garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
75b3ea0bc4c5ab4d5201ea3bd57872d0fb525b80
wpscan/data/plugin_vulns.xml
Peter van der Laan 75b3ea0bc4 Same URL syntax for all Packet Storm Security URL's 
Packet Storm Security URL's don't need the 'friendly part' of the URL. So it can be neglected.
2013-10-08 11:24:03 +02:00

6733 lines
190 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vuln.xsd">
<plugin name="content-slide">
<vulnerability>
<title>Content Slide Plugin Cross-Site Requst Forgery Vulnerability</title>
<type>CSRF</type>
<references>
<osvdb>93871</osvdb>
<secunia>52949</secunia>
</references>
</vulnerability>
</plugin>
<plugin name="wordpress-simple-paypal-shopping-cart">
<vulnerability>
<title>Simple Paypal Shopping Cart Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>52963</secunia>
<osvdb>93953</osvdb>
</references>
<type>CSRF</type>
<fixed_in>3.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-sendsms">
<vulnerability>
<title>WP-SendSMS Plugin for WordPress Setting Manipulation CSRF</title>
<references>
<secunia>53796</secunia>
<osvdb>94209</osvdb>
<exploitdb>26124</exploitdb>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>WP-SendSMS Plugin for WordPress wp-admin/admin.php Multiple Parameter XSS</title>
<references>
<osvdb>94210</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mail-subscribe-list">
<vulnerability>
<title>Mail Subscribe List Plugin Script Insertion Vulnerability</title>
<references>
<secunia>53732</secunia>
<osvdb>94197</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="s3-video">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53437</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>0.98</fixed_in>
</vulnerability>
</plugin>
<plugin name="video-embed-thumbnail-generator">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53426</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>4.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="1player">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53445</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>1.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="external-video-for-everybody">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53396</secunia>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="EasySqueezePage">
<vulnerability>
<title>VideoJS Cross-Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/May/66</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="crayon-syntax-highlighter">
<vulnerability>
<title>Crayon Syntax Highlighter Remote File Inclusion Vulnerability</title>
<references>
<secunia>50804</secunia>
<url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
</url>
</references>
<type>RFI</type>
<fixed_in>1.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="ungallery">
<vulnerability>
<title>UnGallery plugin &lt;= 1.5.8 Local File Disclosure Vulnerability</title>
<references>
<exploitdb>17704</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>UnGallery Arbitrary Command Execution</title>
<references>
<secunia>50875</secunia>
<url>http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/</url>
</references>
<type>RCE</type>
<fixed_in>2.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="thanks-you-counter-button">
<vulnerability>
<title>Thank You Counter Button XSS</title>
<references>
<secunia>50977</secunia>
</references>
<type>XSS</type>
<fixed_in>1.8.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="bookings">
<vulnerability>
<title>Bookings XSS</title>
<references>
<secunia>50975</secunia>
</references>
<type>XSS</type>
<fixed_in>1.8.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="cimy-user-manager">
<vulnerability>
<title>Cimy User Manager Arbitrary File Disclosure</title>
<references>
<secunia>50834</secunia>
<url>http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="fs-real-estate-plugin">
<vulnerability>
<title>WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability</title>
<references>
<secunia>51107</secunia>
</references>
<type>SQLI</type>
<fixed_in>2.06.04</fixed_in>
</vulnerability>
<vulnerability>
<title>FireStorm Professional Real Estate Plugin Multiple SQL Injection</title>
<references>
<secunia>50873</secunia>
<url>
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
</url>
</references>
<type>SQLI</type>
<fixed_in>2.06.03</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp125">
<vulnerability>
<title>WP125 Multiple XSS</title>
<references>
<secunia>50976</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress WP125 Plugin CSRF</title>
<references>
<url>http://www.securityfocus.com/bid/58934</url>
</references>
<type>CSRF</type>
<fixed_in>1.5.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="all-video-gallery">
<vulnerability>
<title>Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities</title>
<references>
<secunia>50874</secunia>
<url>http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="buddystream">
<vulnerability>
<title>BuddyStream XSS</title>
<references>
<secunia>50972</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="post-views">
<vulnerability>
<title>post-views XSS</title>
<references>
<secunia>50982</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="floating-social-media-links">
<vulnerability>
<title>Floating Social Media Links Remote File Inclusion</title>
<references>
<secunia>51346</secunia>
<url>http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/</url>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-forum">
<vulnerability>
<title>Zingiri Forum Arbitrary File Disclosure</title>
<references>
<secunia>50833</secunia>
<url>http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="google-document-embedder">
<vulnerability>
<title>Google Document Embedder Arbitrary File Disclosure</title>
<references>
<exploitdb>23970</exploitdb>
<url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
</url>
<secunia>50832</secunia>
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
</references>
<type>UNKNOWN</type>
<fixed_in>2.5.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="extended-user-profile">
<vulnerability>
<title>extended-user-profile Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20118</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="superslider-show">
<vulnerability>
<title>superslider-show Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20117</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wordpress-multibox-plugin">
<vulnerability>
<title>multibox plugin Full Path Disclosure vulnerability</title>
<references>
<url>http://1337day.com/exploit/20119</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="contest/OpenInviter">
<vulnerability>
<title>OpenInviter Information Disclosure</title>
<references>
<url>http://packetstormsecurity.com/files/119265/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wp_rokbox">
<vulnerability>
<title>RokBox Multiple Vulnerabilities</title>
<references>
<url>http://1337day.com/exploit/19981</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>RokBox &lt;= 2.13 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/118884/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_rokintroscroller">
<vulnerability>
<title>RokIntroScroller &lt;= 1.8 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123302/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_rokmicronews">
<vulnerability>
<title>RokMicroNews &lt;= 1.5 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123312/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_roknewspager">
<vulnerability>
<title>RokNewsPager &lt;= 1.17 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123271/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp_rokstories">
<vulnerability>
<title>RokStories &lt;= 1.25 - XSS,DoS,Disclosure,Upload Vulnerabilities</title>
<references>
<secunia>54801</secunia>
<url>http://packetstormsecurity.com/files/123270/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="grou-random-image-widget">
<vulnerability>
<title>grou-random-image-widget Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20047</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="sintic_gallery">
<vulnerability>
<title>sintic_gallery Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/19993</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>sintic_gallery Path Disclosure Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20020</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wp-useronline">
<vulnerability>
<title>WP-UserOnline Full Path Disclosure</title>
<references>
<url>http://seclists.org/fulldisclosure/2010/Jul/8</url>
</references>
<type>FPD</type>
</vulnerability>
<vulnerability>
<title>Wp-UserOnline &lt;= 0.62 Persistent XSS</title>
<references>
<url>http://seclists.org/fulldisclosure/2010/Jul/8</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="levelfourstorefront">
<vulnerability>
<title>Shopping Cart Shell Upload / SQL Injection</title>
<references>
<url>http://packetstormsecurity.com/files/119217/</url>
<secunia>51690</secunia>
</references>
<type>MULTI</type>
<fixed_in>8.1.15</fixed_in>
</vulnerability>
</plugin>
<plugin name="reflex-gallery">
<vulnerability>
<title>ReFlex Gallery Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/119218/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="uploader">
<vulnerability>
<title>Uploader 1.0.4 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/119219/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="xerte-online">
<vulnerability>
<title>Xerte Online 0.32 Shell Upload</title>
<references>
<url>http://packetstormsecurity.com/files/119220/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="advanced-custom-fields">
<vulnerability>
<title>Advanced Custom Fields &lt;= 3.5.1 Remote File Inclusion</title>
<references>
<url>http://packetstormsecurity.com/files/119221/</url>
<secunia>51037</secunia>
<metasploit>exploit/unix/webapp/wp_advanced_custom_fields_exec</metasploit>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="sitepress-multilingual-cms">
<vulnerability>
<title>Wordpress sitepress-multilingual-cms Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20067</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="asset-manager">
<vulnerability>
<title>Asset Manager 0.2 Arbitrary File Upload</title>
<references>
<exploitdb>18993</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>WordPress plugin Asset manager upload.php Arbitrary Code Execution</title>
<references>
<url>
http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="apptha-banner">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="apptha-slider-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="blaze-slide-show-for-wordpress">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="comment-extra-field">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-rich-inline-edit">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-pager">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-uploader">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fluid-accessible-ui-options">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fresh-page">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mac-dock-photogallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pdw-file-browser">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="power-zoomer">
<vulnerability>
<title>powerzoomer Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20253</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slide-show-pro">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="smart-slide-show">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="spotlightyour">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sprapid">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ultimate-tinymce">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
<secunia>51224</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-3dbanner-rotator">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-3dflick-slideshow">
<vulnerability>
<title>wp-3dflick-slideshow Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20255</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-bliss-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-carouselslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
<secunia>51250</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities</title>
<references>
<secunia>50377</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>3.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-dreamworkgallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-ecommerce-cvs-importer">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-extended">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-flipslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-homepage-slideshow">
<vulnerability>
<title>wp-homepage-slideshow Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20260</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-image-news-slider">
<vulnerability>
<title>wp-image-news-slider Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20259</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Image News slider Plugin Unspecified Vulnerabilities</title>
<references>
<secunia>50390</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>3.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-levoslideshow">
<vulnerability>
<title>wp-levoslideshow Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20250</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-matrix-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-powerplaygallery">
<vulnerability>
<title>wp-powerplaygallery Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20252</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-royal-gallery">
<vulnerability>
<title>wp-royal-gallery Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20261</url>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-superb-slideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>wp superb Slideshow Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/19979</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="wp-vertical-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-yasslideshow">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cardoza-ajax-search">
<vulnerability>
<title>Ajax Post Search Sql Injection</title>
<references>
<url>http://seclists.org/bugtraq/2012/Nov/33</url>
<secunia>51205</secunia>
<url>http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html</url>
</references>
<type>SQLI</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="answer-my-question">
<vulnerability>
<title>Answer My Question 1.1 Multiple XSS</title>
<references>
<url>http://www.securityfocus.com/archive/1/524625/30/0/threaded</url>
<secunia>50655</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="catalog">
<vulnerability>
<title>Catalog HTML Code Injection and Cross-site scripting</title>
<references>
<url>http://packetstormsecurity.org/files/117820/</url>
<secunia>51143</secunia>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WordPress Spider Catalog Plugin Multiple SQL Injection and Cross Site Scripting Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/60079/info</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wordfence">
<vulnerability>
<title>Wordfence 3.3.5 XSS and IAA</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Oct/139</url>
<secunia>51055</secunia>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="slideshow-jquery-image-gallery">
<vulnerability>
<title>Slideshow jQuery Image Gallery Multiple Vulnerabilities</title>
<references>
<url>http://www.waraxe.us/advisory-92.html</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities</title>
<references>
