
<title>WP-AutoYoutube plugin &lt;= 0.1 Blind SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploits/17368</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="age-verification">
<vulnerability>
<title>Age Verification plugin &lt;= 0.4 Open Redirect</title>
<references>
<exploitdb>18350</exploitdb>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="yousaytoo-auto-publishing-plugin">
<vulnerability>
<title>Yousaytoo Auto Publishing &lt;= 1.0 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/108470/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pay-with-tweet">
<vulnerability>
<title>Pay With Tweet plugin &lt;= 1.1 Multiple Vulnerabilities</title>
<references>
<exploitdb>18330</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-whois">
<vulnerability>
<title>Whois Search &lt;= 1.4.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/108271/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="upm-polls">
<vulnerability>
<title>BLIND SQL injection UPM-POLLS plugin 1.0.4</title>
<references>
<exploitdb>18231</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="disqus-comment-system">
<vulnerability>
<title>Disqus Comment System &lt;= 2.68 Reflected Cross-Site Scripting (XSS)</title>
<references>
<url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-recaptcha">
<vulnerability>
<title>Google reCAPTCHA &lt;= 3.1.3 Reflected XSS Vulnerability</title>
<references>
<url>http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="link-library">
<vulnerability>
<title>Link Library plugin &lt;= 5.2.1 SQL Injection</title>
<references>
<exploitdb>17887</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cevhershare">
<vulnerability>
<title>CevherShare 2.0 plugin SQL Injection Vulnerability</title>
<references>
<exploitdb>17891</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="meenews">
<vulnerability>
<title>meenews 5.1 plugin Cross-Site Scripting Vulnerabilities</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/151</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="clickdesk-live-support-chat">
<vulnerability>
<title>Click Desk Live Support Chat Cross Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/148</url>
</references>
<type>XSS</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="adminimize">
<vulnerability>
<title>adminimize 1.7.21 Cross-Site Scripting Vulnerabilities</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/135</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="advanced-text-widget">
<vulnerability>
<title>Advanced Text Widget &lt;= 2.0.0 Cross Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/133</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mm-duplicate">
<vulnerability>
<title>MM Duplicate plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17707</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-menu-creator">
<vulnerability>
<title>Menu Creator plugin &lt;= 1.1.7 SQL Injection Vulnerability</title>
<references>
<exploitdb>17689</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="allow-php-in-posts-and-pages">
<vulnerability>
<title>Allow PHP in Posts and Pages plugin &lt;= 2.0.0.RC1 SQL Injection Vulnerability</title>
<references>
<exploitdb>17688</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="global-content-blocks">
<vulnerability>
<title>Global Content Blocks plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17687</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ajaxgallery">
<vulnerability>
<title>Ajax Gallery plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17686</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-ds-faq">
<vulnerability>
<title>WP DS FAQ plugin &lt;= 1.3.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17683</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="odihost-newsletter-plugin">
<vulnerability>
<title>OdiHost Newsletter plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17681</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="easy-contact-form-lite">
<vulnerability>
<title>Easy Contact Form Lite plugin &lt;= 1.0.7 SQL Injection Vulnerability</title>
<references>
<exploitdb>17680</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-symposium">
<vulnerability>
<title>WP Symposium plugin &lt;= 0.64 SQL Injection Vulnerability</title>
<references>
<exploitdb>17679</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Symposium plugin &lt;= 12.12 Multiple SQL Injection Vulnerabilities</title>
<references>
<secunia>50674</secunia>
<url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress WP Symposium Plugin &quot;u&quot; XSS</title>
<references>
<secunia>52864</secunia>
</references>
<type>XSS</type>
<fixed_in>13.04</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress WP Symposium Plugin &quot;u&quot; Redirection Weakness</title>
<references>
<secunia>52925</secunia>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="file-groups">
<vulnerability>
<title>File Groups plugin &lt;= 1.1.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17677</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ip-logger">
<vulnerability>
<title>IP-Logger plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17673</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="beer-recipes">
<vulnerability>
<title>Beer Recipes v.1.0 XSS</title>
<references>
<exploitdb>17453</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="is-human">
<vulnerability>
<title>Is-human &lt;=1.4.2 Remote Command Execution Vulnerability</title>
<references>
<exploitdb>17299</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="editormonkey">
<vulnerability>
<title>EditorMonkey plugin (FCKeditor) Arbitrary File Upload</title>
<references>
<exploitdb>17284</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="sermon-browser">
<vulnerability>
<title>SermonBrowser 0.43 SQL Injection</title>
<references>
<exploitdb>17214</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ajax-category-dropdown">
<vulnerability>
<title>Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities</title>
<references>
<exploitdb>17207</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-custom-pages">
<vulnerability>
<title>WP Custom Pages 0.5.0.1 LFI Vulnerability</title>
<references>
<exploitdb>17119</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="flash-album-gallery">
<vulnerability>
<title>WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities</title>
<references>
<secunia>51100</secunia>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities</title>
<references>
<url>http://packetstormsecurity.com/files/117665/</url>
<url>http://www.waraxe.us/advisory-94.html</url>
<secunia>51601</secunia>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities</title>
<references>
<exploitdb>16947</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery &lt;= 1.56 XSS Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/186</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery &lt;= 1.71 XSS Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/112704/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability</title>
<references>
<secunia>53356</secunia>
</references>
<type>SQLI</type>
<fixed_in>2.56</fixed_in>
</vulnerability>
<vulnerability>
<title>GRAND FlAGallery Plugin "s" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53111</secunia>
<osvdb>93714</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.72</fixed_in>
</vulnerability>
</plugin>
<plugin name="php_speedy_wp">
<vulnerability>
<title>PHP Speedy &lt;= 0.5.2 (admin_container.php) Remote Code Exec Exploit</title>
<references>
<exploitdb>16273</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="old-post-spinner">
<vulnerability>
<title>OPS Old Post Spinner 2.2.1 LFI Vulnerability</title>
<references>
<exploitdb>16251</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="jquery-mega-menu">
<vulnerability>
<title>jQuery Mega Menu 1.0 Local File Inclusion</title>
<references>
<exploitdb>16250</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="iwant-one-ihave-one">
<vulnerability>
<title>IWantOneButton 3.0.1 Multiple Vulnerabilities</title>
<references>
<exploitdb>16236</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="forum-server">
<vulnerability>
<title>WP Forum Server 1.6.5 SQL Injection Vulnerability</title>
<references>
<exploitdb>16235</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server plugin &lt;= 1.7 SQL Injection Vulnerability</title>
<references>
<exploitdb>17828</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server plugin &lt;= 1.7.3 SQL Injection / XSS Vulnerabilities</title>
<references>
<url>http://packetstormsecurity.com/files/112703/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="relevanssi">
<vulnerability>
<title>Relevanssi 2.7.2 Stored XSS Vulnerability</title>
<references>
<exploitdb>16233</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="gigpress">
<vulnerability>
<title>GigPress 2.1.10 Stored XSS Vulnerability</title>
<references>
<exploitdb>16232</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="comment-rating">
<vulnerability>
<title>WordPress Comment Rating 2.9.32 SQL Injection / Bypass</title>
<references>
<url>http://packetstormsecurity.com/files/120569/</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Comment Rating 2.9.23 Multiple Vulnerabilities</title>
<references>
<exploitdb>16221</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="z-vote">
<vulnerability>
<title>Z-Vote 1.1 SQL Injection Vulnerability</title>
<references>
<exploitdb>16218</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="user-photo">
<vulnerability>
<title>User Photo Component Remote File Upload Vulnerability</title>
<references>
<exploitdb>16181</exploitdb>
<osvdb>71071</osvdb>
</references>
<type>UPLOAD</type>
<fixed_in>0.9.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="enable-media-replace">
<vulnerability>
<title>Enable Media Replace Multiple Vulnerabilities</title>
<references>
<exploitdb>16144</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="mingle-forum">
<vulnerability>
<title>Mingle Forum &lt;= 1.0.32.1 Cross Site Scripting / SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/108915/</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.31 SQL Injection Vulnerability</title>
<references>
<exploitdb>17894</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.26 Multiple Vulnerabilities</title>
<references>
<exploitdb>15943</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.33 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112696/</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.33.3 Multiple Parameter SQL Injection</title>
<references>
<osvdb>90434</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.35 Privilege Escalation CSRF</title>
<references>
<osvdb>96905</osvdb>
<cve>2013-0736</cve>
<secunia>47687</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="accept-signups">
<vulnerability>
<title>Accept Signups 0.1 XSS</title>
<references>
<exploitdb>15808</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="events-manager-extended">
<vulnerability>
<title>Events Manager Extended Persistent XSS Vulnerability</title>
<references>
<exploitdb>14923</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="nextgen-smooth-gallery">
