plugin_vulns.json

[{"theme-my-login":{"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254","https://security.dxw.com/advisories/lfi-in-theme-my-login/"],"osvdb":["108517"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"6.3.10"}]}},{"login-rebuilder":{"vulnerabilities":[{"id":6044,"title":"Login Rebuilder \u003c 1.2.0 - Cross Site Request Forgery Vulnerability","osvdb":["108364"],"cve":["2014-3882"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"1.2.0"}]}},{"simple-share-buttons-adder":{"vulnerabilities":[{"id":6045,"title":"Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF","url":["https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/","http://packetstormsecurity.com/files/127238/"],"osvdb":["108444"],"cve":["2014-4717"],"exploitdb":["33896"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"4.5"},{"id":6046,"title":"Simple Share Buttons Adder 4.4 - options-general.php ssba_share_text Parameter Stored XSS Weakness","url":["https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/","http://packetstormsecurity.com/files/127238/"],"osvdb":["108445"],"exploitdb":["33896"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"4.5"}]}},{"content-slide":{"vulnerabilities":[{"id":6047,"title":"Content Slide \u003c= 1.4.2 - Cross Site Request Forgery Vulnerability","osvdb":["93871"],"cve":["2013-2708"],"secunia":["52949"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z"}]}},{"wp-cron-dashboard":{"vulnerabilities":[{"id":6048,"title":"WP Cron DashBoard \u003c= 1.1.5 - wp-cron-dashboard.php procname Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124602/","https://www.htbridge.com/advisory/HTB23189"],"osvdb":["100660"],"cve":["2013-6991"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z"}]}},{"wordpress-simple-paypal-shopping-cart":{"vulnerabilities":[{"id":6049,"title":"Simple Paypal Shopping Cart 3.5 - Cross-Site Request Forgery Vulnerability","osvdb":["93953"],"cve":["2013-2705"],"secunia":["52963"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"3.6"}]}},{"wp-sendsms":{"vulnerabilities":[{"id":6050,"title":"WP-SendSMS 1.0 - Setting Manipulation CSRF","osvdb":["94209"],"secunia":["53796"],"exploitdb":["26124"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z"},{"id":6051,"title":"WP-SendSMS 1.0 - wp-admin/admin.php Multiple Parameter XSS","osvdb":["94210"],"exploitdb":["26124"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z"}]}},{"mail-subscribe-list":{"vulnerabilities":[{"id":6052,"title":"Mail Subscribe List - Script Insertion Vulnerability","osvdb":["94197"],"secunia":["53732"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"2.1"}]}},{"s3-video":{"vulnerabilities":[{"id":6053,"title":"S3 Video \u003c= 0.97 - VideoJS Cross Site Scripting Vulnerability","url":["http://seclists.org/fulldisclosure/2013/May/66"],"secunia":["53437"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"0.98"},{"id":6054,"title":"S3 Video 0.982 - preview_video.php base Parameter XSS","osvdb":["101388"],"cve":["2013-7279"],"secunia":["56167"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"0.983"}]}},{"video-embed-thumbnail-generator":{"vulnerabilities":[{"id":6055,"title":"VideoJS - Cross-Site Scripting (XSS)","url":["http://seclists.org/fulldisclosure/2013/May/66"],"secunia":["53426"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-01-15T18:20:07.000Z","fixed_in":"4.1"}]}},{"1player":{"vulnerabilities":[{"id":6055,"title":"VideoJS - Cross-Site Scripting (XSS)","url":["http://seclists.org/fulldisclosure/2013/May/66"],"secunia":["53426"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-01-15T18:20:07.000Z","fixed_in":"4.1"}]}},{"external-video-for-everybody":{"vulnerabilities":[{"id":6055,"title":"VideoJS - Cross-Site Scripting (XSS)","url":["http://seclists.org/fulldisclosure/2013/May/66"],"secunia":["53426"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-01-15T18:20:07.000Z","fixed_in":"4.1"}]}},{"EasySqueezePage":{"vulnerabilities":[{"id":6055,"title":"VideoJS - Cross-Site Scripting (XSS)","url":["http://seclists.org/fulldisclosure/2013/May/66"],"secunia":["53426"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-01-15T18:20:07.000Z","fixed_in":"4.1"}]}},{"crayon-syntax-highlighter":{"vulnerabilities":[{"id":6056,"title":"Crayon Syntax Highlighter - Remote File Inclusion Vulnerability","url":["http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/"],"osvdb":["86255","86256"],"secunia":["50804"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"1.13"}]}},{"ungallery":{"vulnerabilities":[{"id":6057,"title":"UnGallery \u003c= 1.5.8 - Local File Disclosure Vulnerability","exploitdb":["17704"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z"},{"id":6058,"title":"UnGallery - Arbitrary Command Execution","url":["http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/"],"secunia":["50875"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"2.1.6"}]}},{"thanks-you-counter-button":{"vulnerabilities":[{"id":6059,"title":"Thank You Counter Button 1.8.7 - wp-admin/options.php Multiple Parameter Stored XSS","url":["http://packetstormsecurity.com/files/125397/","http://www.securityfocus.com/bid/65805"],"osvdb":["103778"],"cve":["2014-2315"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z"},{"id":6060,"title":"Thank You Counter Button \u003c= 1.8.2 - XSS","secunia":["50977"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"1.8.3"}]}},{"bookings":{"vulnerabilities":[{"id":6061,"title":"Bookings \u003c= 1.8.2 - controlpanel.php error Parameter XSS","osvdb":["86613"],"secunia":["50975"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"1.8.3"}]}},{"cimy-user-manager":{"vulnerabilities":[{"id":6062,"title":"Cimy User Manager \u003c= 1.4.2 - Arbitrary File Disclosure","url":["http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/"],"secunia":["50834"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"1.4.4"}]}},{"fs-real-estate-plugin":{"vulnerabilities":[{"id":6063,"title":"FireStorm Professional Real Estate 2.06.01 - xml/marker_listings.php id Parameter SQL Injection","url":["http://packetstormsecurity.com/files/118232/","http://xforce.iss.net/xforce/xfdb/80261"],"osvdb":["86686"],"secunia":["51107"],"exploitdb":["22071"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"2.06.04"},{"id":6064,"title":"FireStorm Professional Real Estate - Multiple SQL Injection","url":["http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/"],"secunia":["50873"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"2.06.03"}]}},{"wp125":{"vulnerabilities":[{"id":6065,"title":"WP125 \u003c= 1.4.4 - Multiple XSS","secunia":["50976"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"1.4.5"},{"id":6066,"title":"WP125 \u003c= 1.4.9 - CSRF","url":["http://www.securityfocus.com/bid/58934"],"osvdb":["92113"],"cve":["2013-2700"],"secunia":["52876"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z","fixed_in":"1.5.0"}]}},{"all-video-gallery":{"vulnerabilities":[{"id":6067,"title":"All