<secunia>51135</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="social-discussions">
<vulnerability>
<title>Social Discussions Multiple Vulnerabilities</title>
<references>
<url>http://www.waraxe.us/advisory-93.html</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="abtest">
<vulnerability>
<title>ABtest Directory Traversal</title>
<references>
<url>
http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="bbpress">
<vulnerability>
<title>BBPress SQL Injection / Path Disclosure</title>
<references>
<url>http://packetstormsecurity.org/files/116123/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="nextgen_cu3er_gallery">
<vulnerability>
<title>NextGen Cu3er Gallery Information Disclosure</title>
<references>
<url>http://packetstormsecurity.org/files/116150/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="rich-widget">
<vulnerability>
<title>Rich Widget File Upload</title>
<references>
<url>http://packetstormsecurity.org/files/115787/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="monsters-editor-10-for-wp-super-edit">
<vulnerability>
<title>Monsters Editor Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/115788/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="quick-post-widget">
<vulnerability>
<title>Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities</title>
<references>
<url>http://seclists.org/bugtraq/2012/Aug/66</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="threewp-email-reflector">
<vulnerability>
<title>ThreeWP Email Reflector 1.13 Stored XSS</title>
<references>
<exploitdb>20365</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-simplemail">
<vulnerability>
<title>SimpleMail 1.0.6 Stored XSS</title>
<references>
<exploitdb>20361</exploitdb>
<secunia>50208</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="postie">
<vulnerability>
<title>Postie 1.4.3 Stored XSS</title>
<references>
<exploitdb>20360</exploitdb>
<secunia>50207</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="rsvpmaker">
<vulnerability>
<title>RSVPMaker v2.5.4 Persistent XSS</title>
<references>
<exploitdb>20474</exploitdb>
<secunia>50289</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mz-jajak">
<vulnerability>
<title>Mz-jajak &lt;= 2.1 SQL Injection Vulnerability</title>
<references>
<exploitdb>20416</exploitdb>
<secunia>50217</secunia>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="resume-submissions-job-postings">
<vulnerability>
<title>Resume Submissions Job Posting v2.5.1 Unrestricted File Upload</title>
<references>
<url>http://packetstormsecurity.org/files/114716/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-predict">
<vulnerability>
<title>WP-Predict v1.0 Blind SQL Injection</title>
<references>
<exploitdb>19715</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="backup">
<vulnerability>
<title>Backup Plugin Information Disclosure</title>
<references>
<exploitdb>19524</exploitdb>
<secunia>50038</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="moodthingy-mood-rating-widget">
<vulnerability>
<title>MoodThingy Widget v0.8.7 Blind SQL Injection</title>
<references>
<exploitdb>19572</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="paid-business-listings">
<vulnerability>
<title>Paid Business Listings v1.0.2 Blind SQL Injection</title>
<references>
<exploitdb>19481</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="website-faq">
<vulnerability>
<title>Website FAQ Plugin v1.0 SQL Injection</title>
<references>
<exploitdb>19400</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="radykal-fancy-gallery">
<vulnerability>
<title>Fancy Gallery 1.2.4 Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/114114/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="flipbook">
<vulnerability>
<title>Flip Book 1.0 Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/114112/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="ajax_multi_upload">
<vulnerability>
<title>Ajax Multi Upload 1.1 Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/114109/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="schreikasten">
<vulnerability>
<title>Schreikasten 0.14.13 XSS</title>
<references>
<exploitdb>19294</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-automatic">
<vulnerability>
<title>Wordpress Automatic 2.0.3 CSRF</title>
<references>
<url>http://packetstormsecurity.org/files/113763/</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="videowhisper-video-conference-integration">
<vulnerability>
<title>VideoWhisper Video Conference
4.51 Arbitrary File Upload Vulnerability
</title>
<references>
<url>http://packetstormsecurity.org/files/113580/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="auctionplugin">
<vulnerability>
<title>Auctions Plugin 2.0.1.3 Arbitrary
File Upload Vulnerability
</title>
<references>
<url>http://packetstormsecurity.org/files/113568/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lb-mixed-slideshow">
<vulnerability>
<title>LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.org/files/113844/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lim4wp">
<vulnerability>
<title>Lim4wp 1.1.1 Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.org/files/113846/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-imagezoom">
<vulnerability>
<title>Wp-ImageZoom 1.0.3 Remote File Disclosure</title>
<references>
<url>http://packetstormsecurity.org/files/113845/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="invit0r">
<vulnerability>
<title>Invit0r 0.22 Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/113639/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="announces">
<vulnerability>
<title>Annonces 1.2.0.1 Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/113637/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="contus-video-galleryversion-10">
<vulnerability>
<title>Contus Video Gallery 1.3 Arbitrary
File Upload Vulnerability
</title>
<references>
<url>http://packetstormsecurity.org/files/113571/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="contus-hd-flv-player">
<vulnerability>
<title>Contus HD FLV Player plugin &lt;= 1.3 SQL Injection Vulnerability</title>
<references>
<exploitdb>17678</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Contus HD FLV Player 1.7 Arbitrary
File Upload Vulnerability
</title>
<references>
<url>http://packetstormsecurity.org/files/113570/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="user-meta">
<vulnerability>
<title>User Meta Version 1.1.1 Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19052</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="topquark">
<vulnerability>
<title>Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19053</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="sfbrowser">
<vulnerability>
<title>SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19054</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="pica-photo-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19055</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>PICA Photo Gallery 1.0 Remote File Disclosure</title>
<references>
<exploitdb>19016</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="mac-dock-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues</title>
<references>
<secunia>49923</secunia>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
<vulnerability>
<title>WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities</title>
<references>
<secunia>49836</secunia>
</references>
<type>XSS</type>
<fixed_in>3.0</fixed_in>
</vulnerability>
<vulnerability>
<title>Mac Photo Gallery 2.7 Arbitrary File Upload</title>
<references>
<exploitdb>19056</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="drag-drop-file-uploader">
<vulnerability>
<title>drag and drop file upload 0.1 Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19057</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="custom-content-type-manager">
<vulnerability>
<title>Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>19058</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-gpx-map">
<vulnerability>
<title>wp-gpx-max version 1.1.21 Arbitrary File Upload</title>
<references>
<exploitdb>19050</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="front-file-manager">
<vulnerability>
<title>Front File Manager Plugin 0.1 Arbitrary File Upload</title>
<references>
<exploitdb>19012</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="front-end-upload">
<vulnerability>
<title>Front End Upload 0.5.3 Arbitrary File Upload</title>
<references>
<exploitdb>19008</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Front End Upload v0.5.4 Arbitrary PHP File Upload</title>
<references>
<exploitdb>20083</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="omni-secure-files">
<vulnerability>
<title>Omni Secure Files 0.1.13 Arbitrary File Upload</title>
<references>
<exploitdb>19009</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="easy-contact-forms-exporter">
<vulnerability>
<title>Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability</title>
<references>
<exploitdb>19013</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="plugin-newsletter">
<vulnerability>
<title>Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>19018</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="rbxgallery">
<vulnerability>
<title>RBX Gallery 2.1 Arbitrary File Upload</title>
<references>
<exploitdb>19019</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="simple-download-button-shortcode">
<vulnerability>
<title>Simple Download Button Shortcode 1.0 Remote File Disclosure</title>
<references>
<exploitdb>19020</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="thinkun-remind">
<vulnerability>
<title>Thinkun Remind 1.1.3 Remote File Disclosure</title>
<references>
<exploitdb>19021</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="tinymce-thumbnail-gallery">
<vulnerability>
<title>Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure</title>
<references>
<exploitdb>19022</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wpstorecart">
<vulnerability>
<title>wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload</title>
<references>
<exploitdb>19023</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="gallery-plugin">
<vulnerability>
<title>Gallery 3.06 Arbitrary File Upload</title>
<references>
<exploitdb>18998</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="font-uploader">
<vulnerability>
<title>Font Uploader 1.2.4 Arbitrary File Upload</title>
<references>
<exploitdb>18994</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-property">
<vulnerability>
<title>WP-Property 1.35.0 Arbitrary File Upload</title>
<references>
<exploitdb>18987</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wpmarketplace">
<vulnerability>
<title>WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload</title>
<references>
<exploitdb>18988</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="store-locator-le">
<vulnerability>
<title>Google Maps via Store Locator Multiple Vulnerabilities</title>
<references>
<exploitdb>18989</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>store-locator-le SQL Injection</title>
<references>
<secunia>51757</secunia>
</references>
<type>SQLI</type>
<fixed_in>3.8.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="html5avmanager">
<vulnerability>
<title>HTML5 AV Manager 0.2.7 Arbitrary File Upload</title>
<references>
<exploitdb>18990</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="foxypress">
<vulnerability>
<title>Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload</title>
<references>
<url>http://packetstormsecurity.org/files/113576/</url>
<exploitdb>18991</exploitdb>
<exploitdb>19100</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection</title>
<references>
<url>http://packetstormsecurity.org/files/117768/</url>
<secunia>51109</secunia>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="track-that-stat">
<vulnerability>
<title>Track That Stat &lt;= 1.0.8 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112722/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-facethumb">
<vulnerability>
<title>WP-Facethumb Gallery &lt;= 0.1 Reflected Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112658/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-survey-and-quiz-tool">
<vulnerability>
<title>Survey And Quiz Tool &lt;= 2.9.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112685/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-statistics">
<vulnerability>
<title>WP Statistics &lt;= 2.2.4 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112686/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-easy-gallery">
<vulnerability>
<title>WP Easy Gallery &lt;= 1.7 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112687/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Easy Gallery &lt;= 2.7 CSRF</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=669527%40wp-easy-gallery&amp;new=669527%40wp-easy-gallery</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="subscribe2">
<vulnerability>
<title>Subscribe2 &lt;= 8.0 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112688/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="soundcloud-is-gold">
<vulnerability>
<title>Soundcloud Is Gold &lt;= 2.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112689/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sharebar">
<vulnerability>
<title>Sharebar &lt;= 1.2.5 sharebar-admin.php page Parameter XSS</title>
<references>
<osvdb>98078</osvdb>
<url>http://packetstormsecurity.org/files/123365/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Sharebar &lt;= 1.2.5 Button Manipulation CSRF</title>
<references>
<osvdb>94843</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
<vulnerability>
<title>Sharebar &lt;= 1.2.1 SQL Injection / Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112690/</url>
</references>
<type>MULTI</type>
<fixed_in>1.2.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="share-and-follow">
<vulnerability>
<title>Share And Follow &lt;= 1.80.3 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112691/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sabre">
<vulnerability>
<title>SABRE &lt;= 1.2.0 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112692/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pretty-link">
<vulnerability>
<title>Pretty Link Lite &lt;= 1.5.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112693/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Pretty Link Lite &lt;= 1.6.1 Cross Site Scripting</title>
<references>
<secunia>50980</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress pretty-link plugin XSS in SWF</title>
<references>
<url>http://seclists.org/bugtraq/2013/Feb/100</url>
<url>http://packetstormsecurity.com/files/120433/</url>
<cve>2013-1636</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="newsletter-manager">
<vulnerability>
<title>Newsletter Manager &lt;= 1.0 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112694/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="network-publisher">
<vulnerability>
<title>Network Publisher &lt;= 5.0.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112695/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="leaguemanager">
<vulnerability>
<title>LeagueManager &lt;= 3.7 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112698/</url>
<secunia>49949</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LeagueManager v3.8 SQL Injection</title>
<references>
<exploitdb>24789</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="leaflet">
<vulnerability>
<title>Leaflet &lt;= 0.0.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112699/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="joliprint">