<vulnerability>
<title>NextGEN Smooth Gallery - Blind SQL Injection Vulnerability</title>
<references>
<exploitdb>14541</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>NextGen Smooth Gallery - XSS</title>
<references>
<url>http://packetstormsecurity.com/files/123074/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mylinksdump">
<vulnerability>
<title>myLDlinker SQL Injection Vulnerability</title>
<references>
<exploitdb>14441</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="firestats">
<vulnerability>
<title>Firestats Remote Configuration File Download</title>
<references>
<exploitdb>14308</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="simple-press">
<vulnerability>
<title>Simple:Press SQL Injection Vulnerability</title>
<references>
<exploitdb>14198</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cimy-counter">
<vulnerability>
<title>Vulnerabilities in Cimy Counter for WordPress</title>
<references>
<exploitdb>14057</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="nextgen-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
<secunia>51271</secunia>
</references>
<type>XSS</type>
<fixed_in>1.9.8</fixed_in>
</vulnerability>
<vulnerability>
<title>XSS in NextGEN Gallery &lt;= 1.5.1</title>
<references>
<exploitdb>12098</exploitdb>
</references>
<type>XSS</type>
<fixed_in>1.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>swfupload.swf Multiple Cross Site Scripting Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/60433</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery 1.9.12 Arbitrary File Upload</title>
<references>
<url>http://wordpress.org/plugins/nextgen-gallery/changelog/</url>
<osvdb>94232</osvdb>
<cve>2013-3684</cve>
</references>
<type>UPLOAD</type>
<fixed_in>1.9.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="cpl">
<vulnerability>
<title>Copperleaf Photolog SQL injection</title>
<references>
<exploitdb>11458</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="events-calendar">
<vulnerability>
<title>Events SQL Injection Vulnerability</title>
<references>
<exploitdb>10929</exploitdb>
<osvdb>95677</osvdb>
</references>
<type>SQLI</type>
<fixed_in>6.7.10</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Events Calendar wp-admin/admin.php EC_id Parameter XSS</title>
<references>
<osvdb>74705</osvdb>
</references>
<type>XSS</type>
<fixed_in>6.7.12a</fixed_in>
</vulnerability>
</plugin>
<plugin name="ImageManager">
<vulnerability>
<title>Image Manager Plugins Shell Upload Vulnerability</title>
<references>
<exploitdb>10325</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-cumulus">
<vulnerability>
<title>Vulnerabilities in WP-Cumulus &lt;= 1.20 for WordPress</title>
<references>
<exploitdb>10228</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WP-Cumulus Cross Site Scripting Vulnerabily</title>
<references>
<url>http://seclists.org/fulldisclosure/2011/Nov/340</url>
</references>
<type>XSS</type>
<fixed_in>1.23</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-syntax">
<vulnerability>
<title>WP-Syntax &lt;= 0.9.1 Remote Command Execution</title>
<references>
<exploitdb>9431</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="my-category-order">
<vulnerability>
<title>My Category Order &lt;= 2.8 SQL Injection Vulnerability</title>
<references>
<exploitdb>9150</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="related-sites">
<vulnerability>
<title>Related Sites 2.1 Blind SQL Injection Vulnerability</title>
<references>
<exploitdb>9054</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dm-albums">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>DM Albums 1.9.2 Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>9048</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>DM Albums 1.9.2 Remote File Inclusion Vuln</title>
<references>
<exploitdb>9043</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="photoracer">
<vulnerability>
<title>Photoracer 1.0 (id) SQL Injection Vulnerability</title>
<references>
<exploitdb>8961</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Photoracer plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17720</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Photoracer plugin &lt;= 1.0 Multiple Vulnerabilities</title>
<references>
<exploitdb>17731</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-lytebox">
<vulnerability>
<title>Lytebox (wp-lytebox) Local File Inclusion Vulnerability</title>
<references>
<exploitdb>8791</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="fmoblog">
<vulnerability>
<title>fMoblog 2.1 (id) SQL Injection Vulnerability</title>
<references>
<exploitdb>8229</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="page-flip-image-gallery">
<vulnerability>
<title>Page Flip Image Gallery &lt;= 0.2.2 Remote FD Vuln</title>
<references>
<osvdb>50902</osvdb>
<cve>2008-5752</cve>
<exploitdb>7543</exploitdb>
<secunia>33274</secunia>
<url>http://www.securityfocus.com/bid/32966</url>
<url>http://xforce.iss.net/xforce/xfdb/47568</url>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="wp-shopping-cart">
<vulnerability>
<title>e-Commerce &lt;= 3.4 Arbitrary File Upload Exploit</title>
<references>
<exploitdb>6867</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="downloads-manager">
<vulnerability>
<title>Download Manager 0.2 Arbitrary File Upload Exploit</title>
<references>
<exploitdb>6127</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wpSS">
<vulnerability>
<title>Spreadsheet &lt;= 0.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>5486</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-download">
<vulnerability>
<title>Download (dl_id) SQL Injection Vulnerability</title>
<references>
<exploitdb>5326</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sniplets">
<vulnerability>
<title>Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities</title>
<references>
<exploitdb>5194</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-photo-album">
<vulnerability>
<title>Photo album Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5135</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sf-forum">
<vulnerability>
<title>Simple Forum 2.0-2.1 SQL Injection Vulnerability</title>
<references>
<exploitdb>5126</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Simple Forum 1.10-1.11 SQL Injection Vulnerability</title>
<references>
<exploitdb>5127</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="st_newsletter">
<vulnerability>
<title>st_newsletter Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5053</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>st_newsletter (stnl_iframe.php) SQL Injection Vuln</title>
<references>
<exploitdb>6777</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wordspew">
<vulnerability>
<title>Wordspew Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5039</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dmsguestbook">
<vulnerability>
<title>dmsguestbook 1.7.0 Multiple Remote Vulnerabilities</title>
<references>
<exploitdb>5035</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wassup">
<vulnerability>
<title>WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit</title>
<references>
<exploitdb>5017</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-adserve">
<vulnerability>
<title>Adserve 0.2 adclick.php SQL Injection Exploit</title>
<references>
<exploitdb>5013</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="fgallery">
<vulnerability>
<title>fGallery 2.4.1 - fimrss.php SQL Injection Vulnerability</title>
<references>
<exploitdb>4993</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-cal">
<vulnerability>
<title>WP-Cal 0.3 editevent.php SQL Injection Vulnerability</title>
<references>
<exploitdb>4992</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wpforum">
<vulnerability>
<title>plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>4939</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>7738</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-filemanager">
<vulnerability>
<title>wp-FileManager 1.2 - Remote Upload Vulnerability</title>
<references>
<exploitdb>4844</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>wp-FileManager 1.3.0 - File Download Vulnerability</title>
<references>
<secunia>53421</secunia>
<exploitdb>25440</exploitdb>
<osvdb>93446</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="pictpress">
<vulnerability>
<title>PictPress &lt;= 0.91 Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>4695</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="backupwordpress">
<vulnerability>
<title>BackUp &lt;= 0.4.2b RFI Vulnerability</title>
<references>
<exploitdb>4593</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="myflash">
<vulnerability>
<title>plugin myflash &lt;= 1.00 (wppath) RFI Vulnerability</title>
<references>
<exploitdb>3828</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wordtube">
<vulnerability>
<title>plugin wordTube &lt;= 1.43 (wpPATH) RFI Vulnerability</title>
<references>
<exploitdb>3825</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wp-table">
<vulnerability>
<title>plugin wp-Table &lt;= 1.43 (inc_dir) RFI Vulnerability</title>
<references>
<exploitdb>3824</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="mygallery">
<vulnerability>
<title>myGallery &lt;= 1.4b4 Remote File Inclusion Vulnerability</title>
<references>
<exploitdb>3814</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="sendit">
<vulnerability>
<title>SendIt plugin &lt;= 1.5.9 Blind SQL Injection Vulnerability</title>
<references>
<exploitdb>17716</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="js-appointment">
<vulnerability>
<title>Js-appointment plugin &lt;= 1.5 SQL Injection Vulnerability</title>
<references>
<exploitdb>17724</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mm-forms-community">
<vulnerability>
<title>MM Forms Community &lt;= 1.2.3 SQL Injection Vulnerability</title>
<references>
<exploitdb>17725</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>MM Forms Community 2.2.6 Arbitrary File Upload</title>
<references>
<exploitdb>18997</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="super-captcha">
<vulnerability>
<title>Super CAPTCHA plugin &lt;= 2.2.4 SQL Injection Vulnerability</title>
<references>
<exploitdb>17728</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="collision-testimonials">
<vulnerability>
<title>Collision Testimonials plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17729</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="oqey-headers">
<vulnerability>
<title>Oqey Headers plugin &lt;= 0.3 SQL Injection Vulnerability</title>
<references>
<exploitdb>17730</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="fbpromotions">
<vulnerability>
<title>Facebook Promotions plugin &lt;= 1.3.3 SQL Injection Vulnerability</title>
<references>
<exploitdb>17737</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="evarisk">
<vulnerability>
<title>Evarisk plugin &lt;= 5.1.3.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17738</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Evarisk 5.1.5.4 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/113638/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="profiles">