Video Gallery - Multiple SQL Injection Vulnerabilities","url":["http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/"],"secunia":["50874"],"exploitdb":["22427"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z"},{"id":7555,"title":"All Video Gallery 1.1 - config.php Multiple Parameter SQL Injection","osvdb":["110210"],"cve":["2012-6653"],"vuln_type":"SQLI","created_at":"2014-09-18T20:33:06.000Z","updated_at":"2014-09-18T20:39:01.000Z","fixed_in":"1.2"},{"id":7599,"title":"All Video Gallery 1.2 - SQL Injection","url":["http://codevigilant.com/disclosure/wp-plugin-all-video-gallery-a1-injection"],"osvdb":["109888"],"cve":["2014-5186"],"vuln_type":"SQLI","created_at":"2014-09-24T08:08:52.000Z","updated_at":"2014-09-24T09:58:36.000Z"}]}},{"buddystream":{"vulnerabilities":[{"id":6068,"title":"BuddyStream - XSS","secunia":["50972"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z"}]}},{"post-views":{"vulnerabilities":[{"id":6069,"title":"Post views 2.6.1 - wp-content/plugins/post-views/post-views.php search_input Parameter XSS","url":["http://www.securityfocus.com/bid/56555","http://xforce.iss.net/xforce/xfdb/80076"],"osvdb":["87349"],"secunia":["50982"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2014-08-01T10:58:35.000Z"},{"id":6677,"title":"PostViews - \"search_input\" - Cross-Site Scripting (XSS)","secunia":["50982"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2015-01-18T08:34:20.000Z"}]}},{"floating-social-media-links":{"vulnerabilities":[{"id":6070,"title":"Floating Social Media Links \u003c= 1.4.2 - fsml-admin.js.php wpp Parameter Remote File Inclusion","url":["http://www.securityfocus.com/bid/56913","http://xforce.iss.net/xforce/xfdb/80641","http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/"],"osvdb":["88383"],"secunia":["51346"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z","fixed_in":"1.4.3"},{"id":6071,"title":"Floating Social Media Links \u003c= 1.4.2 - fsml-hideshow.js.php wpp Parameter Remote File Inclusion","url":["http://www.securityfocus.com/bid/56913","http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/"],"osvdb":["88385"],"secunia":["51346"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z","fixed_in":"1.4.3"}]}},{"zingiri-forum":{"vulnerabilities":[{"id":6072,"title":"Zingiri Forum 1.4.2 - forum.php zing_forum_output Function url Parameter XSS","url":["http://www.securityfocus.com/bid/57224","http://xforce.iss.net/xforce/xfdb/81156","http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/"],"osvdb":["89069"],"cve":["2012-4920"],"secunia":["50833"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z","fixed_in":"1.4.4"}]}},{"google-document-embedder":{"vulnerabilities":[{"id":6073,"title":"Google Document Embedder 2.4.6 - pdf.php file Parameter Arbitrary File Disclosure","url":["http://www.securityfocus.com/bid/57133","http://packetstormsecurity.com/files/119329/","http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/"],"osvdb":["88891"],"cve":["2012-4915"],"secunia":["50832"],"exploitdb":["23970"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-09-27T11:49:11.000Z","metasploit":"exploit/unix/webapp/wp_google_document_embedder_exec","fixed_in":"2.5.4"},{"id":7690,"title":"Google Document Embedder \u003c= 2.5.14 - SQL Injection","url":["http://security.szurek.pl/google-doc-embedder-2514-sql-injection.html","http://xforce.iss.net/xforce/xfdb/98944"],"osvdb":["115044"],"cve":["2014-9173"],"exploitdb":["35371"],"vuln_type":"SQLI","created_at":"2014-11-25T17:23:25.000Z","updated_at":"2014-12-30T16:21:09.000Z","fixed_in":"2.5.15"},{"id":7704,"title":" Google Document Embedder \u003c= 2.5.16 - SQL Injection","osvdb":["115044"],"cve":["2014-9173"],"exploitdb":["35447"],"vuln_type":"SQLI","created_at":"2014-12-03T11:56:05.000Z","updated_at":"2015-01-12T15:37:42.000Z"}]}},{"extended-user-profile":{"vulnerabilities":[{"id":6074,"title":"extended-user-profile - Full Path Disclosure vulnerability","url":["http://1337day.com/exploit/20118"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"superslider-show":{"vulnerabilities":[{"id":6075,"title":"superslider-show - Full Path Disclosure vulnerability","url":["http://1337day.com/exploit/20117"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"wordpress-multibox-plugin":{"vulnerabilities":[{"id":6076,"title":"multibox - Full Path Disclosure vulnerability","url":["http://1337day.com/exploit/20119"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"openinviter-for-wordpress":{"vulnerabilities":[{"id":6077,"title":"OpenInviter - Information Disclosure","url":["http://packetstormsecurity.com/files/119265/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"wp_rokbox":{"vulnerabilities":[{"id":6078,"title":"RokBox - Multiple Vulnerabilities","url":["http://1337day.com/exploit/19981"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6079,"title":"RokBox \u003c= 2.13 - thumb.php src Parameter Malformed Input Path Disclosure","url":["http://packetstormsecurity.com/files/118884/","http://xforce.iss.net/xforce/xfdb/80732","http://www.securityfocus.com/bid/56953","http://seclists.org/fulldisclosure/2012/Dec/159"],"osvdb":["88604"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6080,"title":"RokBox \u003c= 2.13 - thumb.php src Parameter XSS","url":["http://packetstormsecurity.com/files/118884/","http://xforce.iss.net/xforce/xfdb/80731","http://www.securityfocus.com/bid/56953","http://seclists.org/fulldisclosure/2012/Dec/159"],"osvdb":["88605"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6081,"title":"RokBox \u003c= 2.13 - rokbox.php Direct Request Path Disclosure","url":["http://packetstormsecurity.com/files/118884/","http://www.securityfocus.com/bid/56953","http://seclists.org/fulldisclosure/2012/Dec/159"],"osvdb":["88606"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6082,"title":"RokBox \u003c= 2.13 - error_log Direct Request Error Log Information Disclosure","url":["http://packetstormsecurity.com/files/118884/","http://xforce.iss.net/xforce/xfdb/80761","http://www.securityfocus.com/bid/56953","http://seclists.org/fulldisclosure/2012/Dec/159"],"osvdb":["88607"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6083,"title":"RokBox \u003c= 2.13 - jwplayer/jwplayer.swf abouttext Parameter XSS","url":["http://packetstormsecurity.com/files/118884/","http://xforce.iss.net/xforce/xfdb/80731","http://www.securityfocus.com/bid/56953","http://seclists.org/fulldisclosure/2012/Dec/159"],"osvdb":["88608"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6084,"title":"RokBox \u003c= 2.13 - thumb.php src Parameter Arbitrary File Upload","url":["http://packetstormsecurity.com/files/118884/","http://xforce.iss.net/xforce/xfdb/80733","http://xforce.iss.net/xforce/xfdb/80739","http://www.securityfocus.com/bid/56953","http://seclists.org/fulldisclosure/2012/Dec/159"],"osvdb":["88609"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"wp_rokintroscroller":{"vulnerabilities":[{"id":6085,"title":"RokIntroScroller \u003c= 1.8 - XSS,DoS,Disclosure,Upload Vulnerabilities","url":["http://packetstormsecurity.com/files/123302/","http://seclists.org/fulldisclosure/2013/Sep/121"],"osvdb":["97418"],"secunia":["54801"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"wp_rokmicronews":{"vulnerabilities":[{"id":6086,"title":"RokMicroNews \u003c= 1.5 - XSS,DoS,Disclosure,Upload Vulnerabilities","url":["http://packetstormsecurity.com/files/123312/","http://seclists.org/fulldisclosure/2013/Sep/124"],"osvdb":["97418"],"secunia":["54801"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"wp_roknewspager":{"vulnerabilities":[{"id":6087,"title":"RokNewsPager \u003c= 1.17 - XSS,DoS,Disclosure,Upload Vulnerabilities","url":["http://packetstormsecurity.com/files/123271/","http://seclists.org/fulldisclosure/2013/Sep/109"],"osvdb":["97418"],"secunia":["54801"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"wp_rokstories":{"vulnerabilities":[{"id":6088,"title":"RokStories \u003c= 1.25 - XSS,DoS,Disclosure,Upload Vulnerabilities","url":["http://packetstormsecurity.com/files/123270/","http://seclists.org/fulldisclosure/2013/Sep/108"],"osvdb":["97418"],"secunia":["54801"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"grou-random-image-widget":{"vulnerabilities":[{"id":6089,"title":"grou-random-image-widget - Full Path Disclosure","url":["http://1337day.com/exploit/20047"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"sintic_gallery":{"vulnerabilities":[{"id":6090,"title":"sintic_gallery - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/19993"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6091,"title":"sintic_gallery - Path Disclosure Vulnerability","url":["http://1337day.com/exploit/20020"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"wp-useronline":{"vulnerabilities":[{"id":6092,"title":"WP-UserOnline - Full Path Disclosure","url":["http://seclists.org/fulldisclosure/2010/Jul/8"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6093,"title":"Wp-UserOnline \u003c= 0.62 - Persistent XSS","url":["http://seclists.org/fulldisclosure/2010/Jul/8"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"levelfourstorefront":{"vulnerabilities":[{"id":6094,"title":"Shopping Cart 8.1.14 - Shell Upload, SQL Injection","url":["http://packetstormsecurity.com/files/119217/"],"secunia":["51690"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z","fixed_in":"8.1.15"},{"id":6095,"title":"Level Four Storefront - levelfourstorefront/getsortmanufacturers.php id Parameter SQL Injection","url":["http://packetstormsecurity.com/files/120950/"],"osvdb":["91680"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"reflex-gallery":{"vulnerabilities":[{"id":6096,"title":"ReFlex Gallery 1.4.2 - Unspecified XSS","osvdb":["102585"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z","fixed_in":"1.4.3"},{"id":6097,"title":"ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure","osvdb":["88869"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6098,"title":"ReFlex Gallery 1.3 - Shell Upload","url":["http://packetstormsecurity.com/files/119218/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-09-22T12:05:19.000Z","fixed_in":"3.0.1"}]}},{"uploader":{"vulnerabilities":[{"id":6099,"title":"Uploader 1.0.4 - Shell Upload","url":["http://packetstormsecurity.com/files/119219/"],"osvdb":["70648"],"secunia":["43075","52465"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6100,"title":"Uploader 1.0.4 - notify.php blog Parameter XSS","osvdb":["90840"],"cve":["2013-2287"],"secunia":["52465"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"},{"id":6101,"title":"Uploader 1.0.0 - wp-content/plugins/uploader/views/notify.php num Parameter XSS","osvdb":["70649"],"secunia":["43075"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"xerte-online":{"vulnerabilities":[{"id":6102,"title":"Xerte Online 0.32 - Shell Upload","url":["http://packetstormsecurity.com/files/119220/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:36.000Z","updated_at":"2014-08-01T10:58:36.000Z"}]}},{"advanced-custom-fields":{"vulnerabilities":[{"id":6103,"title":"Advanced Custom Fields \u003c= 3.5.1 - Remote File Inclusion","url":["http://packetstormsecurity.com/files/119221/"],"osvdb":["87353"],"secunia":["51037"],"exploitdb":["23856"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-09-16T14:11:04.000Z","metasploit":"exploit/unix/webapp/wp_advanced_custom_fields_exec","fixed_in":"3.5.2"}]}},{"sitepress-multilingual-cms":{"vulnerabilities":[{"id":6104,"title":"sitepress-multilingual-cms - Full Path Disclosure","url":["http://1337day.com/exploit/20067"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"asset-manager":{"vulnerabilities":[{"id":6105,"title":"Asset Manager 0.2 - Arbitrary File Upload","url":["http://www.securityfocus.com/bid/53809","http://packetstormsecurity.com/files/119133/"],"osvdb":["82653"],"secunia":["49378"],"exploitdb":["18993","23652"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6106,"title":"Asset Manager - upload.php Arbitrary Code Execution","url":["http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/","http://packetstormsecurity.com/files/113285/","http://xforce.iss.net/xforce/xfdb/80823"],"osvdb":["82653"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-09-29T15:47:00.000Z","metasploit":"exploit/unix/webapp/wp_asset_manager_upload_exec"}]}},{"apptha-banner":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"apptha-slider-gallery":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"blaze-slide-show-for-wordpress":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6108,"title":"Blaze Slideshow 2.1 - Unspecified Security Vulnerability","url":["http://www.securityfocus.com/bid/52677"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z","fixed_in":"2.2"}]}},{"comment-extra-field":{"vulnerabilities":[{"id":6109,"title":"Comment Extra Field 1.7 - CSRF / XSS","url":["http://packetstormsecurity.com/files/122625/","http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"fluid-accessible-rich-inline-edit":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"fluid-accessible-pager":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"fluid-accessible-uploader":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"fluid-accessible-ui-options":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"fresh-page":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"pdw-file-browser":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6110,"title":"PDW File Browser - upload.php Arbitrary File Upload Vulnerability","url":["http://www.securityfocus.com/bid/53895"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"power-zoomer":{"vulnerabilities":[{"id":6111,"title":"powerzoomer - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/20253"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"slide-show-pro":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"smart-slide-show":{"vulnerabilities":[{"id":6112,"title":"Smart