<vulnerability>
<title>PDF And Print Button Joliprint &lt;= 1.3.0 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112700/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="iframe-admin-pages">
<vulnerability>
<title>IFrame Admin Pages &lt;= 0.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112701/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ezpz-one-click-backup">
<vulnerability>
<title>EZPZ One Click Backup &lt;= 12.03.10 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112705/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dynamic-widgets">
<vulnerability>
<title>Dynamic Widgets &lt;= 1.5.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112706/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="download-monitor">
<vulnerability>
<title>Download Monitor &lt; 3.3.6.2 Cross Site Scripting</title>
<references>
<url>http://www.securityfocus.com/bid/61407</url>
<secunia>53116</secunia>
<cve>2013-5098</cve>
<cve>2013-3262</cve>
</references>
<type>XSS</type>
<fixed_in>3.3.6.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Download Monitor &lt;= 3.3.5.7 Cross Site Scripting</title>
<references>
<url>http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html</url>
<secunia>50511</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Download Monitor &lt;= 3.3.5.4 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112707/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="download-manager">
<vulnerability>
<title>Download Manager &lt;= 2.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112708/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="codestyling-localization">
<vulnerability>
<title>Code Styling Localization &lt;= 1.99.16 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112709/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="catablog">
<vulnerability>
<title>Catablog &lt;= 1.6 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112619/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bad-behavior">
<vulnerability>
<title>Bad Behavior &lt;= 2.24 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112619/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bulletproof-security">
<vulnerability>
<title>BulletProof Security &lt;= 0.47 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112618/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="better-wp-security">
<vulnerability>
<title>Better WP Security &lt;= 3.5.3 Stored XSS</title>
<references>
<url>https://github.com/wpscanteam/wpscan/issues/251</url>
<url>http://www.securityfocus.com/archive/1/527634/30/0/threaded</url>
<osvdb>95884</osvdb>
<secunia>54299</secunia>
<exploitdb>27290</exploitdb>
</references>
<type>XSS</type>
<fixed_in>3.5.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security v3.4.3 Multiple XSS</title>
<references>
<url>http://seclists.org/bugtraq/2012/Oct/9</url>
</references>
<type>XSS</type>
<fixed_in>3.4.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Better WP Security &lt;= 3.2.4 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112617/</url>
</references>
<type>XSS</type>
<fixed_in>3.2.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="custom-contact-forms">
<vulnerability>
<title>Custom Contact Forms &lt;= 5.0.0.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112616/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="2-click-socialmedia-button">
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.34 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112615/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.32.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112711/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="login-with-ajax">
<vulnerability>
<title>Login With Ajax plugin Cross Site Scripting</title>
<references>
<secunia>49013</secunia>
</references>
<type>XSS</type>
<fixed_in>3.0.4.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress Login With Ajax Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>52950</secunia>
</references>
<type>CSRF</type>
<fixed_in>3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="media-library-categories">
<vulnerability>
<title>Media Library Categories plugin &lt;= 1.0.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17628</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Media Library Categories plugin &lt;= 1.1.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112697/</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="deans-fckeditor-with-pwwangs-code-plugin-for-wordpress">
<vulnerability>
<title>FCKeditor Deans With Pwwangs Code &lt;= 1.0.0 Remote Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/111319/</url>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-web-shop">
<vulnerability>
<title>WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability</title>
<references>
<secunia>49398</secunia>
</references>
<type>SQLI</type>
<fixed_in>2.4.8</fixed_in>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.4.0 Multiple XSS Vulnerabilities</title>
<references>
<exploitdb>18787</exploitdb>
<secunia>48991</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.3.5 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112684/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop 2.4.3 Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/113668/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="organizer">
<vulnerability>
<title>Organizer 1.2.1 Cross Site Scripting / Path Disclosure</title>
<references>
<url>http://packetstormsecurity.org/files/112086/</url>
<url>http://packetstormsecurity.org/files/113800/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="zingiri-tickets">
<vulnerability>
<title>Zingiri Tickets plugin File Disclosure</title>
<references>
<url>http://packetstormsecurity.org/files/111904/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="cms-tree-page-view">
<vulnerability>
<title>XSS vulnerability in CMS Tree Page View Plugin</title>
<references>
<url>https://www.htbridge.com/advisory/HTB23083</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="all-in-one-event-calendar">
<vulnerability>
<title>Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress</title>
<references>
<url>http://seclists.org/bugtraq/2012/Apr/70</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="buddypress">
<vulnerability>
<title>Buddypress &lt;= 1.5.5 SQL Injection</title>
<references>
<exploitdb>18690</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="register-plus-redux">
<vulnerability>
<title>Register Plus Redux &lt;= 3.8.3 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/111367/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="magn-html5-drag-and-drop-media-uploader">
<vulnerability>
<title>Magn WP Drag and Drop &lt;= 1.1.4 Upload Shell Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.org/files/110103/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="kish-guest-posting">
<vulnerability>
<title>Kish Guest Posting 1.0 Arbitrary File Upload</title>
<references>
<exploitdb>18412</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="allwebmenus-wordpress-menu-plugin">
<vulnerability>
<title>AllWebMenus Shell Upload &lt;= 1.1.9 Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/108946/</url>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>AllWebMenus 1.1.3 Remote File Inclusion</title>
<references>
<exploitdb>17861</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="shortcode-redirect">
<vulnerability>
<title>Shortcode Redirect &lt;= 1.0.01 Stored Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/108914/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ucan-post">
<vulnerability>
<title>uCan Post plugin &lt;= 1.0.09 Stored XSS</title>
<references>
<exploitdb>18390</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-cycle-playlist">
<vulnerability>
<title>WP Cycle Playlist plugin Multiple Vulnerabilities</title>
<references>
<url>http://1337day.com/exploits/17396</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="myeasybackup">
<vulnerability>
<title>myEASYbackup 1.0.8.1 Directory Traversal</title>
<references>
<url>http://packetstormsecurity.org/files/108711/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="count-per-day">
<vulnerability>
<title>Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability</title>
<references>
<exploitdb>24859</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.2.3 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/115904/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day 3.1.1 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/114787/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Count Per Day plugin &lt;= 3.1.1 Multiple Vulnerabilities</title>
<references>
<exploitdb>18355</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Count per Day plugin &lt;= 2.17 SQL Injection Vulnerability</title>
<references>
<exploitdb>17857</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-autoyoutube">
<vulnerability>
<title>WP-AutoYoutube plugin &lt;= 0.1 Blind SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploits/17368</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="age-verification">
<vulnerability>
<title>Age Verification plugin &lt;= 0.4 Open Redirect</title>
<references>
<exploitdb>18350</exploitdb>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="yousaytoo-auto-publishing-plugin">
<vulnerability>
<title>Yousaytoo Auto Publishing &lt;= 1.0 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/108470/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="pay-with-tweet">
<vulnerability>
<title>Pay With Tweet plugin &lt;= 1.1 Multiple Vulnerabilities</title>
<references>
<exploitdb>18330</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-whois">
<vulnerability>
<title>Whois Search &lt;= 1.4.2 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/108271/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="upm-polls">
<vulnerability>
<title>BLIND SQL injection UPM-POLLS plugin 1.0.4</title>
<references>
<exploitdb>18231</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="disqus-comment-system">
<vulnerability>
<title>Disqus Comment System &lt;= 2.68 Reflected Cross-Site Scripting (XSS)</title>
<references>
<url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-recaptcha">
<vulnerability>
<title>Google reCAPTCHA &lt;= 3.1.3 Reflected XSS Vulnerability</title>
<references>
<url>http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="link-library">
<vulnerability>
<title>Link Library plugin &lt;= 5.2.1 SQL Injection</title>
<references>
<exploitdb>17887</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cevhershare">
<vulnerability>
<title>CevherShare 2.0 plugin SQL Injection Vulnerability</title>
<references>
<exploitdb>17891</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="meenews">
<vulnerability>
<title>meenews 5.1 plugin Cross-Site Scripting Vulnerabilities</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/151</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="clickdesk-live-support-chat">
<vulnerability>
<title>Click Desk Live Support Chat Cross Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/148</url>
</references>
<type>XSS</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="adminimize">
<vulnerability>
<title>adminimize 1.7.21 Cross-Site Scripting Vulnerabilities</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/135</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="advanced-text-widget">
<vulnerability>
<title>Advanced Text Widget &lt;= 2.0.0 Cross Site Scripting Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/133</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mm-duplicate">
<vulnerability>
<title>MM Duplicate plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17707</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-menu-creator">
<vulnerability>
<title>Menu Creator plugin &lt;= 1.1.7 SQL Injection Vulnerability</title>
<references>
<exploitdb>17689</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="allow-php-in-posts-and-pages">
<vulnerability>
<title>Allow PHP in Posts and Pages plugin &lt;= 2.0.0.RC1 SQL Injection Vulnerability</title>
<references>
<exploitdb>17688</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="global-content-blocks">
<vulnerability>
<title>Global Content Blocks plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17687</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ajaxgallery">
<vulnerability>
<title>Ajax Gallery plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17686</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-ds-faq">
<vulnerability>
<title>WP DS FAQ plugin &lt;= 1.3.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17683</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="odihost-newsletter-plugin">
<vulnerability>
<title>OdiHost Newsletter plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17681</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="easy-contact-form-lite">
<vulnerability>
<title>Easy Contact Form Lite plugin &lt;= 1.0.7 SQL Injection Vulnerability</title>
<references>
<exploitdb>17680</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-symposium">
<vulnerability>
<title>WP Symposium plugin &lt;= 0.64 SQL Injection Vulnerability</title>
<references>
<exploitdb>17679</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Symposium plugin &lt;= 12.12 Multiple SQL Injection Vulnerabilities</title>
<references>
<secunia>50674</secunia>
<url>http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress WP Symposium Plugin &quot;u&quot; XSS</title>
<references>
<secunia>52864</secunia>
</references>
<type>XSS</type>
<fixed_in>13.04</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress WP Symposium Plugin &quot;u&quot; Redirection Weakness</title>
<references>
<secunia>52925</secunia>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="file-groups">
<vulnerability>
<title>File Groups plugin &lt;= 1.1.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17677</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ip-logger">
<vulnerability>
<title>IP-Logger plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17673</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="beer-recipes">
<vulnerability>
<title>Beer Recipes v.1.0 XSS</title>
<references>
<exploitdb>17453</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="is-human">
<vulnerability>
<title>Is-human &lt;=1.4.2 Remote Command Execution Vulnerability</title>
<references>
<exploitdb>17299</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="editormonkey">
<vulnerability>
<title>EditorMonkey plugin (FCKeditor) Arbitrary File Upload</title>
<references>
<exploitdb>17284</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="sermon-browser">
<vulnerability>
<title>SermonBrowser 0.43 SQL Injection</title>
<references>
<exploitdb>17214</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="ajax-category-dropdown">
<vulnerability>
<title>Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities</title>
<references>
<exploitdb>17207</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-custom-pages">
<vulnerability>
<title>WP Custom Pages 0.5.0.1 LFI Vulnerability</title>
<references>
<exploitdb>17119</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="flash-album-gallery">
<vulnerability>
<title>WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities</title>
<references>
<secunia>51100</secunia>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities</title>
<references>
<url>http://packetstormsecurity.org/files/117665/</url>
<url>http://www.waraxe.us/advisory-94.html</url>