<vulnerability>
<title>Profiles plugin &lt;= 2.0 RC1 SQL Injection Vulnerability</title>
<references>
<exploitdb>17739</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mystat">
<vulnerability>
<title>mySTAT plugin &lt;= 2.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17740</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sh-slideshow">
<vulnerability>
<title>SH Slideshow plugin &lt;= 3.1.4 SQL Injection Vulnerability</title>
<references>
<exploitdb>17748</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="copyright-licensing-tools">
<vulnerability>
<title>iCopyright(R) Article Tools plugin &lt;= 1.1.4 SQL Injection Vulnerability</title>
<references>
<exploitdb>17749</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="advertizer">
<vulnerability>
<title>Advertizer plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17750</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="event-registration">
<vulnerability>
<title>Event Registration plugin &lt;= 5.44 SQL Injection Vulnerability</title>
<references>
<exploitdb>17814</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Event Registration plugin &lt;= 5.43 SQL Injection Vulnerability</title>
<references>
<exploitdb>17751</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Event Registration 5.32 SQL Injection Vulnerability</title>
<references>
<exploitdb>15513</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="crawlrate-tracker">
<vulnerability>
<title>Craw Rate Tracker plugin &lt;= 2.0.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17755</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-audio-gallery-playlist">
<vulnerability>
<title>wp audio gallery playlist plugin &lt;= 0.12 SQL Injection Vulnerability</title>
<references>
<exploitdb>17756</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="yolink-search">
<vulnerability>
<title>WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>52030</secunia>
</references>
<type>XSS</type>
<fixed_in>2.6</fixed_in>
</vulnerability>
<vulnerability>
<title>yolink Search plugin &lt;= 1.1.4 SQL Injection Vulnerability</title>
<references>
<exploitdb>17757</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="pure-html">
<vulnerability>
<title>PureHTML plugin &lt;= 1.0.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17758</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="couponer">
<vulnerability>
<title>Couponer plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17759</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="grapefile">
<vulnerability>
<title>grapefile plugin &lt;= 1.1 Arbitrary File Upload</title>
<references>
<exploitdb>17760</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="image-gallery-with-slideshow">
<vulnerability>
<title>image-gallery-with-slideshow plugin &lt;= 1.5 Arbitrary File Upload / SQL Injection</title>
<references>
<exploitdb>17761</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg">
<vulnerability>
<title>Donation plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17763</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-bannerize">
<vulnerability>
<title>WP Bannerize plugin &lt;= 2.8.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17764</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Bannerize plugin &lt;= 2.8.7 SQL Injection Vulnerability</title>
<references>
<exploitdb>17906</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="search-autocomplete">
<vulnerability>
<title>SearchAutocomplete plugin &lt;= 1.0.8 SQL Injection Vulnerability</title>
<references>
<exploitdb>17767</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="videowhisper-video-presentation">
<vulnerability>
<title>VideoWhisper Video Presentation plugin &lt;= 1.1 SQL Injection Vulnerability</title>
<references>
<exploitdb>17771</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/53851</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="facebook-opengraph-meta-plugin">
<vulnerability>
<title>Facebook Opengraph Meta plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17773</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="zotpress">
<vulnerability>
<title>Zotpress plugin &lt;= 4.4 SQL Injection Vulnerability</title>
<references>
<exploitdb>17778</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="oqey-gallery">
<vulnerability>
<title>oQey Gallery plugin &lt;= 0.4.8 SQL Injection Vulnerability</title>
<references>
<exploitdb>17779</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="tweet-old-post">
<vulnerability>
<title>Tweet Old Post plugin &lt;= 3.2.5 SQL Injection Vulnerability</title>
<references>
<exploitdb>17789</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="post-highlights">
<vulnerability>
<title>post highlights plugin &lt;= 2.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17790</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="knr-author-list-widget">
<vulnerability>
<title>KNR Author List Widget plugin &lt;= 2.0.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17791</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="scormcloud">
<vulnerability>
<title>SCORM Cloud plugin &lt;= 1.0.6.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17793</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="eventify">
<vulnerability>
<title>Eventify - Simple Events plugin &lt;= 1.7.f SQL Injection Vulnerability</title>
<references>
<exploitdb>17794</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="paid-downloads">
<vulnerability>
<title>Paid Downloads plugin &lt;= 2.01 SQL Injection Vulnerability</title>
<references>
<exploitdb>17797</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="community-events">
<vulnerability>
<title>Community Events plugin &lt;= 1.2.1 SQL Injection Vulnerability</title>
<references>
<exploitdb>17798</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="1-flash-gallery">
<vulnerability>
<title>1-flash-gallery &lt;= 1.9.0 XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>1 Flash Gallery Arbiraty File Upload Exploit (MSF)</title>
<references>
<exploitdb>17801</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-filebase">
<vulnerability>
<title>WP-Filebase Download Manager plugin &lt;= 0.2.9 SQL Injection Vulnerability</title>
<references>
<exploitdb>17808</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress WP-Filebase Plugin Unspecified Vulnerabilities</title>
<references>
<secunia>51269</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>0.2.9.25</fixed_in>
</vulnerability>
</plugin>
<plugin name="a-to-z-category-listing">
<vulnerability>
<title>A to Z Category Listing plugin &lt;= 1.3 SQL Injection Vulnerability</title>
<references>
<exploitdb>17809</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce">
<vulnerability>
<title>WP e-Commerce plugin &lt;= 3.8.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17832</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP-e-Commerce plugin v3.8.9.5 Cross Site Scripting Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20517</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="filedownload">
<vulnerability>
<title>Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>17858</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="thecartpress">
<vulnerability>
<title>TheCartPress &lt;= 1.6 Cross Site Sripting</title>
<references>
<url>http://packetstormsecurity.com/files/108272/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>TheCartPress 1.1.1 Remote File Inclusion</title>
<references>
<exploitdb>17860</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wpeasystats">
<vulnerability>
<title>WPEasyStats 1.8 Remote File Inclusion</title>
<references>
<exploitdb>17862</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="annonces">
<vulnerability>
<title>Annonces 1.2.0.0 Remote File Inclusion</title>
<references>
<exploitdb>17863</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="livesig">
<vulnerability>
<title>Livesig 0.4 Remote File Inclusion</title>
<references>
<exploitdb>17864</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="disclosure-policy-plugin">
<vulnerability>
<title>Disclosure Policy 1.0 Remote File Inclusion</title>
<references>
<exploitdb>17865</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="mailz">
<vulnerability>
<title>Mailing List 1.3.2 Remote File Inclusion</title>
<references>
<exploitdb>17866</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Mailing List Arbitrary file download</title>
<references>
<exploitdb>18276</exploitdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="g-web-shop">
<vulnerability>
<title>Zingiri Web Shop 2.2.0 Remote File Inclusion</title>
<references>
<exploitdb>17867</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.2.3 Remote Code Execution</title>
<references>
<exploitdb>18111</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="mini-mail-dashboard-widget">
<vulnerability>
<title>Mini Mail Dashboard Widget 1.36 Remote File Inclusion</title>
<references>
<exploitdb>17868</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Mini Mail Dashboard Widget 1.42 Stored XSS</title>
<references>
<exploitdb>20358</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="relocate-upload">
<vulnerability>
<title>Relocate Upload 0.14 Remote File Inclusion</title>
<references>
<exploitdb>17869</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="category-grid-view-gallery">
<vulnerability>
<title>Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Category Grid View Gallery CatGridPost.php ID Parameter XSS</title>
<references>
<osvdb>94805</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="auto-attachments">
<vulnerability>
<title>Auto Attachments plugin 0.2.9 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-marketplace">
<vulnerability>
<title>WP Marketplace plugin 1.1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="dp-thumbnail">
<vulnerability>
<title>DP Thumbnail plugin 1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="vk-gallery">
<vulnerability>
<title>Vk Gallery plugin 1.1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="rekt-slideshow">
<vulnerability>
<title>Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cac-featured-content">
<vulnerability>
<title>CAC Featured Content plugin 0.8 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="rent-a-car">
<vulnerability>
<title>Rent A Car plugin 1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lisl-last-image-slider">
<vulnerability>
<title>LISL Last Image Slider plugin 1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="islidex">
<vulnerability>
<title>Islidex plugin 2.7 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="kino-gallery">
<vulnerability>
<title>Kino Gallery plugin 1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cms-pack-cache">
<vulnerability>
<title>Cms Pack plugin 1.3 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="a-gallery">
<vulnerability>
<title>A Gallery plugin 0.9 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="category-list-portfolio-page">
<vulnerability>
<title>Category List Portfolio Page plugin 0.9 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="really-easy-slider">
<vulnerability>