Slideshow - upload.php Multiple File Extension Upload Arbitrary Code Execution","osvdb":["87373"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"spotlightyour":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"sprapid":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"ultimate-tinymce":{"vulnerabilities":[{"id":6113,"title":"TinyMCE 3.5 - swfupload Cross-Site Scripting Vulnerability","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"secunia":["51224"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z","fixed_in":"3.6"}]}},{"wp-3dbanner-rotator":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-3dflick-slideshow":{"vulnerabilities":[{"id":6114,"title":"wp-3dflick-slideshow - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/20255"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-bliss-gallery":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-carouselslideshow":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6115,"title":"Carousel Slideshow - Unspecified Vulnerabilities","secunia":["50377"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z","fixed_in":"3.10"}]}},{"wp-dreamworkgallery":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-ecommerce-cvs-importer":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-extended":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-flipslideshow":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-homepage-slideshow":{"vulnerabilities":[{"id":6116,"title":"wp-homepage-slideshow - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/20260"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-image-news-slider":{"vulnerabilities":[{"id":6117,"title":"Image News Slider 3.3 - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/20259"],"osvdb":["87375"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z"},{"id":6118,"title":"Image News Slider 3.3 - Unspecified Vulnerabilities","osvdb":["84935"],"secunia":["50390"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z","fixed_in":"3.4"},{"id":6119,"title":"Image News Slider 3.2 - Multiple Unspecified Remote Issues","url":["http://www.securityfocus.com/bid/52977","http://xforce.iss.net/xforce/xfdb/74788"],"osvdb":["81314"],"cve":["2012-4327"],"secunia":["48747"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z","fixed_in":"3.3"},{"id":6120,"title":"Image News Slider 3.1 - Multiple Unspecified Remote Issues","osvdb":["80310"],"secunia":["48538"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z","fixed_in":"3.2"},{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-image-resizer":{"vulnerabilities":[{"id":6121,"title":"Image Resizer - Cross Site Scripting","url":["http://packetstormsecurity.com/files/123651/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z"}]}},{"wp-levoslideshow":{"vulnerabilities":[{"id":6122,"title":"wp-levoslideshow - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/20250"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z"},{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-matrix-gallery":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-powerplaygallery":{"vulnerabilities":[{"id":6123,"title":"wp-powerplaygallery - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/20252"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z"},{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-royal-gallery":{"vulnerabilities":[{"id":6124,"title":"wp-royal-gallery - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/20261"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z"},{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-superb-slideshow":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6125,"title":"wp superb Slideshow - Full Path Disclosure","url":["http://1337day.com/exploit/19979"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z"}]}},{"wp-vertical-gallery":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"wp-yasslideshow":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"}]}},{"cardoza-ajax-search":{"vulnerabilities":[{"id":6126,"title":"Ajax - Post Search Sql Injection","url":["http://seclists.org/bugtraq/2012/Nov/33","http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html"],"secunia":["51205"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z","fixed_in":"1.3"}]}},{"answer-my-question":{"vulnerabilities":[{"id":6127,"title":"Answer My Question 1.1 - record_question.php Multiple Parameter XSS","url":["http://www.securityfocus.com/archive/1/524625/30/0/threaded","http://seclists.org/bugtraq/2012/Nov/24"],"osvdb":["85567"],"secunia":["50655"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z","fixed_in":"1.2"}]}},{"catalog":{"vulnerabilities":[{"id":6128,"title":"Spider Catalog - HTML Code Injection and Cross-site scripting","url":["http://packetstormsecurity.com/files/117820/"],"secunia":["51143"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z"},{"id":6130,"title":"Spider Catalog 1.4.6 - Multiple Vulnerabilities","url":["http://seclists.org/bugtraq/2013/May/79","http://www.securityfocus.com/bid/60079/info"],"osvdb":["93589","93590","93591","93592","93593","93594","93595","93596","93597","93598"],"secunia":["53491"],"exploitdb":["25724"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-11-04T14:27:09.000Z"}]}},{"wordfence":{"vulnerabilities":[{"id":6140,"title":"Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS","osvdb":["102445"],"secunia":["56558"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-08-01T10:58:38.000Z","fixed_in":"3.8.7"},{"id":6141,"title":"Wordfence 3.8.1 - Password Creation Restriction Bypass","osvdb":["102478"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:38.000Z","updated_at":"2014-09-27T12:41:39.000Z","fixed_in":"3.8.3"},{"id":6142,"title":"Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS","url":["http://packetstormsecurity.com/files/122993/","http://www.securityfocus.com/bid/62053"],"osvdb":["97884"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z","fixed_in":"3.8.3"},{"id":6143,"title":"Wordfence 3.3.5 - XSS and IAA","url":["http://seclists.org/fulldisclosure/2012/Oct/139"],"osvdb":["86557"],"secunia":["51055"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z","fixed_in":"3.3.7"},{"id":7581,"title":"Wordfence 5.2.4 - Unspecified Issue","osvdb":["111841"],"vuln_type":"UNKNOWN","created_at":"2014-09-22T18:47:58.000Z","updated_at":"2014-09-22T18:48:25.000Z","fixed_in":"5.2.5"},{"id":7582,"title":"Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS","url":["http://packetstormsecurity.com/files/128259/"],"osvdb":["111590"],"vuln_type":"XSS","created_at":"2014-09-22T18:52:28.000Z","updated_at":"2014-09-22T18:52:52.000Z","fixed_in":"5.2.5"},{"id":7583,"title":"Wordfence 5.2.3 - Banned IP Functionality