<secunia>51601</secunia>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities</title>
<references>
<exploitdb>16947</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery &lt;= 1.56 XSS Vulnerability</title>
<references>
<url>http://seclists.org/bugtraq/2011/Nov/186</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GRAND Flash Album Gallery &lt;= 1.71 XSS Vulnerability</title>
<references>
<url>http://packetstormsecurity.org/files/112704/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability</title>
<references>
<secunia>53356</secunia>
</references>
<type>SQLI</type>
<fixed_in>2.56</fixed_in>
</vulnerability>
<vulnerability>
<title>GRAND FlAGallery Plugin "s" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53111</secunia>
<osvdb>93714</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.72</fixed_in>
</vulnerability>
</plugin>
<plugin name="php_speedy_wp">
<vulnerability>
<title>PHP Speedy &lt;= 0.5.2 (admin_container.php) Remote Code Exec Exploit</title>
<references>
<exploitdb>16273</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="old-post-spinner">
<vulnerability>
<title>OPS Old Post Spinner 2.2.1 LFI Vulnerability</title>
<references>
<exploitdb>16251</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="jquery-mega-menu">
<vulnerability>
<title>jQuery Mega Menu 1.0 Local File Inclusion</title>
<references>
<exploitdb>16250</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="iwant-one-ihave-one">
<vulnerability>
<title>IWantOneButton 3.0.1 Multiple Vulnerabilities</title>
<references>
<exploitdb>16236</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="forum-server">
<vulnerability>
<title>WP Forum Server 1.6.5 SQL Injection Vulnerability</title>
<references>
<exploitdb>16235</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server plugin &lt;= 1.7 SQL Injection Vulnerability</title>
<references>
<exploitdb>17828</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Forum Server plugin &lt;= 1.7.3 SQL Injection / XSS Vulnerabilities</title>
<references>
<url>http://packetstormsecurity.org/files/112703/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="relevanssi">
<vulnerability>
<title>Relevanssi 2.7.2 Stored XSS Vulnerability</title>
<references>
<exploitdb>16233</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="gigpress">
<vulnerability>
<title>GigPress 2.1.10 Stored XSS Vulnerability</title>
<references>
<exploitdb>16232</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="comment-rating">
<vulnerability>
<title>WordPress Comment Rating 2.9.32 SQL Injection / Bypass</title>
<references>
<url>http://packetstormsecurity.com/files/120569/</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Comment Rating 2.9.23 Multiple Vulnerabilities</title>
<references>
<exploitdb>16221</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="z-vote">
<vulnerability>
<title>Z-Vote 1.1 SQL Injection Vulnerability</title>
<references>
<exploitdb>16218</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="user-photo">
<vulnerability>
<title>User Photo Component Remote File Upload Vulnerability</title>
<references>
<exploitdb>16181</exploitdb>
<osvdb>71071</osvdb>
</references>
<type>UPLOAD</type>
<fixed_in>0.9.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="enable-media-replace">
<vulnerability>
<title>Enable Media Replace Multiple Vulnerabilities</title>
<references>
<exploitdb>16144</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="mingle-forum">
<vulnerability>
<title>Mingle Forum &lt;= 1.0.32.1 Cross Site Scripting / SQL Injection</title>
<references>
<url>http://packetstormsecurity.org/files/108915/</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.31 SQL Injection Vulnerability</title>
<references>
<exploitdb>17894</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.26 Multiple Vulnerabilities</title>
<references>
<exploitdb>15943</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum &lt;= 1.0.33 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112696/</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.33.3 Multiple Parameter SQL Injection</title>
<references>
<osvdb>90434</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.35 Privilege Escalation CSRF</title>
<references>
<osvdb>96905</osvdb>
<cve>2013-0736</cve>
<secunia>47687</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="accept-signups">
<vulnerability>
<title>Accept Signups 0.1 XSS</title>
<references>
<exploitdb>15808</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="events-manager-extended">
<vulnerability>
<title>Events Manager Extended Persistent XSS Vulnerability</title>
<references>
<exploitdb>14923</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="nextgen-smooth-gallery">
<vulnerability>
<title>NextGEN Smooth Gallery Blind SQL Injection Vulnerability</title>
<references>
<exploitdb>14541</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mylinksdump">
<vulnerability>
<title>myLDlinker SQL Injection Vulnerability</title>
<references>
<exploitdb>14441</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="firestats">
<vulnerability>
<title>Firestats Remote Configuration File Download</title>
<references>
<exploitdb>14308</exploitdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="simple-press">
<vulnerability>
<title>Simple:Press SQL Injection Vulnerability</title>
<references>
<exploitdb>14198</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cimy-counter">
<vulnerability>
<title>Vulnerabilities in Cimy Counter for WordPress</title>
<references>
<exploitdb>14057</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="nextgen-gallery">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
<secunia>51271</secunia>
</references>
<type>XSS</type>
<fixed_in>1.9.8</fixed_in>
</vulnerability>
<vulnerability>
<title>XSS in NextGEN Gallery &lt;= 1.5.1</title>
<references>
<exploitdb>12098</exploitdb>
</references>
<type>XSS</type>
<fixed_in>1.5.2</fixed_in>
</vulnerability>
<vulnerability>
<title>swfupload.swf Multiple Cross Site Scripting Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/60433</url>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery 1.9.12 Arbitrary File Upload</title>
<references>
<url>http://wordpress.org/plugins/nextgen-gallery/changelog/</url>
<osvdb>94232</osvdb>
<cve>2013-3684</cve>
</references>
<type>UPLOAD</type>
<fixed_in>1.9.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="cpl">
<vulnerability>
<title>Copperleaf Photolog SQL injection</title>
<references>
<exploitdb>11458</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="events-calendar">
<vulnerability>
<title>Events SQL Injection Vulnerability</title>
<references>
<exploitdb>10929</exploitdb>
<osvdb>95677</osvdb>
</references>
<type>SQLI</type>
<fixed_in>6.7.10</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Events Calendar wp-admin/admin.php EC_id Parameter XSS</title>
<references>
<osvdb>74705</osvdb>
</references>
<type>XSS</type>
<fixed_in>6.7.12a</fixed_in>
</vulnerability>
</plugin>
<plugin name="ImageManager">
<vulnerability>
<title>Image Manager Plugins Shell Upload Vulnerability</title>
<references>
<exploitdb>10325</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-cumulus">
<vulnerability>
<title>Vulnerabilities in WP-Cumulus &lt;= 1.20 for WordPress</title>
<references>
<exploitdb>10228</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>WP-Cumulus Cross Site Scripting Vulnerabily</title>
<references>
<url>http://seclists.org/fulldisclosure/2011/Nov/340</url>
</references>
<type>XSS</type>
<fixed_in>1.23</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-syntax">
<vulnerability>
<title>WP-Syntax &lt;= 0.9.1 Remote Command Execution</title>
<references>
<exploitdb>9431</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="my-category-order">
<vulnerability>
<title>My Category Order &lt;= 2.8 SQL Injection Vulnerability</title>
<references>
<exploitdb>9150</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="related-sites">
<vulnerability>
<title>Related Sites 2.1 Blind SQL Injection Vulnerability</title>
<references>
<exploitdb>9054</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dm-albums">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many Wordpress Plugins</title>
<references>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>DM Albums 1.9.2 Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>9048</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
<vulnerability>
<title>DM Albums 1.9.2 Remote File Inclusion Vuln</title>
<references>
<exploitdb>9043</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="photoracer">
<vulnerability>
<title>Photoracer 1.0 (id) SQL Injection Vulnerability</title>
<references>
<exploitdb>8961</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Photoracer plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17720</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Photoracer plugin &lt;= 1.0 Multiple Vulnerabilities</title>
<references>
<exploitdb>17731</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-lytebox">
<vulnerability>
<title>Lytebox (wp-lytebox) Local File Inclusion Vulnerability</title>
<references>
<exploitdb>8791</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="fmoblog">
<vulnerability>
<title>fMoblog 2.1 (id) SQL Injection Vulnerability</title>
<references>
<exploitdb>8229</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="page-flip-image-gallery">
<vulnerability>
<title>Page Flip Image Gallery &lt;= 0.2.2 Remote FD Vuln</title>
<references>
<osvdb>50902</osvdb>
<cve>2008-5752</cve>
<exploitdb>7543</exploitdb>
<secunia>33274</secunia>
<url>http://www.securityfocus.com/bid/32966</url>
<url>http://xforce.iss.net/xforce/xfdb/47568</url>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="wp-shopping-cart">
<vulnerability>
<title>e-Commerce &lt;= 3.4 Arbitrary File Upload Exploit</title>
<references>
<exploitdb>6867</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="downloads-manager">
<vulnerability>
<title>Download Manager 0.2 Arbitrary File Upload Exploit</title>
<references>
<exploitdb>6127</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wpSS">
<vulnerability>
<title>Spreadsheet &lt;= 0.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>5486</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-download">
<vulnerability>
<title>Download (dl_id) SQL Injection Vulnerability</title>
<references>
<exploitdb>5326</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sniplets">
<vulnerability>
<title>Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities</title>
<references>
<exploitdb>5194</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-photo-album">
<vulnerability>
<title>Photo album Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5135</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sf-forum">
<vulnerability>
<title>Simple Forum 2.0-2.1 SQL Injection Vulnerability</title>
<references>
<exploitdb>5126</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Simple Forum 1.10-1.11 SQL Injection Vulnerability</title>
<references>
<exploitdb>5127</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="st_newsletter">
<vulnerability>
<title>st_newsletter Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5053</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>st_newsletter (stnl_iframe.php) SQL Injection Vuln</title>
<references>
<exploitdb>6777</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wordspew">
<vulnerability>
<title>Wordspew Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>5039</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="dmsguestbook">
<vulnerability>
<title>dmsguestbook 1.7.0 Multiple Remote Vulnerabilities</title>
<references>
<exploitdb>5035</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wassup">
<vulnerability>
<title>WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit</title>
<references>
<exploitdb>5017</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-adserve">
<vulnerability>
<title>Adserve 0.2 adclick.php SQL Injection Exploit</title>
<references>
<exploitdb>5013</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="fgallery">
<vulnerability>
<title>plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability</title>
<references>
<exploitdb>4993</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-cal">
<vulnerability>
<title>WP-Cal 0.3 editevent.php SQL Injection Vulnerability</title>
<references>
<exploitdb>4992</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wpforum">
<vulnerability>
<title>plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>4939</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability</title>
<references>
<exploitdb>7738</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-filemanager">
<vulnerability>
<title>Wp-FileManager 1.2 Remote Upload Vulnerability</title>
<references>
<exploitdb>4844</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>WordPress wp-FileManager File Download Vulnerability</title>
<references>
<secunia>53421</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="pictpress">
<vulnerability>
<title>PictPress &lt;= 0.91 Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>4695</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="backupwordpress">
<vulnerability>
<title>BackUp &lt;= 0.4.2b RFI Vulnerability</title>
<references>
<exploitdb>4593</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="myflash">
<vulnerability>
<title>plugin myflash &lt;= 1.00 (wppath) RFI Vulnerability</title>
<references>
<exploitdb>3828</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wordtube">
<vulnerability>
<title>plugin wordTube &lt;= 1.43 (wpPATH) RFI Vulnerability</title>
<references>
<exploitdb>3825</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wp-table">
<vulnerability>
<title>plugin wp-Table &lt;= 1.43 (inc_dir) RFI Vulnerability</title>
<references>
<exploitdb>3824</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="mygallery">
<vulnerability>
<title>myGallery &lt;= 1.4b4 Remote File Inclusion Vulnerability</title>
<references>
<exploitdb>3814</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="sendit">
<vulnerability>
<title>SendIt plugin &lt;= 1.5.9 Blind SQL Injection Vulnerability</title>
<references>
<exploitdb>17716</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="js-appointment">
<vulnerability>
<title>Js-appointment plugin &lt;= 1.5 SQL Injection Vulnerability</title>
<references>
<exploitdb>17724</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mm-forms-community">
<vulnerability>
<title>MM Forms Community &lt;= 1.2.3 SQL Injection Vulnerability</title>
<references>
<exploitdb>17725</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>MM Forms Community 2.2.6 Arbitrary File Upload</title>
<references>
<exploitdb>18997</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="super-captcha">
<vulnerability>
<title>Super CAPTCHA plugin &lt;= 2.2.4 SQL Injection Vulnerability</title>
<references>
<exploitdb>17728</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="collision-testimonials">
<vulnerability>
<title>Collision Testimonials plugin &lt;= 3.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17729</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="oqey-headers">
<vulnerability>
<title>Oqey Headers plugin &lt;= 0.3 SQL Injection Vulnerability</title>
<references>
<exploitdb>17730</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="fbpromotions">
<vulnerability>
<title>Facebook Promotions plugin &lt;= 1.3.3 SQL Injection Vulnerability</title>
<references>
<exploitdb>17737</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="evarisk">
<vulnerability>