<title>Really Easy Slider plugin 0.1 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="verve-meta-boxes">
<vulnerability>
<title>Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="user-avatar">
<vulnerability>
<title>User Avatar plugin 1.3.7 shell upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="extend-wordpress">
<vulnerability>
<title>Extend plugin 1.3.7 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="adrotate">
<vulnerability>
<title>AdRotate plugin &lt;= 3.6.5 SQL Injection Vulnerability</title>
<references>
<url>http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>AdRotate plugin &lt;= 3.6.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>18114</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-spamfree">
<vulnerability>
<title>WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability</title>
<references>
<exploitdb>17970</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="gd-star-rating">
<vulnerability>
<title>WordPress GD Star Rating Plugin Export Security Bypass Security Issue</title>
<references>
<secunia>49850</secunia>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.9.19</fixed_in>
</vulnerability>
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.16 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/112702/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.10 SQL Injection</title>
<references>
<exploitdb>17973</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="contact-form-wordpress">
<vulnerability>
<title>Contact Form plugin &lt;= 2.7.5 SQL Injection</title>
<references>
<exploitdb>17980</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-photo-album-plus">
<vulnerability>
<title>WP Photo Album Plus &lt;= 4.1.1 SQL Injection</title>
<references>
<exploitdb>17983</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus &lt;= 4.8.12 wp-photo-album-plus.php wppa-searchstring XSS</title>
<references>
<osvdb>88851</osvdb>
<secunia>51669</secunia>
<secunia>51679</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20125</url>
</references>
<type>FPD</type>
<fixed_in>4.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus index.php wppa-tag Parameter XSS</title>
<references>
<osvdb>89165</osvdb>
<secunia>51829</secunia>
</references>
<type>XSS</type>
<fixed_in>4.9.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability</title>
<references>
<osvdb>93033</osvdb>
<cve>2013-3254</cve>
<secunia>53105</secunia>
</references>
<type>XSS</type>
<fixed_in>5.0.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS</title>
<references>
<osvdb>94465</osvdb>
<secunia>53915</secunia>
</references>
<type>XSS</type>
<fixed_in>5.0.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="backwpup">
<vulnerability>
<title>BackWPUp 2.1.4 - Code Execution</title>
<references>
<exploitdb>17987</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>plugin BackWPup 1.5.2, 1.6.1, 1.7.1 - Remote and Local Code Execution Vulnerability</title>
<references>
<osvdb>71481</osvdb>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>BackWPup 3.0.12 - wp-admin/admin.php tab Parameter XSS</title>
<references>
<cve>2013-4626</cve>
<url>https://www.htbridge.com/advisory/HTB23161</url>
<osvdb>96505</osvdb>
<secunia>54515</secunia>
<url>http://packetstormsecurity.com/files/122916/</url>
</references>
<type>XSS</type>
<fixed_in>3.0.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="portable-phpmyadmin">
<vulnerability>
<title>portable-phpMyAdmin Authentication Bypass</title>
<references>
<osvdb>88391</osvdb>
<cve>2012-5469</cve>
<exploitdb>23356</exploitdb>
<secunia>51520</secunia>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="super-refer-a-friend">
<vulnerability>
<title>super-refer-a-friend Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20126</url>
</references>
<type>FPD</type>
<fixed_in>1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="w3-total-cache">
<vulnerability>
<title>W3 Total Cache - Username and Hash Extract</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Dec/242</url>
<url>https://github.com/FireFart/W3TotalCacheExploit</url>
<metasploit>auxiliary/gather/wp_w3_total_cache_hash_extract</metasploit>
</references>
<type>UNKNOWN</type>
<fixed_in>0.9.2.5</fixed_in>
</vulnerability>
<vulnerability>
<title>W3 Total Cache - Remote Code Execution</title>
<references>
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
<url>http://wordpress.org/support/topic/pwn3d</url>
<url>
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
</url>
<metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
</references>
<type>RCE</type>
<fixed_in>0.9.2.9</fixed_in>
</vulnerability>
<vulnerability>
<title>W3 Total Cache 0.9.2.9 - PHP Code Execution</title>
<references>
<exploitdb>25137</exploitdb>
<cve>2013-2010</cve>
<osvdb>92652</osvdb>
<secunia>53052</secunia>
</references>
</vulnerability>
</plugin>
<plugin name="wp-super-cache">
<vulnerability>
<title>WP-Super-Cache Remote Code Execution</title>
<references>
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
<url>http://wordpress.org/support/topic/pwn3d</url>
<url>
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
</url>
</references>
<type>RCE</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="ripe-hd-player">
<vulnerability>
<title>ripe-hd-player 1.0 SQL Injection</title>
<references>
<exploitdb>24229</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>ripe-hd-player 1.0 Full Path Disclosure</title>
<references>
<exploitdb>24229</exploitdb>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="floating-tweets">
<vulnerability>
<title>floating-tweets persistent XSS</title>
<references>
<url>http://packetstormsecurity.com/files/119499/</url>
<url>http://websecurity.com.ua/6023/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>floating-tweets directory traversal</title>
<references>
<url>http://packetstormsecurity.com/files/119499/</url>
<url>http://websecurity.com.ua/6023/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="ipfeuilledechou">
<vulnerability>
<title>ipfeuilledechou SQL Injection Vulnerability</title>
<references>
<url>http://www.exploit4arab.com/exploits/377</url>
<url>http://1337day.com/exploits/20206</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="simple-login-log">
<vulnerability>
<title>Simple Login Log Plugin XSS</title>
<references>
<secunia>51780</secunia>
</references>
<type>XSS</type>
<fixed_in>0.9.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Simple Login Log Plugin SQL Injection</title>
<references>
<secunia>51780</secunia>
</references>
<type>SQLI</type>
<fixed_in>0.9.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-slimstat">
<vulnerability>
<title>wp-slimstat XSS</title>
<references>
<secunia>51721</secunia>
</references>
<type>XSS</type>
<fixed_in>2.8.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-slimstat-ex">
<vulnerability>
<title>SlimStat-Ex - Open Flash Chart Arbitrary File Creation Vulnerability</title>
<references>
<secunia>55160</secunia>
<url>http://packetstormsecurity.com/files/123494/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="browser-rejector">
<vulnerability>
<title>browser-rejector Remote and Local File Inclusion</title>
<references>
<secunia>51739</secunia>
</references>
<type>LFI</type>
<fixed_in>2.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-file-uploader">
<vulnerability>
<title>WordPress File Uploader Plugin PHP File Upload Vulnerability</title>
<references>
<url>http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cardoza-wordpress-poll">
<vulnerability>
<title>WordPress Poll Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51925</secunia>
</references>
<type>CSRF</type>
<fixed_in>34.06</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin</title>
<references>
<secunia>51942</secunia>
<url>http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html</url>
<url>http://seclists.org/bugtraq/2013/Jan/86</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress Poll Plugin Multiple SQL Injection Vulnerabilities</title>
<references>
<secunia>50910</secunia>
</references>
<type>SQLI</type>
<fixed_in>33.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="devformatter">
<vulnerability>
<title>Wordpress Developer Formatter CSRF and XSS Vulnerability</title>
<references>
<url>http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt</url>
<url>http://1337day.com/exploits/20210</url>
<secunia>51912</secunia>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="dvs-custom-notification">
<vulnerability>
<title>WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51531</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="events-manager">
<vulnerability>
<title>Events Manager 5.3.3 - Multiple XSS Vulnerabilities</title>
<references>
<secunia>51869</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.3.8 - Multiple XSS Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/60078</url>
<secunia>53478</secunia>
<osvdb>93558</osvdb>
</references>
<type>XSS</type>
<fixed_in>5.3.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabilities</title>
<references>
<osvdb>98198</osvdb>
<secunia>55182</secunia>
</references>
<type>XSS</type>
<fixed_in>5.5.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="solvemedia">
<vulnerability>
<title>SolveMedia 1.1.0 - CSRF Vulnerability</title>
<references>
<exploitdb>24364</exploitdb>
<osvdb>89585</osvdb>
<url>http://1337day.com/exploit/20222</url>
<secunia>51927</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="usc-e-shop">
<vulnerability>
<title>WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities</title>
<references>
<secunia>51581</secunia>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="knews">
<vulnerability>
<title>WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51543</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="video-lead-form">
<vulnerability>
<title>WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51419</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="woocommerce-predictive-search">
<vulnerability>
<title>WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51385</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="woocommerce">
<vulnerability>
<title>WooCommerce index.php calc_shipping_state Parameter XSS</title>
<references>
<osvdb>95480</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.0.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce-predictive-search">
<vulnerability>
<title>WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51384</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-tiger">
<vulnerability>
<title>WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability</title>
<references>
<secunia>51305</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-postviews">
<vulnerability>
<title>WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50982</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53127</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.63</fixed_in>
</vulnerability>
</plugin>
<plugin name="dx-contribute">
<vulnerability>
<title>WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51082</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wysija-newsletters">
<vulnerability>
<title>SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin</title>