Bypass","url":["http://packetstormsecurity.com/files/128259/","http://seclists.org/fulldisclosure/2014/Sep/49","https://vexatioustendencies.com/wordfence-v5-2-3-2-stored-xss-insufficient-logging-throttle-bypass-exploit-detection-bypass/"],"osvdb":["111589"],"vuln_type":"BYPASS","created_at":"2014-09-22T19:33:44.000Z","updated_at":"2014-12-01T10:57:48.000Z"},{"id":7612,"title":"Wordfence 5.2.3 - Multiple Vulnerabilities","url":["https://vexatioustendencies.com/wordfence-v5-2-3-2-stored-xss-insufficient-logging-throttle-bypass-exploit-detection-bypass/"],"vuln_type":"MULTI","created_at":"2014-09-27T12:37:39.000Z","updated_at":"2014-09-27T12:37:58.000Z","fixed_in":"5.2.4"},{"id":7636,"title":"Wordfence \u003c= 5.2.4 - Multiple Vulnerabilities (XSS \u0026 Bypasses)","url":["http://blog.secupress.fr/en/wordfence-5-2-5-security-update-298.html","http://www.securityfocus.com/bid/70915"],"osvdb":["111841"],"cve":["2014-4664"],"vuln_type":"MULTI","created_at":"2014-10-07T16:26:43.000Z","updated_at":"2014-11-28T16:40:04.000Z","fixed_in":"5.2.5"},{"id":7698,"title":"Wordfence 5.2.2 - XSS in Referer Header","url":["https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/"],"vuln_type":"XSS","created_at":"2014-12-01T13:18:37.000Z","updated_at":"2014-12-01T13:18:57.000Z","fixed_in":"5.2.3"},{"id":7711,"title":"Wordfence \u003c= 5.1.4 - Cross Site Scripting (XSS)","url":["http://techdefencelabs.com/security-advisories.html"],"osvdb":["109044"],"cve":["2014-4932"],"vuln_type":"XSS","created_at":"2014-12-08T13:19:49.000Z","updated_at":"2014-12-08T13:20:12.000Z","fixed_in":"5.1.5"}]}},{"slideshow-jquery-image-gallery":{"vulnerabilities":[{"id":6144,"title":"Slideshow jQuery Image Gallery - Multiple Vulnerabilities","url":["http://www.waraxe.us/advisory-92.html"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"},{"id":6145,"title":"Slideshow - Multiple Script Insertion Vulnerabilities","secunia":["51135"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"social-discussions":{"vulnerabilities":[{"id":6146,"title":"Social Discussions 6.1.1 - Multiple Script Direct Request Path Disclosure","url":["http://xforce.iss.net/xforce/xfdb/79465","http://www.waraxe.us/advisory-93.html"],"osvdb":["86730"],"exploitdb":["22158"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"},{"id":6147,"title":"Social Discussions 6.1.1 - social-discussions-networkpub_ajax.php HTTP_ENV_VARS Parameter Remote File Inclusion","url":["http://xforce.iss.net/xforce/xfdb/79464","http://www.waraxe.us/advisory-93.html"],"osvdb":["86731"],"exploitdb":["22158"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"abtest":{"vulnerabilities":[{"id":6148,"title":"ABtest - Directory Traversal","url":["http://scott-herbert.com/?p=140"],"osvdb":["86136"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T15:35:28.000Z"}]}},{"bbpress":{"vulnerabilities":[{"id":6149,"title":"BBPress - Multiple Script Malformed Input Path Disclosure","url":["http://xforce.iss.net/xforce/xfdb/78244","http://packetstormsecurity.com/files/116123/"],"osvdb":["86399"],"exploitdb":["22396"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"},{"id":6150,"title":"BBPress - forum.php page Parameter SQL Injection","url":["http://xforce.iss.net/xforce/xfdb/78244","http://packetstormsecurity.com/files/116123/"],"osvdb":["86400"],"exploitdb":["22396"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"nextgen_cu3er_gallery":{"vulnerabilities":[{"id":6151,"title":"NextGen Cu3er Gallery - Information Disclosure","url":["http://packetstormsecurity.com/files/116150/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"rich-widget":{"vulnerabilities":[{"id":6152,"title":"Rich Widget - File Upload","url":["http://packetstormsecurity.com/files/115787/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"monsters-editor-10-for-wp-super-edit":{"vulnerabilities":[{"id":6153,"title":"Monsters Editor - Shell Upload","url":["http://packetstormsecurity.com/files/115788/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"quick-post-widget":{"vulnerabilities":[{"id":6154,"title":"Quick Post Widget 1.9.1 - Multiple Cross-site scripting vulnerabilities","url":["http://www.darksecurity.de/advisories/2012/SSCHADV2012-016.txt","http://seclists.org/bugtraq/2012/Aug/66"],"osvdb":["83640"],"cve":["2012-4226"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"},{"id":7525,"title":"Quick Post Widget 1.9.1 - Multiple Function CSRF","osvdb":["83641"],"secunia":["49798"],"vuln_type":"CSRF","created_at":"2014-08-27T11:15:48.000Z","updated_at":"2014-08-27T11:15:48.000Z"}]}},{"threewp-email-reflector":{"vulnerabilities":[{"id":6155,"title":"ThreeWP Email Reflector 1.13 - Subject Field XSS","osvdb":["85134"],"cve":["2012-2572"],"exploitdb":["20365"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z","fixed_in":"1.16"}]}},{"wp-simplemail":{"vulnerabilities":[{"id":6156,"title":"SimpleMail 1.0.6 - Stored XSS","osvdb":["84534"],"cve":["2012-2579"],"secunia":["50208"],"exploitdb":["20361"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"postie":{"vulnerabilities":[{"id":6157,"title":"Postie 1.4.3 - Stored XSS","osvdb":["84532"],"cve":["2012-2580"],"secunia":["50207"],"exploitdb":["20360"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z","fixed_in":"1.5.15"}]}},{"rsvpmaker":{"vulnerabilities":[{"id":6158,"title":"RSVPMaker 2.5.4 - index.php RSVP Form Multiple Field XSS","osvdb":["84749"],"secunia":["50289"],"exploitdb":["20474"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z","fixed_in":"2.5.5"}]}},{"mz-jajak":{"vulnerabilities":[{"id":6159,"title":"Mz-jajak \u003c= 2.1 - index.php id Parameter SQL Injection","osvdb":["84698"],"secunia":["50217"],"exploitdb":["20416"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"resume-submissions-job-postings":{"vulnerabilities":[{"id":6160,"title":"Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload","url":["http://packetstormsecurity.com/files/114716/"],"osvdb":["83807"],"secunia":["49896"],"exploitdb":["19791"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"wp-predict":{"vulnerabilities":[{"id":6161,"title":"WP-Predict 1.0 - Blind SQL Injection","osvdb":["83697"],"secunia":["49843"],"exploitdb":["19715"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"backup":{"vulnerabilities":[{"id":6162,"title":"Backup 2.0.1 - Information Disclosure","osvdb":["83701"],"secunia":["50038"],"exploitdb":["19524"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z","fixed_in":"2.1"}]}},{"moodthingy-mood-rating-widget":{"vulnerabilities":[{"id":6163,"title":"MoodThingy Widget 0.8.7 - admin-ajax.php Multiple Parameter lydl_store_results Function SQL Injection","osvdb":["83632"],"secunia":["49805"],"exploitdb":["19572"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"paid-business-listings":{"vulnerabilities":[{"id":6164,"title":"Paid Business Listings 1.0.2 - Form Submission pbl_listing_pkg_id Parameter SQL Injection","osvdb":["83768"],"exploitdb":["19481"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"website-faq":{"vulnerabilities":[{"id":6165,"title":"Website