<title>Evarisk plugin &lt;= 5.1.3.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17738</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Evarisk 5.1.5.4 Shell Upload</title>
<references>
<url>http://packetstormsecurity.org/files/113638/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="profiles">
<vulnerability>
<title>Profiles plugin &lt;= 2.0 RC1 SQL Injection Vulnerability</title>
<references>
<exploitdb>17739</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="mystat">
<vulnerability>
<title>mySTAT plugin &lt;= 2.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17740</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="sh-slideshow">
<vulnerability>
<title>SH Slideshow plugin &lt;= 3.1.4 SQL Injection Vulnerability</title>
<references>
<exploitdb>17748</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="copyright-licensing-tools">
<vulnerability>
<title>iCopyright(R) Article Tools plugin &lt;= 1.1.4 SQL Injection Vulnerability</title>
<references>
<exploitdb>17749</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="advertizer">
<vulnerability>
<title>Advertizer plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17750</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="event-registration">
<vulnerability>
<title>Event Registration plugin &lt;= 5.44 SQL Injection Vulnerability</title>
<references>
<exploitdb>17814</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Event Registration plugin &lt;= 5.43 SQL Injection Vulnerability</title>
<references>
<exploitdb>17751</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Event Registration 5.32 SQL Injection Vulnerability</title>
<references>
<exploitdb>15513</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="crawlrate-tracker">
<vulnerability>
<title>Craw Rate Tracker plugin &lt;= 2.0.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17755</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-audio-gallery-playlist">
<vulnerability>
<title>wp audio gallery playlist plugin &lt;= 0.12 SQL Injection Vulnerability</title>
<references>
<exploitdb>17756</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="yolink-search">
<vulnerability>
<title>WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>52030</secunia>
</references>
<type>XSS</type>
<fixed_in>2.6</fixed_in>
</vulnerability>
<vulnerability>
<title>yolink Search plugin &lt;= 1.1.4 SQL Injection Vulnerability</title>
<references>
<exploitdb>17757</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="pure-html">
<vulnerability>
<title>PureHTML plugin &lt;= 1.0.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17758</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="couponer">
<vulnerability>
<title>Couponer plugin &lt;= 1.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17759</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="grapefile">
<vulnerability>
<title>grapefile plugin &lt;= 1.1 Arbitrary File Upload</title>
<references>
<exploitdb>17760</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="image-gallery-with-slideshow">
<vulnerability>
<title>image-gallery-with-slideshow plugin &lt;= 1.5 Arbitrary File Upload / SQL Injection</title>
<references>
<exploitdb>17761</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg">
<vulnerability>
<title>Donation plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17763</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-bannerize">
<vulnerability>
<title>WP Bannerize plugin &lt;= 2.8.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17764</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Bannerize plugin &lt;= 2.8.7 SQL Injection Vulnerability</title>
<references>
<exploitdb>17906</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="search-autocomplete">
<vulnerability>
<title>SearchAutocomplete plugin &lt;= 1.0.8 SQL Injection Vulnerability</title>
<references>
<exploitdb>17767</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="videowhisper-video-presentation">
<vulnerability>
<title>VideoWhisper Video Presentation plugin &lt;= 1.1 SQL Injection Vulnerability</title>
<references>
<exploitdb>17771</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="facebook-opengraph-meta-plugin">
<vulnerability>
<title>Facebook Opengraph Meta plugin &lt;= 1.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17773</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="zotpress">
<vulnerability>
<title>Zotpress plugin &lt;= 4.4 SQL Injection Vulnerability</title>
<references>
<exploitdb>17778</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="oqey-gallery">
<vulnerability>
<title>oQey Gallery plugin &lt;= 0.4.8 SQL Injection Vulnerability</title>
<references>
<exploitdb>17779</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="tweet-old-post">
<vulnerability>
<title>Tweet Old Post plugin &lt;= 3.2.5 SQL Injection Vulnerability</title>
<references>
<exploitdb>17789</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="post-highlights">
<vulnerability>
<title>post highlights plugin &lt;= 2.2 SQL Injection Vulnerability</title>
<references>
<exploitdb>17790</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="knr-author-list-widget">
<vulnerability>
<title>KNR Author List Widget plugin &lt;= 2.0.0 SQL Injection Vulnerability</title>
<references>
<exploitdb>17791</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="scormcloud">
<vulnerability>
<title>SCORM Cloud plugin &lt;= 1.0.6.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17793</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="eventify">
<vulnerability>
<title>Eventify - Simple Events plugin &lt;= 1.7.f SQL Injection Vulnerability</title>
<references>
<exploitdb>17794</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="paid-downloads">
<vulnerability>
<title>Paid Downloads plugin &lt;= 2.01 SQL Injection Vulnerability</title>
<references>
<exploitdb>17797</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="community-events">
<vulnerability>
<title>Community Events plugin &lt;= 1.2.1 SQL Injection Vulnerability</title>
<references>
<exploitdb>17798</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="1-flash-gallery">
<vulnerability>
<title>1-flash-gallery &lt;= 1.9.0 XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>1 Flash Gallery Arbiraty File Upload Exploit (MSF)</title>
<references>
<exploitdb>17801</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-filebase">
<vulnerability>
<title>WP-Filebase Download Manager plugin &lt;= 0.2.9 SQL Injection Vulnerability</title>
<references>
<exploitdb>17808</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress WP-Filebase Plugin Unspecified Vulnerabilities</title>
<references>
<secunia>51269</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>0.2.9.25</fixed_in>
</vulnerability>
</plugin>
<plugin name="a-to-z-category-listing">
<vulnerability>
<title>A to Z Category Listing plugin &lt;= 1.3 SQL Injection Vulnerability</title>
<references>
<exploitdb>17809</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce">
<vulnerability>
<title>WP e-Commerce plugin &lt;= 3.8.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>17832</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP-e-Commerce plugin v3.8.9.5 Cross Site Scripting Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20517</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="filedownload">
<vulnerability>
<title>Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability</title>
<references>
<exploitdb>17858</exploitdb>
</references>
<type>LFI</type>
</vulnerability>
</plugin>
<plugin name="thecartpress">
<vulnerability>
<title>TheCartPress &lt;= 1.6 Cross Site Sripting</title>
<references>
<url>http://packetstormsecurity.org/files/108272/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>TheCartPress 1.1.1 Remote File Inclusion</title>
<references>
<exploitdb>17860</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="wpeasystats">
<vulnerability>
<title>WPEasyStats 1.8 Remote File Inclusion</title>
<references>
<exploitdb>17862</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="annonces">
<vulnerability>
<title>Annonces 1.2.0.0 Remote File Inclusion</title>
<references>
<exploitdb>17863</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="livesig">
<vulnerability>
<title>Livesig 0.4 Remote File Inclusion</title>
<references>
<exploitdb>17864</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="disclosure-policy-plugin">
<vulnerability>
<title>Disclosure Policy 1.0 Remote File Inclusion</title>
<references>
<exploitdb>17865</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="mailz">
<vulnerability>
<title>Mailing List 1.3.2 Remote File Inclusion</title>
<references>
<exploitdb>17866</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Mailing List Arbitrary file download</title>
<references>
<exploitdb>18276</exploitdb>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="g-web-shop">
<vulnerability>
<title>Zingiri Web Shop 2.2.0 Remote File Inclusion</title>
<references>
<exploitdb>17867</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Zingiri Web Shop &lt;= 2.2.3 Remote Code Execution</title>
<references>
<exploitdb>18111</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="mini-mail-dashboard-widget">
<vulnerability>
<title>Mini Mail Dashboard Widget 1.36 Remote File Inclusion</title>
<references>
<exploitdb>17868</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
<vulnerability>
<title>Mini Mail Dashboard Widget 1.42 Stored XSS</title>
<references>
<exploitdb>20358</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="relocate-upload">
<vulnerability>
<title>Relocate Upload 0.14 Remote File Inclusion</title>
<references>
<exploitdb>17869</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="category-grid-view-gallery">
<vulnerability>
<title>Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
<vulnerability>
<title>Category Grid View Gallery CatGridPost.php ID Parameter XSS</title>
<references>
<osvdb>94805</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="auto-attachments">
<vulnerability>
<title>Auto Attachments plugin 0.2.9 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-marketplace">
<vulnerability>
<title>WP Marketplace plugin 1.1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="dp-thumbnail">
<vulnerability>
<title>DP Thumbnail plugin 1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="vk-gallery">
<vulnerability>
<title>Vk Gallery plugin 1.1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="rekt-slideshow">
<vulnerability>
<title>Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cac-featured-content">
<vulnerability>
<title>CAC Featured Content plugin 0.8 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="rent-a-car">
<vulnerability>
<title>Rent A Car plugin 1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="lisl-last-image-slider">
<vulnerability>
<title>LISL Last Image Slider plugin 1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="islidex">
<vulnerability>
<title>Islidex plugin 2.7 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="kino-gallery">
<vulnerability>
<title>Kino Gallery plugin 1.0 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cms-pack-cache">
<vulnerability>
<title>Cms Pack plugin 1.3 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="a-gallery">
<vulnerability>
<title>A Gallery plugin 0.9 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="category-list-portfolio-page">
<vulnerability>
<title>Category List Portfolio Page plugin 0.9 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="really-easy-slider">
<vulnerability>
<title>Really Easy Slider plugin 0.1 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="verve-meta-boxes">
<vulnerability>
<title>Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="user-avatar">
<vulnerability>
<title>User Avatar plugin 1.3.7 shell upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="extend-wordpress">
<vulnerability>
<title>Extend plugin 1.3.7 Shell Upload vulnerability</title>
<references>
<exploitdb>17872</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="adrotate">
<vulnerability>
<title>AdRotate plugin &lt;= 3.6.5 SQL Injection Vulnerability</title>
<references>
<url>http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>AdRotate plugin &lt;= 3.6.6 SQL Injection Vulnerability</title>
<references>
<exploitdb>18114</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-spamfree">
<vulnerability>
<title>WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability</title>
<references>
<exploitdb>17970</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="gd-star-rating">
<vulnerability>
<title>WordPress GD Star Rating Plugin Export Security Bypass Security Issue</title>
<references>
<secunia>49850</secunia>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.9.19</fixed_in>
</vulnerability>
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.16 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.org/files/112702/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>GD Star Rating plugin &lt;= 1.9.10 SQL Injection</title>
<references>
<exploitdb>17973</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="contact-form-wordpress">
<vulnerability>
<title>Contact Form plugin &lt;= 2.7.5 SQL Injection</title>
<references>
<exploitdb>17980</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-photo-album-plus">
<vulnerability>
<title>WP Photo Album Plus &lt;= 4.1.1 SQL Injection</title>
<references>
<exploitdb>17983</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus &lt;= 4.8.12 wp-photo-album-plus.php wppa-searchstring XSS</title>
<references>
<osvdb>88851</osvdb>
<secunia>51669</secunia>
<secunia>51679</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20125</url>
</references>
<type>FPD</type>
<fixed_in>4.9.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus index.php wppa-tag Parameter XSS</title>
<references>
<osvdb>89165</osvdb>
<secunia>51829</secunia>
</references>
<type>XSS</type>
<fixed_in>4.9.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability</title>
<references>
<osvdb>93033</osvdb>
<cve>2013-3254</cve>
<secunia>53105</secunia>
</references>
<type>XSS</type>
<fixed_in>5.0.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS</title>
<references>
<osvdb>94465</osvdb>
<secunia>53915</secunia>
</references>
<type>XSS</type>
<fixed_in>5.0.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="backwpup">
<vulnerability>
<title>BackWPUp 2.1.4 Code Execution</title>
<references>
<exploitdb>17987</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>plugin BackWPup 1.5.2, 1.6.1, 1.7.1 Remote and Local Code Execution Vulnerability</title>
<references>
<osvdb>71481</osvdb>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>BackWPup wp-admin/admin.php tab Parameter XSS</title>
<references>
<cve>2013-4626</cve>
<url>https://www.htbridge.com/advisory/HTB23161</url>
<osvdb>96505</osvdb>
<secunia>54515</secunia>
</references>
<type>XSS</type>
<fixed_in>3.0.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="portable-phpmyadmin">
<vulnerability>
<title>portable-phpMyAdmin Authentication Bypass</title>
<references>
<osvdb>88391</osvdb>
<cve>2012-5469</cve>
<exploitdb>23356</exploitdb>
<secunia>51520</secunia>
</references>
<type>AUTHBYPASS</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="super-refer-a-friend">
<vulnerability>
<title>super-refer-a-friend Full Path Disclosure</title>
<references>
<url>http://1337day.com/exploit/20126</url>
</references>
<type>FPD</type>
<fixed_in>1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="w3-total-cache">
<vulnerability>
<title>W3-Total-Cache Username and Hash Extract</title>
<references>
<url>http://seclists.org/fulldisclosure/2012/Dec/242</url>