<references>
<url>https://www.htbridge.com/advisory/HTB23140</url>
<url>http://packetstormsecurity.com/files/120089/</url>
<url>http://seclists.org/bugtraq/2013/Feb/29</url>
<url>http://cxsecurity.com/issue/WLB-2013020039</url>
</references>
<type>SQLI</type>
<fixed_in>2.2.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51249</secunia>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
<fixed_in>2.1.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="hitasoft_player">
<vulnerability>
<title>WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability</title>
<references>
<secunia>51179</secunia>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="spider-calendar">
<vulnerability>
<title>Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50981</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Spider Calendar 1.3.0 - Multiple Vulnerabilities</title>
<references>
<exploitdb>25723</exploitdb>
<osvdb>93584</osvdb>
<secunia>53481</secunia>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="dynamic-font-replacement-4wp">
<vulnerability>
<title>Wordpress Dynamic Font Replacement 1.3 plugin SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20239</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="form">
<vulnerability>
<title>WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50983</secunia>
</references>
<type>XSS</type>
<fixed_in>1.2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="white-label-cms">
<vulnerability>
<title>WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>50487</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.5.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="download-shortcode">
<vulnerability>
<title>Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability</title>
<references>
<secunia>50924</secunia>
</references>
<type>LFI</type>
<fixed_in>0.2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="eshop-magic">
<vulnerability>
<title>WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability</title>
<references>
<secunia>50933</secunia>
</references>
<type>LFI</type>
<fixed_in>0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="pinterest-pin-it-button">
<vulnerability>
<title>WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities</title>
<references>
<secunia>50868</secunia>
</references>
<type>MULTI</type>
<fixed_in>1.4.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="css-plus">
<vulnerability>
<title>WordPress CSS Plus Plugin Unspecified Vulnerabilities</title>
<references>
<secunia>50793</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="multisite-plugin-manager">
<vulnerability>
<title>WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities</title>
<references>
<secunia>50762</secunia>
</references>
<type>XSS</type>
<fixed_in>3.1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="abc-test">
<vulnerability>
<title>WordPress ABC Test Plugin "id" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50608</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="token-manager">
<vulnerability>
<title>Wordpress Token Manager Plugin "tid" Cross-Site Scripting Vulnerabilities</title>
<references>
<secunia>50722</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sexy-add-template">
<vulnerability>
<title>WordPress Sexy Add Template Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>50709</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="notices">
<vulnerability>
<title>WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>50717</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mf-gig-calendar">
<vulnerability>
<title>WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50571</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-topbar">
<vulnerability>
<title>wp-topbar &lt;= 3.04 XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>50693</secunia>
</references>
<type>CSRF</type>
<fixed_in>4.0.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="webplayer">
<vulnerability>
<title>WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities</title>
<references>
<secunia>50466</secunia>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cloudsafe365-for-wp">
<vulnerability>
<title>WordPress Cloudsafe365 Plugin Multiple Vulnerabilities</title>
<references>
<secunia>50392</secunia>
</references>
<type>MULTI</type>
<fixed_in>1.47</fixed_in>
</vulnerability>
</plugin>
<plugin name="vitamin">
<vulnerability>
<title>WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities</title>
<references>
<secunia>50176</secunia>
</references>
<type>LFI</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="featured-post-with-thumbnail">
<vulnerability>
<title>WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability</title>
<references>
<secunia>50161</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-effective-lead-management">
<vulnerability>
<title>WordPress WP Lead Management Plugin Script Insertion Vulnerabilities</title>
<references>
<secunia>50166</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xve-various-embed">
<vulnerability>
<title>WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities
</title>
<references>
<secunia>50173</secunia>
</references>
<type>XSS</type>
<fixed_in>1.0.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="g-lock-double-opt-in-manager">
<vulnerability>
<title>WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities</title>
<references>
<secunia>50100</secunia>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="kau-boys-backend-localization">
<vulnerability>
<title>WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities</title>
<references>
<secunia>50099</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="flexi-quote-rotator">
<vulnerability>
<title>WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities</title>
<references>
<secunia>49910</secunia>
</references>
<type>MULTI</type>
<fixed_in>0.9.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="gotmls">
<vulnerability>
<title>WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50030</secunia>
</references>
<type>XSS</type>
<fixed_in>1.2.07.20</fixed_in>
</vulnerability>
</plugin>
<plugin name="cimy-user-extra-fields">
<vulnerability>
<title>WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability</title>
<references>
<secunia>49975</secunia>
</references>
<type>UPLOAD</type>
<fixed_in>2.3.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="nmedia-user-file-uploader">
<vulnerability>
<title>WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability</title>
<references>
<secunia>49996</secunia>
</references>
<type>UPLOAD</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-explorer-gallery">
<vulnerability>
<title>wp-explorer-gallery Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20251</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="accordion">
<vulnerability>
<title>accordion Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20254</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-catpro">
<vulnerability>
<title>wp-catpro Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20256</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="RLSWordPressSearch">
<vulnerability>
<title>Wordpress RLSWordPressSearch plugin SQL Injection</title>
<references>
<exploitdb>24440</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wordpress-simple-shout-box">
<vulnerability>
<title>wordpress-simple-shout-box Plugin SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013010235</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="portfolio-slideshow-pro">
<vulnerability>
<title>Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013010236</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="simple-history">
<vulnerability>
<title>WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness</title>
<references>
<secunia>51998</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.0.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="p1m-media-manager">
<vulnerability>
<title>WordPress p1m media manager plugin SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20270</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-table-reloaded">
<vulnerability>
<title>wp-table-reloaded &lt;= 1.9.3 XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Wordpress wp-table-reloaded plugin cross-site scripting in SWF</title>
<references>
<url>http://packetstormsecurity.com/files/119968/</url>
<secunia>52027</secunia>
<url>http://seclists.org/bugtraq/2013/Feb/28</url>
</references>
<type>XSS</type>
<fixed_in>1.9.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-gallery">
<vulnerability>
<title>WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability</title>
<references>
<secunia>51347</secunia>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="forumconverter">
<vulnerability>
<title>Wordpress plugins ForumConverter SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20275</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="newsletter">
<vulnerability>
<title>WordPress plugins Newsletter SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20287</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress Newsletter Plugin "alert" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53398</secunia>
<url>http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php</url>
</references>
<type>XSS</type>
<fixed_in>3.2.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="commentluv">
<vulnerability>
<title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin</title>
<references>
<url>https://www.htbridge.com/advisory/HTB23138</url>
<url>http://packetstormsecurity.com/files/120090/</url>
<url>http://seclists.org/bugtraq/2013/Feb/30</url>
<url>http://cxsecurity.com/issue/WLB-2013020040</url>
<secunia>52092</secunia>
</references>
<type>XSS</type>
<fixed_in>2.92.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-forum">
<vulnerability>
<title>Wordpress wp-forum plugin SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013020035</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-ecommerce-shop-styling">
<vulnerability>
<title>WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability</title>
<references>
<secunia>51707</secunia>
</references>
<type>RFI</type>
<fixed_in>1.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="audio-player">
<vulnerability>
<title>Wordpress Audio Player Plugin XSS in SWF</title>
<references>
<url>http://seclists.org/bugtraq/2013/Feb/35</url>
<secunia>52083</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0.4.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="ckeditor-for-wordpress">
<vulnerability>
<title>Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit</title>
<references>
<url>http://1337day.com/exploit/20318</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="myftp-ftp-like-plugin-for-wordpress">
<vulnerability>
<title>wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013020061</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-online-store">
<vulnerability>
<title>WordPress WP Online Store Plugin 1.3.1 downloaded before 2013-01-17 File Disclosure and File Inclusion
Vulnerabilities
</title>
<references>
<secunia>50836</secunia>
<url>http://ceriksen.com/2013/02/18/wordpress-online-store-arbitrary-file-disclosure/</url>