FAQ 1.0 - wp-admin/admin-ajax.php category Parameter SQL injection","osvdb":["83265"],"secunia":["49682"],"exploitdb":["19400"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"radykal-fancy-gallery":{"vulnerabilities":[{"id":6166,"title":"Fancy Gallery 1.2.4 - Shell Upload","url":["http://packetstormsecurity.com/files/114114/"],"osvdb":["83410"],"exploitdb":["19398"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"flipbook":{"vulnerabilities":[{"id":6167,"title":"Flip Book 1.0 - Shell Upload","url":["http://packetstormsecurity.com/files/114112/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"ajax_multi_upload":{"vulnerabilities":[{"id":6168,"title":"Ajax Multi Upload 1.1 - Shell Upload","url":["http://packetstormsecurity.com/files/114109/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"schreikasten":{"vulnerabilities":[{"id":6169,"title":"Schreikasten 0.14.13 - wp-admin/admin-ajax.php Multiple Parameter XSS","osvdb":["83152"],"secunia":["49600"],"exploitdb":["19294"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"wp-automatic":{"vulnerabilities":[{"id":6170,"title":"Automatic 2.0.3 - csv.php q Parameter SQL Injection","url":["http://packetstormsecurity.com/files/113763/"],"osvdb":["82971"],"secunia":["49573"],"exploitdb":["19187"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z","fixed_in":"2.0.4"}]}},{"videowhisper-video-conference-integration":{"vulnerabilities":[{"id":6171,"title":"VideoWhisper Video Conference 4.51 - Arbitrary File Upload Vulnerability","url":["http://packetstormsecurity.com/files/113580/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"},{"id":6172,"title":"Video Whisper - XSS","url":["http://packetstormsecurity.com/files/122943/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"}]}},{"videowhisper-live-streaming-integration":{"vulnerabilities":[{"id":6173,"title":"VideoWhisper Live Streaming Integration 4.29.6 - videowhisper_streaming.php Multiple Parameter XSS","url":["http://packetstormsecurity.com/files/125430/"],"osvdb":["103871"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:39.000Z","updated_at":"2014-08-01T10:58:39.000Z"},{"id":6175,"title":"VideoWhisper Live Streaming Integration 4.27.3 - Multiple Vulnerabilities","url":["https://www.htbridge.com/advisory/HTB23199"],"osvdb":["103820","103819","103818","103817","103816","103815","103814","103428","103427","103426","103425","103821"],"cve":["2014-1906"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-11-04T14:09:14.000Z","fixed_in":"4.29.5"},{"id":6186,"title":"VideoWhisper Live Streaming Integration \u003c 4.27.2 - Cross-Site Scripting (XSS)","url":["http://codevigilant.com/disclosure/wp-plugin-videowhisper-live-streaming-integration-a3-cross-site-scripting-xss/"],"cve":["2014-4569"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-11-04T14:09:58.000Z"},{"id":6187,"title":"VideoWhisper Live Streaming Integration \u003c= 4.25.3 - Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/bid/61977","http://seclists.org/bugtraq/2013/Aug/163"],"osvdb":["96593"],"cve":["2013-5714"],"secunia":["54619"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-11-04T14:11:48.000Z"}]}},{"auctionPlugin":{"vulnerabilities":[{"id":6188,"title":"Sitemile Auctions 2.0.1.3 - wp-content/plugins/auctionPlugin/upload.php File Upload PHP Code Execution","url":["http://packetstormsecurity.com/files/113568/"],"osvdb":["83075"],"secunia":["49497"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"lb-mixed-slideshow":{"vulnerabilities":[{"id":6189,"title":"LB Mixed Slideshow 1.0 - Arbitrary File Upload Vulnerability","url":["http://packetstormsecurity.com/files/113844/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"lim4wp":{"vulnerabilities":[{"id":6190,"title":"Lim4wp 1.1.1 - Arbitrary File Upload Vulnerability","url":["http://packetstormsecurity.com/files/113846/"],"osvdb":["83016"],"secunia":["49609"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"wp-imagezoom":{"vulnerabilities":[{"id":6191,"title":"Wp-ImageZoom 1.0.3 - download.php File Upload PHP Code Execution","url":["http://www.opensyscom.fr/Actualites/wordpress-plugins-wp-imagezoom-remote-file-disclosure-vulnerability.html"],"osvdb":["83015"],"secunia":["49612"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"},{"id":6192,"title":"Wp-ImageZoom 1.0.3 - Remote File Disclosure","url":["http://packetstormsecurity.com/files/113845/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"},{"id":6193,"title":"Wp-ImageZoom - zoom.php id Parameter SQL Injection","url":["http://www.securityfocus.com/bid/56691","http://xforce.iss.net/xforce/xfdb/80285"],"osvdb":["87870"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"invit0r":{"vulnerabilities":[{"id":6194,"title":"Invit0r 0.22 - Shell Upload","url":["http://packetstormsecurity.com/files/113639/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"announces":{"vulnerabilities":[{"id":6195,"title":"Annonces 1.2.0.1 - Shell Upload","url":["http://packetstormsecurity.com/files/113637/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"contus-video-galleryversion-10":{"vulnerabilities":[{"id":6196,"title":"Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability","url":["http://packetstormsecurity.com/files/113571/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"contus-hd-flv-player":{"vulnerabilities":[{"id":6197,"title":"Contus HD FLV Player \u003c= 1.3 - SQL Injection Vulnerability","exploitdb":["17678"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"},{"id":6198,"title":"Contus HD FLV Player 1.7 - Arbitrary File Upload Vulnerability","url":["http://packetstormsecurity.com/files/113570/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"user-meta":{"vulnerabilities":[{"id":6199,"title":"User Meta Version 1.1.1 - Arbitrary File Upload Vulnerability","osvdb":["82902"],"exploitdb":["19052"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"topquark":{"vulnerabilities":[{"id":6200,"title":"Top Quark Architecture 2.1.0 - lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution","url":["http://packetstormsecurity.com/files/113522/"],"osvdb":["82843"],"secunia":["49465"],"exploitdb":["19053"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"sfbrowser":{"vulnerabilities":[{"id":6201,"title":"SFBrowser 1.4.5 - connectors/php/sfbrowser.php File Upload PHP Code Execution","osvdb":["82845"],"secunia":["49466"],"exploitdb":["19054"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"pica-photo-gallery":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6202,"title":"Pica Photo Gallery 1.0 - Arbitrary File Upload Vulnerability","exploitdb":["19055"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"},{"id":6203,"title":"PICA Photo Gallery 1.0 - Remote File Disclosure","url":["http://www.securityfocus.com/bid/53893"],"exploitdb":["19016"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"}]}},{"mac-dock-gallery":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6204,"title":"Mac