<url>https://github.com/FireFart/W3TotalCacheExploit</url>
<metasploit>auxiliary/gather/wp_w3_total_cache_hash_extract</metasploit>
</references>
<type>UNKNOWN</type>
<fixed_in>0.9.2.5</fixed_in>
</vulnerability>
<vulnerability>
<title>W3-Total-Cache Remote Code Execution</title>
<references>
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
<url>http://wordpress.org/support/topic/pwn3d</url>
<url>
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
</url>
<metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
</references>
<type>RCE</type>
<fixed_in>0.9.2.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-super-cache">
<vulnerability>
<title>WP-Super-Cache Remote Code Execution</title>
<references>
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
<url>http://wordpress.org/support/topic/pwn3d</url>
<url>
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
</url>
</references>
<type>RCE</type>
<fixed_in>1.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="ripe-hd-player">
<vulnerability>
<title>ripe-hd-player 1.0 SQL Injection</title>
<references>
<exploitdb>24229</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>ripe-hd-player 1.0 Full Path Disclosure</title>
<references>
<exploitdb>24229</exploitdb>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="floating-tweets">
<vulnerability>
<title>floating-tweets persistent XSS</title>
<references>
<url>http://packetstormsecurity.com/files/119499/</url>
<url>http://websecurity.com.ua/6023/</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>floating-tweets directory traversal</title>
<references>
<url>http://packetstormsecurity.com/files/119499/</url>
<url>http://websecurity.com.ua/6023/</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="ipfeuilledechou">
<vulnerability>
<title>ipfeuilledechou SQL Injection Vulnerability</title>
<references>
<url>http://www.exploit4arab.com/exploits/377</url>
<url>http://1337day.com/exploits/20206</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="simple-login-log">
<vulnerability>
<title>Simple Login Log Plugin XSS</title>
<references>
<secunia>51780</secunia>
</references>
<type>XSS</type>
<fixed_in>0.9.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Simple Login Log Plugin SQL Injection</title>
<references>
<secunia>51780</secunia>
</references>
<type>SQLI</type>
<fixed_in>0.9.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-slimstat">
<vulnerability>
<title>wp-slimstat XSS</title>
<references>
<secunia>51721</secunia>
</references>
<type>XSS</type>
<fixed_in>2.8.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-slimstat-ex">
<vulnerability>
<title>WP-SlimStat-Ex - Open Flash Chart Arbitrary File Creation Vulnerability</title>
<references>
<secunia>55160</secunia>
<url>http://packetstormsecurity.com/files/123494/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="browser-rejector">
<vulnerability>
<title>browser-rejector Remote and Local File Inclusion</title>
<references>
<secunia>51739</secunia>
</references>
<type>LFI</type>
<fixed_in>2.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-file-uploader">
<vulnerability>
<title>WordPress File Uploader Plugin PHP File Upload Vulnerability</title>
<references>
<url>http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="cardoza-wordpress-poll">
<vulnerability>
<title>WordPress Poll Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51925</secunia>
</references>
<type>CSRF</type>
<fixed_in>34.06</fixed_in>
</vulnerability>
<vulnerability>
<title>Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin</title>
<references>
<secunia>51942</secunia>
<url>http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html</url>
<url>http://seclists.org/bugtraq/2013/Jan/86</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress Poll Plugin Multiple SQL Injection Vulnerabilities</title>
<references>
<secunia>50910</secunia>
</references>
<type>SQLI</type>
<fixed_in>33.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="devformatter">
<vulnerability>
<title>Wordpress Developer Formatter CSRF and XSS Vulnerability</title>
<references>
<url>http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt</url>
<url>http://1337day.com/exploits/20210</url>
<secunia>51912</secunia>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="dvs-custom-notification">
<vulnerability>
<title>WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51531</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="events-manager">
<vulnerability>
<title>Events Manager - Multiple XSS Vulnerabilities</title>
<references>
<secunia>51869</secunia>
</references>
<type>XSS</type>
<fixed_in>5.3.4</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager - Multiple XSS Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/60078</url>
<secunia>53478</secunia>
<osvdb>93558</osvdb>
</references>
<type>XSS</type>
<fixed_in>5.3.9</fixed_in>
</vulnerability>
<vulnerability>
<title>Events Manager - Multiple Unspecified XSS Vulnerabilities</title>
<references>
<secunia>55182</secunia>
</references>
<type>XSS</type>
<fixed_in>5.5.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="solvemedia">
<vulnerability>
<title>WordPress SolveMedia CSRF Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20222</url>
<secunia>51927</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="usc-e-shop">
<vulnerability>
<title>WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities</title>
<references>
<secunia>51581</secunia>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="knews">
<vulnerability>
<title>WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51543</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="video-lead-form">
<vulnerability>
<title>WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51419</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="woocommerce-predictive-search">
<vulnerability>
<title>WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51385</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="woocommerce">
<vulnerability>
<title>WooCommerce index.php calc_shipping_state Parameter XSS</title>
<references>
<osvdb>95480</osvdb>
</references>
<type>XSS</type>
<fixed_in>2.0.13</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-e-commerce-predictive-search">
<vulnerability>
<title>WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51384</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-tiger">
<vulnerability>
<title>WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability</title>
<references>
<secunia>51305</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.1.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-postviews">
<vulnerability>
<title>WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50982</secunia>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53127</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.63</fixed_in>
</vulnerability>
</plugin>
<plugin name="dx-contribute">
<vulnerability>
<title>WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>51082</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wysija-newsletters">
<vulnerability>
<title>SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin</title>
<references>
<url>https://www.htbridge.com/advisory/HTB23140</url>
<url>http://packetstormsecurity.com/files/120089/</url>
<url>http://seclists.org/bugtraq/2013/Feb/29</url>
<url>http://cxsecurity.com/issue/WLB-2013020039</url>
</references>
<type>SQLI</type>
<fixed_in>2.2.1</fixed_in>
</vulnerability>
<vulnerability>
<title>WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability</title>
<references>
<secunia>51249</secunia>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
<fixed_in>2.1.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="hitasoft_player">
<vulnerability>
<title>WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability</title>
<references>
<secunia>51179</secunia>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="spider-calendar">
<vulnerability>
<title>WordPress Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50981</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dynamic-font-replacement-4wp">
<vulnerability>
<title>Wordpress Dynamic Font Replacement 1.3 plugin SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20239</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="form">
<vulnerability>
<title>WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50983</secunia>
</references>
<type>XSS</type>
<fixed_in>1.2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="white-label-cms">
<vulnerability>
<title>WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>50487</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.5.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="download-shortcode">
<vulnerability>
<title>Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability</title>
<references>
<secunia>50924</secunia>
</references>
<type>LFI</type>
<fixed_in>0.2.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="eshop-magic">
<vulnerability>
<title>WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability</title>
<references>
<secunia>50933</secunia>
</references>
<type>LFI</type>
<fixed_in>0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="pinterest-pin-it-button">
<vulnerability>
<title>WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities</title>
<references>
<secunia>50868</secunia>
</references>
<type>MULTI</type>
<fixed_in>1.4.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="css-plus">
<vulnerability>
<title>WordPress CSS Plus Plugin Unspecified Vulnerabilities</title>
<references>
<secunia>50793</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="multisite-plugin-manager">
<vulnerability>
<title>WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities</title>
<references>
<secunia>50762</secunia>
</references>
<type>XSS</type>
<fixed_in>3.1.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="abc-test">
<vulnerability>
<title>WordPress ABC Test Plugin "id" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50608</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="token-manager">
<vulnerability>
<title>Wordpress Token Manager Plugin "tid" Cross-Site Scripting Vulnerabilities</title>
<references>
<secunia>50722</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="sexy-add-template">
<vulnerability>
<title>WordPress Sexy Add Template Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>50709</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="notices">
<vulnerability>
<title>WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>50717</secunia>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mf-gig-calendar">
<vulnerability>
<title>WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50571</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-topbar">
<vulnerability>
<title>wp-topbar &lt;= 3.04 XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>50693</secunia>
</references>
<type>CSRF</type>
<fixed_in>4.0.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="webplayer">
<vulnerability>
<title>WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities</title>
<references>
<secunia>50466</secunia>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="cloudsafe365-for-wp">
<vulnerability>
<title>WordPress Cloudsafe365 Plugin Multiple Vulnerabilities</title>
<references>
<secunia>50392</secunia>
</references>
<type>MULTI</type>
<fixed_in>1.47</fixed_in>
</vulnerability>
</plugin>
<plugin name="vitamin">
<vulnerability>
<title>WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities</title>
<references>
<secunia>50176</secunia>
</references>
<type>LFI</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="featured-post-with-thumbnail">
<vulnerability>
<title>WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability</title>
<references>
<secunia>50161</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-effective-lead-management">
<vulnerability>
<title>WordPress WP Lead Management Plugin Script Insertion Vulnerabilities</title>
<references>
<secunia>50166</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xve-various-embed">
<vulnerability>
<title>WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities
</title>
<references>
<secunia>50173</secunia>
</references>
<type>XSS</type>
<fixed_in>1.0.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="g-lock-double-opt-in-manager">
<vulnerability>
<title>WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities</title>
<references>
<secunia>50100</secunia>
</references>
<type>AUTHBYPASS</type>
</vulnerability>
</plugin>
<plugin name="kau-boys-backend-localization">
<vulnerability>
<title>WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities</title>
<references>
<secunia>50099</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="flexi-quote-rotator">
<vulnerability>
<title>WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities</title>
<references>
<secunia>49910</secunia>
</references>
<type>MULTI</type>
<fixed_in>0.9.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="gotmls">
<vulnerability>
<title>WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability</title>
<references>
<secunia>50030</secunia>
</references>
<type>XSS</type>
<fixed_in>1.2.07.20</fixed_in>
</vulnerability>
</plugin>
<plugin name="cimy-user-extra-fields">
<vulnerability>
<title>WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability</title>
<references>
<secunia>49975</secunia>
</references>
<type>UPLOAD</type>
<fixed_in>2.3.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="nmedia-user-file-uploader">
<vulnerability>
<title>WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability</title>
<references>
<secunia>49996</secunia>
</references>
<type>UPLOAD</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-explorer-gallery">
<vulnerability>
<title>wp-explorer-gallery Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20251</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="accordion">
<vulnerability>
<title>accordion Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20254</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-catpro">
<vulnerability>
<title>wp-catpro Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20256</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="RLSWordPressSearch">
<vulnerability>
<title>Wordpress RLSWordPressSearch plugin SQL Injection</title>
<references>
<exploitdb>24440</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wordpress-simple-shout-box">
<vulnerability>
<title>wordpress-simple-shout-box Plugin SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013010235</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="portfolio-slideshow-pro">
<vulnerability>
<title>Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013010236</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="simple-history">
<vulnerability>
<title>WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness</title>
<references>
<secunia>51998</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.0.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="p1m-media-manager">
<vulnerability>
<title>WordPress p1m media manager plugin SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20270</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-table-reloaded">
<vulnerability>
<title>wp-table-reloaded &lt;= 1.9.3 XSS in ZeroClipboard.swf</title>
<references>
<url>http://1337day.com/exploit/20396</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>Wordpress wp-table-reloaded plugin cross-site scripting in SWF</title>
<references>
<url>http://packetstormsecurity.com/files/119968/</url>
<secunia>52027</secunia>
<url>http://seclists.org/bugtraq/2013/Feb/28</url>