<url>http://ceriksen.com/2013/02/18/wordpress-online-store-local-file-inclusion-vulnerability/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="password-protected">
<vulnerability>
<title>Password Protected 1.4 Login Process redirect_to Parameter Arbitrary Site Redirect</title>
<references>
<osvdb>90559</osvdb>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="contact-form-plugin">
<vulnerability>
<title>Contact Form Plugin XSS</title>
<references>
<osvdb>90503</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="smart-flv">
<vulnerability>
<title>smart-flv jwplayer.swf XSS</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/02/24/7</url>
<url>http://packetstormsecurity.com/files/115100/</url>
<osvdb>90606</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="GoogleAlertandtwitterplugin">
<vulnerability>
<title>Google Alert And Twitter v.3.1.5 XSS Exploit, SQL Injection</title>
<references>
<url>http://1337day.com/exploits/20433</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="php-shell">
<vulnerability>
<title>PHP Shell Plugin</title>
<references>
<url>https://github.com/wpscanteam/wpscan/issues/138</url>
<url>http://plugins.svn.wordpress.org/php-shell/trunk/shell.php</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="marekkis-watermark">
<vulnerability>
<title>Marekkis Watermark Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/120378/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="responsive-logo-slideshow">
<vulnerability>
<title>Responsive Logo Slideshow Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/120379/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="zopim-live-chat">
<vulnerability>
<title>zopim-live-chat &lt;= 1.2.5 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ed2k-link-selector">
<vulnerability>
<title>ed2k-link-selector &lt;= 1.1.7 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wppygments">
<vulnerability>
<title>wppygments &lt;= 0.3.2 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="copy-in-clipboard">
<vulnerability>
<title>copy-in-clipboard &lt;= 0.8 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="search-and-share">
<vulnerability>
<title>search-and-share &lt;= 0.9.3 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="placester">
<vulnerability>
<title>placester &lt;= 0.3.12 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="drp-coupon">
<vulnerability>
<title>drp-coupon &lt;= 2.1 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="coupon-code-plugin">
<vulnerability>
<title>coupon-code-plugin &lt;= 2.1 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="q2w3-inc-manager">
<vulnerability>
<title>q2w3-inc-manager &lt;= 2.3.1 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="scorerender">
<vulnerability>
<title>scorerender &lt;= 0.3.4 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-link-to-us">
<vulnerability>
<title>wp-link-to-us &lt;= 2.0 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="buckets">
<vulnerability>
<title>buckets &lt;= 0.1.9.2 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="java-trackback">
<vulnerability>
<title>java-trackback &lt;= 0.2 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slidedeck2">
<vulnerability>
<title>slidedeck2 &lt;= 2.1.20130228 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-clone-by-wp-academy">
<vulnerability>
<title>wp-clone-by-wp-academy &lt;= 2.1.1 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="tiny-url">
<vulnerability>
<title>tiny-url &lt;= 1.3.2 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="thethe-layout-grid">
<vulnerability>
<title>thethe-layout-grid &lt;= 1.0.0 XSS in ZeroClipboard.</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="paypal-digital-goods-monetization-powered-by-cleeng">
<vulnerability>
<title>paypal-digital-goods-monetization-powered-by-cleeng &lt;= 2.2.13 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mobileview">
<vulnerability>
<title>mobileview &lt;= 1.0.7 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="jaspreetchahals-coupons-lite">
<vulnerability>
<title>jaspreetchahals-coupons-lite &lt;= 2.1 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="geshi-source-colorer">
<vulnerability>
<title>geshi-source-colorer &lt;= 0.13 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="click-to-copy-grab-box">
<vulnerability>
<title>click-to-copy-grab-box &lt;= 0.1.1 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cleeng">
<vulnerability>
<title>cleeng &lt;= 2.3.2 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bp-code-snippets">
<vulnerability>
<title>bp-code-snippets &lt;= 2.0 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="snazzy-archives">
<vulnerability>
<title>snazzy-archives &lt;= 1.7.1 XSS vulnerability</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/3</url>
<cve>2009-4168</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="vkontakte-api">
<vulnerability>
<title>vkontakte-api XSS vulnerability</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/11/1</url>
<cve>2009-4168</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="terillion-reviews">
<vulnerability>
<title>Terillion Reviews Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/120730/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="o2s-gallery">
<vulnerability>
<title>o2s-gallery plugin Cross Site Scripting Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20516</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bp-gallery">
<vulnerability>
<title>bp-gallery plugin v1.2.5 Cross Site Scripting Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20518</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simply-poll">
<vulnerability>
<title>Simply Poll Plugin 1.4.1 - Multiple Vulnerabilities</title>
<references>
<exploitdb>24850</exploitdb>
<osvdb>91446</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="occasions">
<vulnerability>
<title>Occasions Plugin 1.0.4 - CSRF Vulnerability</title>
<references>
<exploitdb>24858</exploitdb>
<osvdb>91490</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mathjax-latex">
<vulnerability>
<title>Mathjax Latex 1.1 CSRF Vulnerability</title>
<references>
<exploitdb>24889</exploitdb>
<osvdb>91737</osvdb>
<url>http://1337day.com/exploit/20566</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wp-banners-lite">
<vulnerability>
<title>XSS vulnerability on WP-Banners-Lite</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="backupbuddy">
<vulnerability>
<title>Backupbuddy - sensitive data exposure in importbuddy.php</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Mar/206</url>
<url>http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wp-funeral-press">
<vulnerability>
<title>FuneralPress 1.1.6 - Persistent XSS</title>
<references>
<exploitdb>24914</exploitdb>
<cve>2013-3529</cve>
<osvdb>91868</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Mar/282</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="chikuncount">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="open-flash-chart-core-wordpress-plugin">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<secunia>37903</secunia>
<cve>2009-4140</cve>
</references>
<type>UPLOAD</type>
<fixed_in>0.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="spamtask">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="php-analytics">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="seo-spy-google-wordpress-plugin">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-seo-spy-google">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="podpress">
<vulnerability>
<title>podPress 8.8.10.13 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/121011/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fbsurveypro">
<vulnerability>
<title>fbsurveypro XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20623</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="timelineoptinpro">
<vulnerability>
<title>timelineoptinpro XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20620</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="kioskprox">
<vulnerability>
<title>kioskprox XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20624</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bigcontact">
<vulnerability>
<title>bigcontact SQLI</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset/689798</url>
</references>
<type>SQLI</type>
<fixed_in>1.4.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="drawblog">
<vulnerability>
<title>drawblog CSRF</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset/691178</url>
</references>
<type>CSRF</type>
<fixed_in>0.81</fixed_in>
</vulnerability>
</plugin>
<plugin name="social-media-widget">
<vulnerability>
<title>social-media-widget malicious code</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</url>
<url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
</url>
</references>
<type>UNKNOWN</type>
<fixed_in>4.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="facebook-members">
<vulnerability>
<title>facebook-members CSRF</title>
<references>
<secunia>52962</secunia>
<cve>2013-2703</cve>
</references>
<type>CSRF</type>
<fixed_in>5.0.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="foursquare-checkins">
<vulnerability>
<title>foursquare-checkins CSRF</title>
<references>
<secunia>53151</secunia>
<cve>2013-2709</cve>
</references>
<type>CSRF</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="formidable">
<vulnerability>
<title>formidable Pro Unspecified Vulnerabilities</title>
<references>
<secunia>53121</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.06.09</fixed_in>
</vulnerability>
</plugin>
<plugin name="all-in-one-webmaster">
<vulnerability>
<title>all-in-one-webmaster CSRF</title>
<references>
<secunia>52877</secunia>
<cve>2013-2696</cve>
</references>
<type>CSRF</type>
<fixed_in>8.2.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="background-music">
<vulnerability>
<title>background-music 1.0 jPlayer.swf XSS</title>
<references>
<secunia>53057</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="haiku-minimalist-audio-player">
<vulnerability>
<title>haiku-minimalist-audio-player &lt;= 1.0.0 jPlayer.swf XSS</title>
<references>
<secunia>51336</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="jammer">
<vulnerability>
<title>jammer &lt;= 0.2 jPlayer.swf XSS</title>
<references>
<secunia>53106</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="syntaxhighlighter">
<vulnerability>
<title>syntaxhighlighter clipboard.swf XSS</title>
<references>
<secunia>53235</secunia>
</references>
<type>XSS</type>
<fixed_in>3.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="top-10">
<vulnerability>
<title>top-10 CSRF</title>
<references>
<secunia>53205</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.9.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="easy-adsense-lite">
<vulnerability>
<title>easy-adsense-lite CSRF</title>
<references>
<secunia>52953</secunia>
<cve>2013-2702</cve>
</references>
<type>CSRF</type>
<fixed_in>6.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="uk-cookie">
<vulnerability>
<title>uk-cookie plugin XSS</title>
<references>
<osvdb>87561</osvdb>
<url>http://seclists.org/bugtraq/2012/Nov/50</url>