Photo Gallery - Two Security Bypass Security Issues","secunia":["49923"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z"},{"id":6205,"title":"Mac Photo Gallery - Multiple Script Insertion Vulnerabilities","secunia":["49836"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:40.000Z","updated_at":"2014-08-01T10:58:40.000Z","fixed_in":"3.0"},{"id":6206,"title":"Mac Photo Gallery 2.7 - upload-file.php File Upload PHP Code Execution","osvdb":["82844"],"secunia":["49468"],"exploitdb":["19056"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"drag-drop-file-uploader":{"vulnerabilities":[{"id":6207,"title":"drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability","exploitdb":["19057"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"custom-content-type-manager":{"vulnerabilities":[{"id":6208,"title":"Custom Content Type Manager 0.9.5.13pl - upload_form.php File Upload PHP Code Execution","url":["http://packetstormsecurity.com/files/113520/"],"osvdb":["82904"],"exploitdb":["19058"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"wp-gpx-map":{"vulnerabilities":[{"id":6209,"title":"wp-gpx-max version 1.1.21 - Arbitrary File Upload","url":["http://www.securityfocus.com/bid/53909","http://packetstormsecurity.org/files/113523/"],"osvdb":["82900"],"cve":["2012-6649"],"exploitdb":["19050"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z","fixed_in":"1.1.23"}]}},{"front-file-manager":{"vulnerabilities":[{"id":6210,"title":"Front File Manager 0.1 - Arbitrary File Upload","exploitdb":["19012"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"omni-secure-files":{"vulnerabilities":[{"id":6213,"title":"Omni Secure Files 0.1.13 - Arbitrary File Upload","url":["http://www.securityfocus.com/bid/53872"],"osvdb":["82790"],"secunia":["49441"],"exploitdb":["19009"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"easy-contact-forms-exporter":{"vulnerabilities":[{"id":6214,"title":"Easy Contact Forms Export 1.1.0 - Information Disclosure Vulnerability","exploitdb":["19013"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"plugin-newsletter":{"vulnerabilities":[{"id":6215,"title":"Plugin Newsletter 1.5 - Remote File Disclosure Vulnerability","url":["http://packetstormsecurity.org/files/113413/"],"osvdb":["82703"],"cve":["2012-3588"],"secunia":["49464"],"exploitdb":["19018"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-09-27T11:49:49.000Z"}]}},{"rbxgallery":{"vulnerabilities":[{"id":6216,"title":"RBX Gallery 2.1 - uploader.php File Upload PHP Code Execution","url":["http://packetstormsecurity.com/files/113414/","http://xforce.iss.net/xforce/xfdb/76170"],"osvdb":["82796"],"cve":["2012-3575"],"secunia":["49463"],"exploitdb":["19019"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"simple-download-button-shortcode":{"vulnerabilities":[{"id":6217,"title":"Simple Download Button Shortcode 1.0 - Remote File Disclosure","exploitdb":["19020"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"thinkun-remind":{"vulnerabilities":[{"id":6218,"title":"Thinkun Remind 1.1.3 - exportData.php dirPath Parameter Traversal Arbitrary File Access","url":["http://packetstormsecurity.org/files/113416/"],"osvdb":["82705"],"secunia":["49461"],"exploitdb":["19021"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-09-19T20:35:26.000Z"}]}},{"tinymce-thumbnail-gallery":{"vulnerabilities":[{"id":6219,"title":"Tinymce Thumbnail Gallery 1.0.7 - download-image.php href Parameter Traversal Arbitrary File Access","url":["http://packetstormsecurity.org/files/113417/"],"osvdb":["82706"],"secunia":["49460"],"exploitdb":["19022"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"wpstorecart":{"vulnerabilities":[{"id":6220,"title":"wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload","exploitdb":["19023"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"gallery-plugin":{"vulnerabilities":[{"id":6221,"title":"Gallery 3.06 - gallery-plugin/upload/php.php File Upload PHP Code Execution","osvdb":["82661"],"exploitdb":["18998"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"},{"id":6222,"title":"Gallery Plugin 3.8.3 - gallery-plugin.php filename_1 Parameter Arbitrary File Access","url":["http://packetstormsecurity.com/files/119458/","http://www.securityfocus.com/bid/57256","http://seclists.org/bugtraq/2013/Jan/45"],"osvdb":["89124"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"font-uploader":{"vulnerabilities":[{"id":6223,"title":"Font Uploader 1.2.4 - Arbitrary File Upload","url":["http://www.securityfocus.com/bid/53853"],"osvdb":["82657"],"cve":["2012-3814"],"exploitdb":["18994"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"wp-property":{"vulnerabilities":[{"id":6224,"title":"WP Property \u003c= 1.38.3.2 - Non-administrative User XMLI Remote Information Disclosure","osvdb":["102709"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z","fixed_in":"1.38.4"},{"id":6225,"title":"WP Property \u003c= 1.35.0 - Arbitrary File Upload","url":["http://packetstormsecurity.com/files/113274/"],"osvdb":["82656"],"secunia":["49394"],"exploitdb":["18987","23651"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-10-02T20:46:31.000Z","metasploit":"exploit/unix/webapp/wp_property_upload_exec"}]}},{"wpmarketplace":{"vulnerabilities":[{"id":6226,"title":"WP Marketplace 1.5.0-1.6.1 - Arbitrary File Upload","exploitdb":["18988"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"},{"id":6227,"title":"WP Marketplace 1.2.1 - File Enumeration Weakness and File Upload Vulnerabilities","url":["http://www.securityfocus.com/bid/52960"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z","fixed_in":"1.2.2"}]}},{"store-locator-le":{"vulnerabilities":[{"id":6228,"title":"Google Maps via Store Locator - Multiple Vulnerabilities","exploitdb":["18989"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"},{"id":6229,"title":"store-locator-le - SQL Injection","secunia":["51757"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z","fixed_in":"3.8.7"}]}},{"html5avmanager":{"vulnerabilities":[{"id":6230,"title":"HTML5 AV Manager 0.2.7 - Arbitrary File Upload","url":["http://www.securityfocus.com/bid/53804"],"exploitdb":["18990"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-08-01T10:58:41.000Z"}]}},{"foxypress":{"vulnerabilities":[{"id":6231,"title":"Foxypress 0.4.1.1-0.4.2.1 - Arbitrary File Upload","url":["http://packetstormsecurity.com/files/113576/","http://www.securityfocus.com/bid/53805"],"exploitdb":["18991","19100"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:41.000Z","updated_at":"2014-10-02T20:46:49.000Z","metasploit":"exploit/unix/webapp/php_wordpress_foxypress"},{"id":6239,"title":"FoxyPress 0.4.2.5-0.4.2.8 - Multiple Vulnerabilities","url":["http://xforce.iss.net/xforce/xfdb/79699","http://packetstormsecurity.com/files/117768/"],"osvdb":["86810","86811","86812","86813","86814","86815","86816","86817","86818","86804","86805","86806","86807","86808","86809"],"secunia":["51109"],"exploitdb":["22374"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-11-04T13:54:00.000Z","fixed_in":"0.4.2.9"}]}},{"track-that-stat":{"vulnerabilities":[{"id":6248,"title":"Track