</references>
<type>XSS</type>
<fixed_in>1.9.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-gallery">
<vulnerability>
<title>WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability</title>
<references>
<secunia>51347</secunia>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="forumconverter">
<vulnerability>
<title>Wordpress plugins ForumConverter SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20275</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="newsletter">
<vulnerability>
<title>WordPress plugins Newsletter SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20287</url>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>WordPress Newsletter Plugin "alert" Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53398</secunia>
<url>http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php</url>
</references>
<type>XSS</type>
<fixed_in>3.2.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="commentluv">
<vulnerability>
<title>Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin</title>
<references>
<url>https://www.htbridge.com/advisory/HTB23138</url>
<url>http://packetstormsecurity.com/files/120090/</url>
<url>http://seclists.org/bugtraq/2013/Feb/30</url>
<url>http://cxsecurity.com/issue/WLB-2013020040</url>
<secunia>52092</secunia>
</references>
<type>XSS</type>
<fixed_in>2.92.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-forum">
<vulnerability>
<title>Wordpress wp-forum plugin SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013020035</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-ecommerce-shop-styling">
<vulnerability>
<title>WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability</title>
<references>
<secunia>51707</secunia>
</references>
<type>RFI</type>
<fixed_in>1.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="audio-player">
<vulnerability>
<title>Wordpress Audio Player Plugin XSS in SWF</title>
<references>
<url>http://seclists.org/bugtraq/2013/Feb/35</url>
<secunia>52083</secunia>
</references>
<type>XSS</type>
<fixed_in>2.0.4.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="ckeditor-for-wordpress">
<vulnerability>
<title>Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit</title>
<references>
<url>http://1337day.com/exploit/20318</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="myftp-ftp-like-plugin-for-wordpress">
<vulnerability>
<title>wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection</title>
<references>
<url>http://cxsecurity.com/issue/WLB-2013020061</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="wp-online-store">
<vulnerability>
<title>WordPress WP Online Store Plugin 1.3.1 downloaded before 2013-01-17 File Disclosure and File Inclusion
Vulnerabilities
</title>
<references>
<secunia>50836</secunia>
<url>http://ceriksen.com/2013/02/18/wordpress-online-store-arbitrary-file-disclosure/</url>
<url>http://ceriksen.com/2013/02/18/wordpress-online-store-local-file-inclusion-vulnerability/</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="password-protected">
<vulnerability>
<title>Password Protected 1.4 Login Process redirect_to Parameter Arbitrary Site Redirect</title>
<references>
<osvdb>90559</osvdb>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
<plugin name="contact-form-plugin">
<vulnerability>
<title>Contact Form Plugin XSS</title>
<references>
<osvdb>90503</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="smart-flv">
<vulnerability>
<title>smart-flv jwplayer.swf XSS</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/02/24/7</url>
<url>http://packetstormsecurity.com/files/115100/</url>
<osvdb>90606</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="GoogleAlertandtwitterplugin">
<vulnerability>
<title>Google Alert And Twitter v.3.1.5 XSS Exploit, SQL Injection</title>
<references>
<url>http://1337day.com/exploits/20433</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="php-shell">
<vulnerability>
<title>PHP Shell Plugin</title>
<references>
<url>https://github.com/wpscanteam/wpscan/issues/138</url>
<url>http://plugins.svn.wordpress.org/php-shell/trunk/shell.php</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="marekkis-watermark">
<vulnerability>
<title>Marekkis Watermark Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/120378/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="responsive-logo-slideshow">
<vulnerability>
<title>Responsive Logo Slideshow Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/120379/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="zopim-live-chat">
<vulnerability>
<title>zopim-live-chat &lt;= 1.2.5 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ed2k-link-selector">
<vulnerability>
<title>ed2k-link-selector &lt;= 1.1.7 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wppygments">
<vulnerability>
<title>wppygments &lt;= 0.3.2 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="copy-in-clipboard">
<vulnerability>
<title>copy-in-clipboard &lt;= 0.8 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="search-and-share">
<vulnerability>
<title>search-and-share &lt;= 0.9.3 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="placester">
<vulnerability>
<title>placester &lt;= 0.3.12 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="drp-coupon">
<vulnerability>
<title>drp-coupon &lt;= 2.1 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="coupon-code-plugin">
<vulnerability>
<title>coupon-code-plugin &lt;= 2.1 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="q2w3-inc-manager">
<vulnerability>
<title>q2w3-inc-manager &lt;= 2.3.1 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="scorerender">
<vulnerability>
<title>scorerender &lt;= 0.3.4 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-link-to-us">
<vulnerability>
<title>wp-link-to-us &lt;= 2.0 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="buckets">
<vulnerability>
<title>buckets &lt;= 0.1.9.2 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="java-trackback">
<vulnerability>
<title>java-trackback &lt;= 0.2 XSS in ZeroClipboard</title>
<references>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slidedeck2">
<vulnerability>
<title>slidedeck2 &lt;= 2.1.20130228 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-clone-by-wp-academy">
<vulnerability>
<title>wp-clone-by-wp-academy &lt;= 2.1.1 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="tiny-url">
<vulnerability>
<title>tiny-url &lt;= 1.3.2 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="thethe-layout-grid">
<vulnerability>
<title>thethe-layout-grid &lt;= 1.0.0 XSS in ZeroClipboard.</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="paypal-digital-goods-monetization-powered-by-cleeng">
<vulnerability>
<title>paypal-digital-goods-monetization-powered-by-cleeng &lt;= 2.2.13 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mobileview">
<vulnerability>
<title>mobileview &lt;= 1.0.7 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="jaspreetchahals-coupons-lite">
<vulnerability>
<title>jaspreetchahals-coupons-lite &lt;= 2.1 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="geshi-source-colorer">
<vulnerability>
<title>geshi-source-colorer &lt;= 0.13 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="click-to-copy-grab-box">
<vulnerability>
<title>click-to-copy-grab-box &lt;= 0.1.1 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cleeng">
<vulnerability>
<title>cleeng &lt;= 2.3.2 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bp-code-snippets">
<vulnerability>
<title>bp-code-snippets &lt;= 2.0 XSS in ZeroClipboard</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/2</url>
<url>http://1337day.com/exploit/20396</url>
<cve>2013-1808</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="snazzy-archives">
<vulnerability>
<title>snazzy-archives &lt;= 1.7.1 XSS vulnerability</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/10/3</url>
<cve>2009-4168</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="vkontakte-api">
<vulnerability>
<title>vkontakte-api XSS vulnerability</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/03/11/1</url>
<cve>2009-4168</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="terillion-reviews">
<vulnerability>
<title>Terillion Reviews Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/120730/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="o2s-gallery">
<vulnerability>
<title>o2s-gallery plugin Cross Site Scripting Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20516</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bp-gallery">
<vulnerability>
<title>bp-gallery plugin v1.2.5 Cross Site Scripting Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20518</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simply-poll">
<vulnerability>
<title>Simply Poll Plugin 1.4.1 - Multiple Vulnerabilities</title>
<references>
<exploitdb>24850</exploitdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="occasions">
<vulnerability>
<title>Occasions Plugin 1.0.4 - CSRF Vulnerability</title>
<references>
<exploitdb>24858</exploitdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mathjax-latex">
<vulnerability>
<title>Mathjax Latex 1.1 CSRF Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20566</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wp-banners-lite">
<vulnerability>
<title>XSS vulnerability on WP-Banners-Lite</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="backupbuddy">
<vulnerability>
<title>Backupbuddy - sensitive data exposure in importbuddy.php</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Mar/206</url>
<url>http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="wp-funeral-press">
<vulnerability>
<title>WP FuneralPress - Stored XSS in Guestbook</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Mar/282</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="chikuncount">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="open-flash-chart-core-wordpress-plugin">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<secunia>37903</secunia>
<cve>2009-4140</cve>
</references>
<type>UPLOAD</type>
<fixed_in>0.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="spamtask">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="php-analytics">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="seo-spy-google-wordpress-plugin">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-seo-spy-google">
<vulnerability>
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="podpress">
<vulnerability>
<title>podPress 8.8.10.13 Cross Site Scripting</title>
<references>
<url>http://packetstormsecurity.com/files/121011/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="fbsurveypro">
<vulnerability>
<title>fbsurveypro XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20623</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="timelineoptinpro">
<vulnerability>
<title>timelineoptinpro XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20620</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="kioskprox">
<vulnerability>
<title>kioskprox XSS Vulnerability</title>
<references>
<url>http://1337day.com/exploit/20624</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bigcontact">
<vulnerability>
<title>bigcontact SQLI</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset/689798</url>
</references>
<type>SQLI</type>
<fixed_in>1.4.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="drawblog">
<vulnerability>
<title>drawblog CSRF</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset/691178</url>
</references>
<type>CSRF</type>
<fixed_in>0.81</fixed_in>
</vulnerability>
</plugin>
<plugin name="social-media-widget">
<vulnerability>
<title>social-media-widget malicious code</title>
<references>
<url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=691839%40social-media-widget%2Ftrunk&amp;new=693941%40social-media-widget%2Ftrunk</url>
<url>http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot
</url>
</references>
<type>UNKNOWN</type>
<fixed_in>4.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="facebook-members">
<vulnerability>
<title>facebook-members CSRF</title>
<references>
<secunia>52962</secunia>
<cve>2013-2703</cve>
</references>
<type>CSRF</type>
<fixed_in>5.0.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="foursquare-checkins">
<vulnerability>
<title>foursquare-checkins CSRF</title>
<references>
<secunia>53151</secunia>
<cve>2013-2709</cve>
</references>
<type>CSRF</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="formidable">
<vulnerability>
<title>formidable Pro Unspecified Vulnerabilities</title>
<references>
<secunia>53121</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>1.06.09</fixed_in>
</vulnerability>
</plugin>
<plugin name="all-in-one-webmaster">
<vulnerability>
<title>all-in-one-webmaster CSRF</title>
<references>
<secunia>52877</secunia>
<cve>2013-2696</cve>
</references>
<type>CSRF</type>
<fixed_in>8.2.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="background-music">
<vulnerability>
<title>background-music 1.0 jPlayer.swf XSS</title>
<references>
<secunia>53057</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="haiku-minimalist-audio-player">
<vulnerability>
<title>haiku-minimalist-audio-player &lt;= 1.0.0 jPlayer.swf XSS</title>
<references>
<secunia>51336</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="jammer">
<vulnerability>
<title>jammer &lt;= 0.2 jPlayer.swf XSS</title>
<references>
<secunia>53106</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="syntaxhighlighter">
<vulnerability>
<title>syntaxhighlighter clipboard.swf XSS</title>
<references>
<secunia>53235</secunia>
</references>
<type>XSS</type>
<fixed_in>3.1.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="top-10">
<vulnerability>
<title>top-10 CSRF</title>
<references>
<secunia>53205</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.9.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="easy-adsense-lite">
<vulnerability>
<title>easy-adsense-lite CSRF</title>
<references>
<secunia>52953</secunia>
<cve>2013-2702</cve>
</references>
<type>CSRF</type>
<fixed_in>6.10</fixed_in>
</vulnerability>
</plugin>
<plugin name="uk-cookie">
<vulnerability>
<title>uk-cookie plugin XSS</title>
<references>
<osvdb>87561</osvdb>
<url>http://seclists.org/bugtraq/2012/Nov/50</url>
<cve>2012-5856</cve>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>uk-cookie CSRF</title>
<references>
<url>http://www.openwall.com/lists/oss-security/2013/06/06/10</url>
<osvdb>94032</osvdb>
<cve>2013-2180</cve>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wp-cleanfix">
<vulnerability>
<title>wp-cleanfix Remote Command Execution, CSRF and XSS</title>
<references>
<url>https://github.com/wpscanteam/wpscan/issues/186</url>
<url>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</url>
<osvdb>93450</osvdb>
<secunia>53395</secunia>
<osvdb>93468</osvdb>
<cve>2013-2108</cve>
<cve>2013-2109</cve>
</references>
<type>MULTI</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="mail-on-update">
<vulnerability>
<title>mail-on-update plugin CSRF</title>
<references>
<secunia>53449</secunia>
<url>http://www.openwall.com/lists/oss-security/2013/05/16/8</url>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="advanced-xml-reader">
<vulnerability>
<title>Advanced XML Reader Plugin for WordPress XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
</title>
<references>
<url>http://seclists.org/bugtraq/2013/May/5</url>
<osvdb>92904</osvdb>
</references>
<type>XXE</type>
</vulnerability>
</plugin>
<plugin name="related-posts-by-zemanta">
<vulnerability>
<title>WordPress Related Posts by Zemanta Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53321</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.3.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-23-related-posts-plugin">