<cve>2012-5856</cve>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>uk-cookie CSRF</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/06/06/10</url>
<osvdb>94032</osvdb>
<cve>2013-2180</cve>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wp-cleanfix">
<vulnerability>
<title>wp-cleanfix Remote Command Execution, CSRF and XSS</title>
<references>
<url>https://github.com/wpscanteam/wpscan/issues/186</url>
<url>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</url>
<osvdb>93450</osvdb>
<secunia>53395</secunia>
<osvdb>93468</osvdb>
<cve>2013-2108</cve>
<cve>2013-2109</cve>
</references>
<type>MULTI</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="mail-on-update">
<vulnerability>
<title>mail-on-update plugin CSRF</title>
<references>
<secunia>53449</secunia>
<url>http://www.openwall.com/lists/oss-security/2013/05/16/8</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="advanced-xml-reader">
<vulnerability>
<title>Advanced XML Reader Plugin for WordPress XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
</title>
<references>
<url>http://seclists.org/bugtraq/2013/May/5</url>
<osvdb>92904</osvdb>
</references>
<type>XXE</type>
</vulnerability>
</plugin>
<plugin name="related-posts-by-zemanta">
<vulnerability>
<title>WordPress Related Posts by Zemanta Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53321</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-23-related-posts-plugin">
<vulnerability>
<title>WordPress WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53279</secunia>
</references>
<type>CSRF</type>
<fixed_in>2.6.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="related-posts">
<vulnerability>
<title>WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53122</secunia>
</references>
<type>CSRF</type>
<fixed_in>2.7.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-print-friendly">
<vulnerability>
<title>WordPress WP Print Friendly Plugin Security Bypass Vulnerability</title>
<references>
<secunia>53371</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>0.5.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="contextual-related-posts">
<vulnerability>
<title>WordPress Contextual Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>52960</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.8.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="calendar">
<vulnerability>
<title>WordPress Calendar Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>52841</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.3.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="feedweb">
<vulnerability>
<title>WordPress Feedweb Plugin 'wp_post_id' Parameter XSS</title>
<references>
<url>http://www.securityfocus.com/bid/58771</url>
</references>
<type>XSS</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-print">
<vulnerability>
<title>WordPress WP-Print Plugin CSRF</title>
<references>
<url>http://www.securityfocus.com/bid/58900</url>
</references>
<type>CSRF</type>
<fixed_in>2.52</fixed_in>
</vulnerability>
</plugin>
<plugin name="trafficanalyzer">
<vulnerability>
<title>WordPress WP-Print Plugin CSRF</title>
<references>
<url>http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-download-manager">
<vulnerability>
<title>WordPress WP-DownloadManager Plugin CSRF</title>
<references>
<url>http://www.securityfocus.com/bid/58937</url>
</references>
<type>CSRF</type>
<fixed_in>1.61</fixed_in>
</vulnerability>
</plugin>
<plugin name="digg-digg">
<vulnerability>
<title>Digg Digg CSRF</title>
<references>
<url>http://wordpress.org/plugins/digg-digg/changelog/</url>
<secunia>53120</secunia>
<osvdb>93544</osvdb>
</references>
<type>CSRF</type>
<fixed_in>5.3.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="ssquiz">
<vulnerability>
<title>SS Quiz Plugin Multiple Unspecified Vulnerabilities</title>
<references>
<url>http://wordpress.org/plugins/ssquiz/changelog/</url>
<secunia>53378</secunia>
<osvdb>93531</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="funcaptcha">
<vulnerability>
<title>FunCaptcha CSRF</title>
<references>
<url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>0.33</fixed_in>
</vulnerability>
</plugin>
<plugin name="xili-language">
<vulnerability>
<title>xili-language XSS</title>
<references>
<url>http://wordpress.org/plugins/xili-language/changelog/</url>
</references>
<type>XSS</type>
<fixed_in>2.8.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-seo">
<vulnerability>
<title>Security issue which allowed any user to reset settings</title>
<references>
<url>http://wordpress.org/plugins/wordpress-seo/changelog/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="underconstruction">
<vulnerability>
<title>CSRF in WordPress underConstruction plugin</title>
<references>
<url>http://wordpress.org/plugins/underconstruction/changelog/</url>
<secunia>52881</secunia>
<osvdb>93857</osvdb>
<cve>2013-2699</cve>
</references>
<type>CSRF</type>
<fixed_in>1.09</fixed_in>
</vulnerability>
</plugin>
<plugin name="adif-log-search-widget">
<vulnerability>
<title>ADIF Log Search Widget XSS Arbitrary Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/121777/</url>
<secunia>53599</secunia>
<osvdb>93721</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="exploit-scanner">
<vulnerability>
<title>FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/May/216</url>
<osvdb>93799</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="ga-universal">
<vulnerability>
<title>FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress</title>
<references>
<url>http://wordpress.org/plugins/ga-universal/changelog/</url>
</references>
<type>XSS</type>
<fixed_in>1.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="export-to-text">
<vulnerability>
<title>Remote File Inclusion Vulnerability</title>
<references>
<secunia>51348</secunia>
<osvdb>93715</osvdb>
</references>
<type>RFI</type>
<fixed_in>2.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="qtranslate">
<vulnerability>
<title>WordPress qTranslate Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53126</secunia>
<osvdb>93873</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="image-slider-with-description">
<vulnerability>
<title>Image slider with description Plugin Unspecified Vulnerability</title>
<references>
<secunia>53588</secunia>
<osvdb>93691</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>7.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="user-role-editor">
<vulnerability>
<title>User Role Editor Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53593</secunia>
<osvdb>93699</osvdb>
<exploitdb>25721</exploitdb>
</references>
<type>CSRF</type>
<fixed_in>3.14</fixed_in>
</vulnerability>
</plugin>
<plugin name="eelv-newsletter">
<vulnerability>
<title>EELV Newsletter Plugin Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53546</secunia>
<osvdb>93685</osvdb>
</references>
<type>XSS</type>
<fixed_in>3.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="frontier-post">
<vulnerability>
<title>Frontier Post Plugin Publishing Posts Security Bypass</title>
<references>
<secunia>53474</secunia>
<osvdb>93639</osvdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="spider-catalog">
<vulnerability>
<title>Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities</title>
<references>
<secunia>53491</secunia>
<osvdb>93591</osvdb>
<osvdb>93593</osvdb>
<osvdb>93594</osvdb>
<osvdb>93595</osvdb>
<osvdb>93596</osvdb>
<osvdb>93597</osvdb>
<osvdb>93598</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="spider-event-calendar">
<vulnerability>
<title>Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities</title>
<references>
<secunia>53481</secunia>
<osvdb>93584</osvdb>
<osvdb>93585</osvdb>
<osvdb>93586</osvdb>
<osvdb>93587</osvdb>
<osvdb>93588</osvdb>
<osvdb>93582</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="antivirus">
<vulnerability>
<title>FPD and Security bypass vulnerabilities in AntiVirus for WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Jun/0</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-maintenance-mode">
<vulnerability>
<title>WP Maintenance Mode Setting Manipulation CSRF</title>
<references>
<osvdb>94450</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="ultimate-auction">
<vulnerability>
<title>Ultimate Auction 1.0 - CSRF Vulnerability</title>
<references>
<osvdb>94407</osvdb>
<exploitdb>26240</exploitdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mapsmarker">
<vulnerability>
<title>Leaflet Maps Marker Tag Multiple Parameter SQL Injection</title>
<references>
<osvdb>94388</osvdb>
</references>
<type>SQLI</type>
<fixed_in>3.5.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="xorbin-analog-flash-clock">
<vulnerability>
<title>Xorbin Analog Flash Clock 1.0 Flash-based XSS</title>
<references>
<url>http://advisory.prakharprasad.com/xorbin_afc_wp.txt</url>
<cve>2013-4692</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xorbin-digital-flash-clock">
<vulnerability>
<title>Xorbin Digital Flash Clock 1.0 Flash-based XSS</title>
<references>
<url>http://advisory.prakharprasad.com/xorbin_dfc_wp.txt</url>
<cve>2013-4693</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dropdown-menu-widget">
<vulnerability>
<title>Dropdown Menu Widget Script Insertion CSRF</title>
<references>
<osvdb>94771</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="buddypress-extended-friendship-request">
<vulnerability>
<title>BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS
</title>
<references>
<osvdb>94807</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-private-messages">
<vulnerability>
<title>wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection</title>
<references>
<osvdb>94702</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="stream-video-player">
<vulnerability>
<title>Stream Video Player Plugin for WordPress Setting Manipulation CSRF</title>
<references>
<osvdb>94466</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="duplicator">
<vulnerability>
<title>Duplicator installer.cleanup.php package Parameter XSS</title>
<references>
<osvdb>95627</osvdb>
<cve>2013-4625</cve>
</references>
<type>XSS</type>
<fixed_in>0.4.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="citizen-space">
<vulnerability>
<title>Citizen Space Script Insertion CSRF</title>
<references>
<osvdb>95570</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="spicy-blogroll">
<vulnerability>
<title>Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
<references>
<osvdb>95557</osvdb>
<exploitdb>26804</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="pie-register">
<vulnerability>
<title>Pie Register wp-login.php Multiple Parameter XSS</title>
<references>
<osvdb>95160</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.31</fixed_in>
</vulnerability>
</plugin>
<plugin name="xhanch-my-twitter">
<vulnerability>
<title>CSRF in admin/setting.php in Xhanch</title>
<references>
<secunia>53133</secunia>
<cve>2013-3253</cve>
</references>
<type>CSRF</type>
<fixed_in>2.7.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="sexybookmarks">
<vulnerability>
<title>SexyBookmarks - Setting Manipulation CSRF</title>
<references>
<url>http://wordpress.org/plugins/sexybookmarks/changelog/</url>
<osvdb>95908</osvdb>