<vulnerability>
<title>WordPress WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53279</secunia>
</references>
<type>CSRF</type>
<fixed_in>2.6.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="related-posts">
<vulnerability>
<title>WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53122</secunia>
</references>
<type>CSRF</type>
<fixed_in>2.7.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-print-friendly">
<vulnerability>
<title>WordPress WP Print Friendly Plugin Security Bypass Vulnerability</title>
<references>
<secunia>53371</secunia>
</references>
<type>UNKNOWN</type>
<fixed_in>0.5.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="contextual-related-posts">
<vulnerability>
<title>WordPress Contextual Related Posts Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>52960</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.8.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="calendar">
<vulnerability>
<title>WordPress Calendar Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>52841</secunia>
</references>
<type>CSRF</type>
<fixed_in>1.3.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="feedweb">
<vulnerability>
<title>WordPress Feedweb Plugin 'wp_post_id' Parameter XSS</title>
<references>
<url>http://www.securityfocus.com/bid/58771</url>
</references>
<type>XSS</type>
<fixed_in>1.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-print">
<vulnerability>
<title>WordPress WP-Print Plugin CSRF</title>
<references>
<url>http://www.securityfocus.com/bid/58900</url>
</references>
<type>CSRF</type>
<fixed_in>2.52</fixed_in>
</vulnerability>
</plugin>
<plugin name="trafficanalyzer">
<vulnerability>
<title>WordPress WP-Print Plugin CSRF</title>
<references>
<url>http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-download-manager">
<vulnerability>
<title>WordPress WP-DownloadManager Plugin CSRF</title>
<references>
<url>http://www.securityfocus.com/bid/58937</url>
</references>
<type>CSRF</type>
<fixed_in>1.61</fixed_in>
</vulnerability>
</plugin>
<plugin name="digg-digg">
<vulnerability>
<title>Digg Digg CSRF</title>
<references>
<url>http://wordpress.org/plugins/digg-digg/changelog/</url>
<secunia>53120</secunia>
<osvdb>93544</osvdb>
</references>
<type>CSRF</type>
<fixed_in>5.3.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="ssquiz">
<vulnerability>
<title>SS Quiz Plugin Multiple Unspecified Vulnerabilities</title>
<references>
<url>http://wordpress.org/plugins/ssquiz/changelog/</url>
<secunia>53378</secunia>
<osvdb>93531</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>2.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="funcaptcha">
<vulnerability>
<title>FunCaptcha CSRF</title>
<references>
<url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>0.33</fixed_in>
</vulnerability>
</plugin>
<plugin name="xili-language">
<vulnerability>
<title>xili-language XSS</title>
<references>
<url>http://wordpress.org/plugins/xili-language/changelog/</url>
</references>
<type>XSS</type>
<fixed_in>2.8.6</fixed_in>
</vulnerability>
</plugin>
<plugin name="wordpress-seo">
<vulnerability>
<title>Security issue which allowed any user to reset settings</title>
<references>
<url>http://wordpress.org/plugins/wordpress-seo/changelog/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>1.4.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="underconstruction">
<vulnerability>
<title>CSRF in WordPress underConstruction plugin</title>
<references>
<url>http://wordpress.org/plugins/underconstruction/changelog/</url>
<secunia>52881</secunia>
<osvdb>93857</osvdb>
<cve>2013-2699</cve>
</references>
<type>CSRF</type>
<fixed_in>1.09</fixed_in>
</vulnerability>
</plugin>
<plugin name="adif-log-search-widget">
<vulnerability>
<title>ADIF Log Search Widget XSS Arbitrary Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/121777/</url>
<secunia>53599</secunia>
<osvdb>93721</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="exploit-scanner">
<vulnerability>
<title>FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/May/216</url>
<osvdb>93799</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="ga-universal">
<vulnerability>
<title>FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress</title>
<references>
<url>http://wordpress.org/plugins/ga-universal/changelog/</url>
</references>
<type>XSS</type>
<fixed_in>1.0.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="export-to-text">
<vulnerability>
<title>Remote File Inclusion Vulnerability</title>
<references>
<secunia>51348</secunia>
<osvdb>93715</osvdb>
</references>
<type>RFI</type>
<fixed_in>2.3</fixed_in>
</vulnerability>
</plugin>
<plugin name="qtranslate">
<vulnerability>
<title>WordPress qTranslate Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53126</secunia>
<osvdb>93873</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="image-slider-with-description">
<vulnerability>
<title>Image slider with description Plugin Unspecified Vulnerability</title>
<references>
<secunia>53588</secunia>
<osvdb>93691</osvdb>
</references>
<type>UNKNOWN</type>
<fixed_in>7.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="user-role-editor">
<vulnerability>
<title>User Role Editor Plugin Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>53593</secunia>
<osvdb>93699</osvdb>
<exploitdb>25721</exploitdb>
</references>
<type>CSRF</type>
<fixed_in>3.14</fixed_in>
</vulnerability>
</plugin>
<plugin name="eelv-newsletter">
<vulnerability>
<title>EELV Newsletter Plugin Cross-Site Scripting Vulnerability</title>
<references>
<secunia>53546</secunia>
<osvdb>93685</osvdb>
</references>
<type>XSS</type>
<fixed_in>3.3.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="frontier-post">
<vulnerability>
<title>Frontier Post Plugin Publishing Posts Security Bypass</title>
<references>
<secunia>53474</secunia>
<osvdb>93639</osvdb>
</references>
<type>UNKNOWN</type>
</vulnerability>
</plugin>
<plugin name="spider-catalog">
<vulnerability>
<title>Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities</title>
<references>
<secunia>53491</secunia>
<osvdb>93591</osvdb>
<osvdb>93593</osvdb>
<osvdb>93594</osvdb>
<osvdb>93595</osvdb>
<osvdb>93596</osvdb>
<osvdb>93597</osvdb>
<osvdb>93598</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="spider-event-calendar">
<vulnerability>
<title>Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities</title>
<references>
<secunia>53481</secunia>
<osvdb>93584</osvdb>
<osvdb>93585</osvdb>
<osvdb>93586</osvdb>
<osvdb>93587</osvdb>
<osvdb>93588</osvdb>
<osvdb>93582</osvdb>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="antivirus">
<vulnerability>
<title>FPD and Security bypass vulnerabilities in AntiVirus for WordPress</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Jun/0</url>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-maintenance-mode">
<vulnerability>
<title>WP Maintenance Mode Setting Manipulation CSRF</title>
<references>
<osvdb>94450</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="ultimate-auction">
<vulnerability>
<title>ultimate Auction Auction Creation CSRF</title>
<references>
<osvdb>94407</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="mapsmarker">
<vulnerability>
<title>Leaflet Maps Marker Tag Multiple Parameter SQL Injection</title>
<references>
<osvdb>94388</osvdb>
</references>
<type>SQLI</type>
<fixed_in>3.5.4</fixed_in>
</vulnerability>
</plugin>
<plugin name="xorbin-analog-flash-clock">
<vulnerability>
<title>Xorbin Analog Flash Clock 1.0 Flash-based XSS</title>
<references>
<url>http://advisory.prakharprasad.com/xorbin_afc_wp.txt</url>
<cve>2013-4692</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xorbin-digital-flash-clock">
<vulnerability>
<title>Xorbin Digital Flash Clock 1.0 Flash-based XSS</title>
<references>
<url>http://advisory.prakharprasad.com/xorbin_dfc_wp.txt</url>
<cve>2013-4693</cve>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="dropdown-menu-widget">
<vulnerability>
<title>Dropdown Menu Widget Script Insertion CSRF</title>
<references>
<osvdb>94771</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="buddypress-extended-friendship-request">
<vulnerability>
<title>BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS
</title>
<references>
<osvdb>94807</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.0.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="wp-private-messages">
<vulnerability>
<title>wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection</title>
<references>
<osvdb>94702</osvdb>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="stream-video-player">
<vulnerability>
<title>Stream Video Player Plugin for WordPress Setting Manipulation CSRF</title>
<references>
<osvdb>94466</osvdb>
</references>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="duplicator">
<vulnerability>
<title>Duplicator installer.cleanup.php package Parameter XSS</title>
<references>
<osvdb>95627</osvdb>
<cve>2013-4625</cve>
</references>
<type>XSS</type>
<fixed_in>0.4.5</fixed_in>
</vulnerability>
</plugin>
<plugin name="citizen-space">
<vulnerability>
<title>Citizen Space Script Insertion CSRF</title>
<references>
<osvdb>95570</osvdb>
</references>
<type>CSRF</type>
<fixed_in>1.1</fixed_in>
</vulnerability>
</plugin>
<plugin name="spicy-blogroll">
<vulnerability>
<title>Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion</title>
<references>
<osvdb>95557</osvdb>
<exploitdb>26804</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</plugin>
<plugin name="pie-register">
<vulnerability>
<title>Pie Register wp-login.php Multiple Parameter XSS</title>
<references>
<osvdb>95160</osvdb>
</references>
<type>XSS</type>
<fixed_in>1.31</fixed_in>
</vulnerability>
</plugin>
<plugin name="xhanch-my-twitter">
<vulnerability>
<title>CSRF in admin/setting.php in Xhanch</title>
<references>
<secunia>53133</secunia>
<cve>2013-3253</cve>
</references>
<type>CSRF</type>
<fixed_in>2.7.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="sexybookmarks">
<vulnerability>
<title>CSRF in sexybookmarks</title>
<references>
<url>http://wordpress.org/plugins/sexybookmarks/changelog/</url>
<cve>2013-3256</cve>
</references>
<type>CSRF</type>
<fixed_in>6.1.5.0</fixed_in>
</vulnerability>
</plugin>
<plugin name="hms-testimonials">
<vulnerability>
<title>CSRF in HMS Testimonials 2.0.10</title>
<references>
<url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
<cve>2013-4240</cve>
<osvdb>96107</osvdb>
<osvdb>96108</osvdb>
<osvdb>96109</osvdb>
<osvdb>96110</osvdb>
<osvdb>96111</osvdb>
<secunia>54402</secunia>
</references>
<fixed_in>2.0.11</fixed_in>
</vulnerability>
<vulnerability>
<title>XSS in HMS Testimonials 2.0.10</title>
<references>
<url>http://wordpress.org/plugins/hms-testimonials/changelog/</url>
<cve>2013-4241</cve>
<osvdb>96107</osvdb>
<osvdb>96108</osvdb>
<osvdb>96109</osvdb>
<osvdb>96110</osvdb>
<osvdb>96111</osvdb>
<secunia>54402</secunia>
</references>
<fixed_in>2.0.11</fixed_in>
</vulnerability>
</plugin>
<plugin name="indianic-testimonial">
<vulnerability>
<title>CSRF vulnerability in IndiaNIC Testimonial 2.2</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
<cve>2013-5672</cve>
<exploitdb>28054</exploitdb>
</references>
</vulnerability>
<vulnerability>
<title>SQL Injection vulnerability in IndiaNIC Testimonial 2.2</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
<cve>2013-5673</cve>
<exploitdb>28054</exploitdb>
</references>
</vulnerability>
<vulnerability>
<title>XSS vulnerability in IndiaNIC Testimonial 2.2</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Sep/5</url>
<exploitdb>28054</exploitdb>
</references>
</vulnerability>
</plugin>
<plugin name="usernoise">
<vulnerability>
<title>XSS vulnerability in Usernoise 3.7.8</title>
<references>
<url>http://wordpress.org/plugins/usernoise/changelog/</url>
<exploitdb>27403</exploitdb>
</references>
<fixed_in>3.7.9</fixed_in>
</vulnerability>
</plugin>
<plugin name="platinum-seo-pack">
<vulnerability>
<title>platinum_seo_pack.php s Parameter Reflected XSS</title>
<references>
<osvdb>97263</osvdb>
</references>
<fixed_in>1.3.8</fixed_in>
</vulnerability>
</plugin>
<plugin name="design-approval-system">
<vulnerability>
<title>/admin/walkthrough/walkthrough.php step Parameter Reflected XSS</title>
<references>
<url>http://seclists.org/bugtraq/2013/Sep/54</url>
<cve>2013-5711</cve>
<osvdb>97279</osvdb>
</references>
<fixed_in>3.7</fixed_in>
</vulnerability>
</plugin>
<plugin name="event-easy-calendar">
<vulnerability>
<title>Multiple Administrator Action CSRF</title>
<references>
<osvdb>97042</osvdb>
</references>
</vulnerability>
<vulnerability>
<title>Multiple Unspecified XSS</title>
<references>
<osvdb>97041</osvdb>
</references>
</vulnerability>
</plugin>
<plugin name="bradesco-gateway">
<vulnerability>
<title>falha.php URI Reflected XSS</title>
<references>
<osvdb>97624</osvdb>
<cve>2013-5916</cve>
</references>
</vulnerability>
</plugin>
<plugin name="social-hashtags">
<vulnerability>
<title>New Post Title Field Stored XSS</title>
<references>
<osvdb>98027</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-flickr-display">
<vulnerability>
<title>Simple Flickr Display Username Field Stored XSS</title>
<references>
<osvdb>97991</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="lazy-seo">
<vulnerability>
<title>Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution</title>
<references>
<url>http://packetstormsecurity.com/files/123349/</url>
<url>http://xforce.iss.net/xforce/xfdb/87384</url>
<osvdb>97662</osvdb>
<cve>2013-5961</cve>
<exploitdb>28452</exploitdb>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="seo-watcher">
<vulnerability>
<title>SEO Watcher - Open Flash Chart Arbitrary File Creation Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/123493/</url>
<secunia>55162</secunia>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="all-in-one-seo-pack">
<vulnerability>
<title>All in One SEO Pack &lt;= 2.3.0 - XSS Vulnerability</title>
<references>
<url>http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html</url>
<secunia>55133</secunia>
</references>
<fixed_in>2.3.0.1</fixed_in>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-dropbox-upload-form">
<vulnerability>
<title>Simple Dropbox Upload - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/123235/</url>
<url>http://xforce.iss.net/xforce/xfdb/87166</url>
<secunia>54856</secunia>
<cve>2013-5963</cve>
</references>
<fixed_in>1.8.8.1</fixed_in>
<type>UPLOAD</type>
</vulnerability>
</plugin>
<plugin name="wp-ultimate-email-marketer">
<vulnerability>
<title>WP Ultimate Email Marketer - Multiple Vulnerabilities</title>
<references>
<secunia>53170</secunia>
</references>
<type>MULTI</type>
</vulnerability>
</plugin>
<plugin name="wp-miniaudioplayer">
<vulnerability>
<title>miniAudioPlayer - Two XSS Vulnerabilities</title>
<references>
<secunia>54979</secunia>
<url>http://packetstormsecurity.com/files/123372/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="simple-custom-website-data">
<vulnerability>
<title>Custom Website Data - XSS Vulnerability</title>
<references>
<secunia>54865</secunia>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="complete-gallery-manager">
<vulnerability>
<title>Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability</title>
<references>
<osvdb>97481</osvdb>
<secunia>54894</secunia>
<cve>2013-5962</cve>
<exploitdb>28377</exploitdb>
<url>http://packetstormsecurity.com/files/123303/</url>
<url>http://xforce.iss.net/xforce/xfdb/87172</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</plugin>
</vulnerabilities>
Reference in New Issue View Git Blame Copy Permalink