<cve>2013-3256</cve>
<secunia>53138</secunia>
</references>
<type>CSRF</type>
<fixed_in>6.1.5.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="hms-testimonials">
<vulnerability>
<title>CSRF in HMS Testimonials 2.0.10</title>
<references>
<url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
<cve>2013-4240</cve>
<osvdb>96107</osvdb>
<osvdb>96108</osvdb>
<osvdb>96109</osvdb>
<osvdb>96110</osvdb>
<osvdb>96111</osvdb>
<secunia>54402</secunia>
<exploitdb>27531</exploitdb>
</references>
<fixed_in>2.0.11</fixed_in>
</vulnerability>
<vulnerability>
<title>XSS in HMS Testimonials 2.0.10</title>
<references>
<url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
<cve>2013-4241</cve>
<osvdb>96107</osvdb>
<osvdb>96108</osvdb>
<osvdb>96109</osvdb>
<osvdb>96110</osvdb>
<osvdb>96111</osvdb>
<secunia>54402</secunia>
<exploitdb>27531</exploitdb>
</references>
<fixed_in>2.0.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="indianic-testimonial">
<vulnerability>
<title>IndiaNIC Testimonial 2.2 - CSRF vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
<cve>2013-5672</cve>
<exploitdb>28054</exploitdb>
<url>http://packetstormsecurity.com/files/123036/</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>IndiaNIC Testimonial 2.2 - SQL Injection vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
<cve>2013-5673</cve>
<exploitdb>28054</exploitdb>
<url>http://packetstormsecurity.com/files/123036/</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>IndiaNIC Testimonial 2.2 - XSS vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
<exploitdb>28054</exploitdb>
<url>http://packetstormsecurity.com/files/123036/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="usernoise">
<vulnerability>
<title>Usernoise 3.7.8 - Persistent XSS Vulnerability</title>
<references>
<url>http://wordpress.org/plugins/usernoise/changelog/</url>
<exploitdb>27403</exploitdb>
<osvdb>96000</osvdb>
</references>
<type>XSS</type>
<fixed_in>3.7.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="platinum-seo-pack">
<vulnerability>
<title>platinum_seo_pack.php s Parameter Reflected XSS</title>
<references>
<osvdb>97263</osvdb>
</references>
<fixed_in>1.3.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="design-approval-system">
<vulnerability>
<title>Design Approval System 3.6 - XSS Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2013/Sep/54</url>
<url>http://packetstormsecurity.com/files/123227/</url>
<cve>2013-5711</cve>
<osvdb>97279</osvdb>
</references>
<fixed_in>3.7</fixed_in>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="event-easy-calendar">
<vulnerability>
<title>Event Easy Calendar 1.0.0 - Multiple Administrator Action CSRF</title>
<references>
<osvdb>97042</osvdb>
<url>http://packetstormsecurity.com/files/123132/</url>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>Event Easy Calendar 1.0.0 - Multiple Unspecified XSS</title>
<references>
<osvdb>97041</osvdb>
<url>http://packetstormsecurity.com/files/123132/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bradesco-gateway">
<vulnerability>
<title>Bradesco - falha.php URI Reflected XSS</title>
<references>
<osvdb>97624</osvdb>
<cve>2013-5916</cve>
<url>http://packetstormsecurity.com/files/123356/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="social-hashtags">
<vulnerability>
<title>Social Hashtags 2.0.0 - New Post Title Field Stored XSS</title>
<references>
<osvdb>98027</osvdb>
<url>http://packetstormsecurity.com/files/123485/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-flickr-display">
<vulnerability>
<title>Simple Flickr Display Username Field Stored XSS</title>
<references>
<osvdb>97991</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="lazy-seo">
<vulnerability>
<title>Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution</title>
<references>
<url>http://packetstormsecurity.com/files/123349/</url>
<url>http://xforce.iss.net/xforce/xfdb/87384</url>
<osvdb>97662</osvdb>
<cve>2013-5961</cve>
<exploitdb>28452</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="seo-watcher">
<vulnerability>
<title>SEO Watcher - Open Flash Chart Arbitrary File Creation Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/123493/</url>
<secunia>55162</secunia>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="all-in-one-seo-pack">
<vulnerability>
<title>All in One SEO Pack &lt;= 2.3.0 - XSS Vulnerability</title>
<references>
<osvdb>98023</osvdb>
<cve>2013-5988</cve>
<url>http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html</url>
<url>http://packetstormsecurity.com/files/123490/</url>
<url>http://www.securityfocus.com/bid/62784</url>
<secunia>55133</secunia>
</references>
<fixed_in>2.3.0.1</fixed_in>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-dropbox-upload-form">
<vulnerability>
<title>Simple Dropbox Upload - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/123235/</url>
<url>http://xforce.iss.net/xforce/xfdb/87166</url>
<secunia>54856</secunia>
<cve>2013-5963</cve>
</references>
<fixed_in>1.8.8.1</fixed_in>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-ultimate-email-marketer">
<vulnerability>
<title>WP Ultimate Email Marketer - Multiple Vulnerabilities</title>
<references>
<osvdb>97648</osvdb>
<osvdb>97649</osvdb>
<osvdb>97650</osvdb>
<osvdb>97651</osvdb>
<osvdb>97652</osvdb>
<osvdb>97653</osvdb>
<osvdb>97654</osvdb>
<osvdb>97655</osvdb>
<osvdb>97656</osvdb>
<cve>2013-3263</cve>
<cve>2013-3264</cve>
<secunia>53170</secunia>
<url>http://www.securityfocus.com/bid/62621</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-miniaudioplayer">
<vulnerability>
<title>miniAudioPlayer - Two XSS Vulnerabilities</title>
<references>
<secunia>54979</secunia>
<url>http://packetstormsecurity.com/files/123372/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-custom-website-data">
<vulnerability>
<title>Custom Website Data - XSS Vulnerability</title>
<references>
<secunia>54865</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="complete-gallery-manager">
<vulnerability>
<title>Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability</title>
<references>
<osvdb>97481</osvdb>
<secunia>54894</secunia>
<cve>2013-5962</cve>
<exploitdb>28377</exploitdb>
<url>http://packetstormsecurity.com/files/123303/</url>
<url>http://xforce.iss.net/xforce/xfdb/87172</url>
</references>
<fixed_in>3.3.4</fixed_in>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lbg_zoominoutslider">
<vulnerability>
<title>LBG Zoominoutslider - XSS Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/123367/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="woopra">
<vulnerability>
<title>Woopra - Remote Code Execution</title>
<references>
<url>http://packetstormsecurity.com/files/123525/</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="fgallery_plus">
<vulnerability>
<title>fGallery_Plus - XSS</title>
<references>
<url>http://packetstormsecurity.com/files/123347/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="nospampti">
<vulnerability>
<title>NOSpamPTI 2.1 - Blind SQL Injection</title>
<references>
<exploitdb>28485</exploitdb>
<cve>2013-5917</cve>
<url>http://packetstormsecurity.com/files/123331/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="comment-attachment">
<vulnerability>
<title>Comment Attachment 1.0 - XSS Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/123327/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mukioplayer-for-wordpress">
<vulnerability>
<title>Mukioplayer 1.6 - SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/123231/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="encrypted-blog">
<vulnerability>
<title>Encrypted Blog 0.0.6.2 - XSS, Open Redirect</title>
<references>
<url>http://packetstormsecurity.com/files/122992/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-simple-login-registration-plugin">
<vulnerability>
<title>Simple Login Registration 1.0.1 - XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122963/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="post-gallery">
<vulnerability>
<title>Post Gallery - XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122957/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="proplayer">
<vulnerability>
<title>ProPlayer 4.7.9.1 - SQL Injection</title>
<references>
<exploitdb>25605</exploitdb>
<osvdb>93564</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="booking">
<vulnerability>
<title>Booking Calendar 4.1.4 - CSRF Vulnerability</title>
<references>
<exploitdb>27399</exploitdb>
<osvdb>96088</osvdb>
<url>http://wpbookingcalendar.com/</url>
</references>
<type>CSRF</type>
<fixed_in>4.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="thinkit-wp-contact-form">
<vulnerability>
<title>ThinkIT 0.1 - Multiple Vulnerabilities</title>
<references>
<exploitdb>27751</exploitdb>
<osvdb>96515</osvdb>
<url>http://packetstormsecurity.com/files/122898/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="quick-contact-form">
<vulnerability>
<title>Quick Contact Form Plugin 6.0 - Persistent XSS</title>
<references>
<exploitdb>28808</exploitdb>
<url>http://packetstormsecurity.com/files/123549/</url>
<url>http://quick-plugins.com/quick-contact-form/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="email-newsletter">
<vulnerability>
<title>Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability</title>
<references>
<url>http://www.securityfocus.com/bid/53850</url>
</references>
</vulnerability>
</plugin>
<plugin name="faqs-manager">
<vulnerability>
<title>IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities</title>
<references>
<exploitdb>24867</exploitdb>
<osvdb>91625</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>IndiaNIC FAQs Manager Plugin 1.0 - Blind SQL Injection</title>
<references>
<exploitdb>24868</exploitdb>
<osvdb>91623</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="booking-system">
<vulnerability>
<title>Booking System - events_facualty_list.php eid Parameter Reflected XSS</title>
<references>
<osvdb>96740</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="js-restaurant">
<vulnerability>
<title>JS Restaurant - popup.php restuarant_id Parameter SQL Injection</title>
<references>
<osvdb>96743</osvdb>
<url>http://packetstormsecurity.com/files/122316/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="FlagEm">
<vulnerability>
<title>FlagEm Plugin - flagit.php cID Parameter XSS</title>
<references>
<osvdb>98226</osvdb>
<url>http://www.securityfocus.com/bid/61401</url>
<url>http://xforce.iss.net/xforce/xfdb/85925</url>
<url>http://packetstormsecurity.com/files/122505/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="chat">
<vulnerability>
<title>Chat - message Parameter XSS</title>
<references>
<osvdb>95984</osvdb>
<secunia>54403</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="shareaholic">
<vulnerability>
<title>Shareaholic - Unspecified CSRF</title>
<references>
<osvdb>96321</osvdb>
<secunia>54529</secunia>
</references>
<type>CSRF</type>
<fixed_in>7.0.3.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="page-showcaser-boxes">
<vulnerability>
<title>Page Showcaser Boxes - Title Field Stored XSS</title>
<references>
<osvdb>97579</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
</vulnerabilities>
Reference in New Issue View Git Blame Copy Permalink