That Stat \u003c= 1.0.8 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112722/","http://www.securityfocus.com/bid/53551"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"}]}},{"wp-facethumb":{"vulnerabilities":[{"id":6249,"title":"WP-Facethumb Gallery \u003c= 0.1 - Reflected Cross Site Scripting","url":["http://packetstormsecurity.com/files/112658/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"}]}},{"wp-survey-and-quiz-tool":{"vulnerabilities":[{"id":6250,"title":"Survey And Quiz Tool \u003c= 2.9.2 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112685/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"}]}},{"wp-statistics":{"vulnerabilities":[{"id":6251,"title":"WP Statistics \u003c= 2.2.4 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112686/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"},{"id":7682,"title":"WP Statistics \u003c= 8.3 - Stored \u0026 Reflected Cross-Site Scripting (XSS)","url":["http://blog.sucuri.net/2014/11/security-advisory-high-severity-wp-statistics-wordpress-plugin.html"],"vuln_type":"XSS","created_at":"2014-11-20T20:35:39.000Z","updated_at":"2014-11-20T20:35:58.000Z","fixed_in":"8.3.1"},{"id":7702,"title":"WP Statistics \u003c= 8.4 - Unauthenticated Referer Header Stored XSS","url":["http://pastebin.com/raw.php?i=Vsik5R1r","https://wordpress.org/plugins/wp-statistics/changelog/"],"vuln_type":"XSS","created_at":"2014-12-03T09:03:44.000Z","updated_at":"2014-12-03T09:04:02.000Z","fixed_in":"8.5"}]}},{"wp-easy-gallery":{"vulnerabilities":[{"id":6252,"title":"WP Easy Gallery \u003c= 2.7 - CSRF","url":["https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=669527@wp-easy-gallery\u0026new=669527@wp-easy-gallery"],"secunia":["49190"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z","fixed_in":"2.7.3"},{"id":6253,"title":"WP Easy Gallery 2.7 - admin/overview.php galleryId Parameter SQL Injection","osvdb":["105012"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z","fixed_in":"2.7.1"},{"id":6254,"title":"WP Easy Gallery 2.7 - admin/add-images.php Multiple Parameter SQL Injection","osvdb":["105013"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z","fixed_in":"2.7.1"},{"id":6255,"title":"WP Easy Gallery 2.7 - Multiple Admin Function CSRF","osvdb":["105014"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z","fixed_in":"2.7.1"},{"id":6256,"title":"WP Easy Gallery \u003c= 1.7 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112687/"],"secunia":["49190"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z","fixed_in":"2.7.3"}]}},{"subscribe2":{"vulnerabilities":[{"id":6257,"title":"Subscribe2 \u003c= 8.0 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112688/","http://www.securityfocus.com/bid/53538"],"secunia":["49189"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z","fixed_in":"8.1"}]}},{"soundcloud-is-gold":{"vulnerabilities":[{"id":6258,"title":"Soundcloud Is Gold \u003c= 2.1 - 'action' Parameter Cross Site Scripting Vulnerability","url":["http://packetstormsecurity.com/files/112689/","http://www.securityfocus.com/bid/53537"],"osvdb":["81919"],"cve":["2012-6624"],"secunia":["49188"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"}]}},{"sharebar":{"vulnerabilities":[{"id":6259,"title":"Sharebar \u003c= 1.2.5 - sharebar-admin.php page Parameter XSS","url":["http://packetstormsecurity.com/files/123365/"],"osvdb":["98078"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"},{"id":6260,"title":"Sharebar \u003c= 1.2.5 - Button Manipulation CSRF","url":["http://www.securityfocus.com/bid/60956"],"osvdb":["94843"],"cve":["2013-3491"],"secunia":["52948"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"},{"id":6261,"title":"Sharebar 1.2.3 - wp-admin/options-general.php status Parameter XSS","osvdb":["81465"],"secunia":["48908"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"},{"id":6262,"title":"Sharebar \u003c= 1.2.1 - SQL Injection / Cross Site Scripting","url":["http://packetstormsecurity.com/files/112690/"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z","fixed_in":"1.2.2"}]}},{"share-and-follow":{"vulnerabilities":[{"id":6263,"title":"Share And Follow \u003c= 1.80.3 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112691/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"}]}},{"sabre":{"vulnerabilities":[{"id":6264,"title":"SABRE \u003c= 1.2.0 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112692/"],"osvdb":["82269"],"cve":["2012-2916"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z","fixed_in":"1.2.2"}]}},{"pretty-link":{"vulnerabilities":[{"id":6265,"title":"Pretty Link Lite \u003c= 1.5.2 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112693/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"},{"id":6266,"title":"Pretty Link Lite \u003c= 1.6.1 - Cross Site Scripting","secunia":["50980"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"},{"id":6267,"title":"pretty-link - XSS in SWF","url":["http://seclists.org/bugtraq/2013/Feb/100","http://packetstormsecurity.com/files/120433/"],"cve":["2013-1636"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"}]}},{"newsletter-manager":{"vulnerabilities":[{"id":6268,"title":"Newsletter Manager \u003c= 1.0.2 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112694/"],"osvdb":["102186","102548","102549","102550","81920"],"cve":["2012-6628"],"secunia":["49183"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z","fixed_in":"1.0.2"},{"id":6269,"title":"Newsletter Manager 1.0.2 - Cross Site Scripting \u0026 Cross-Site Request Forgery","cve":["2012-6627","2012-6629"],"secunia":["49152"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"}]}},{"network-publisher":{"vulnerabilities":[{"id":6270,"title":"Network Publisher \u003c= 5.0.1 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112695/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:42.000Z","updated_at":"2014-08-01T10:58:42.000Z"}]}},{"leaguemanager":{"vulnerabilities":[{"id":6271,"title":"LeagueManager \u003c= 3.7 - wp-admin/admin.php Multiple Parameter XSS","url":["http://packetstormsecurity.com/files/112698/","http://www.securityfocus.com/bid/53525","http://xforce.iss.net/xforce/xfdb/75629"],"osvdb":["82266"],"secunia":["49949"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"},{"id":6272,"title":"LeagueManager 3.8 - SQL Injection","osvdb":["91442"],"cve":["2013-1852"],"exploitdb":["24789"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"}]}},{"leaflet":{"vulnerabilities":[{"id":6273,"title":"Leaflet \u003c= 0.0.1 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112699/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"}]}},{"joliprint":{"vulnerabilities":[{"id":6274,"title":"PDF And Print Button Joliprint \u003c= 1.3.0 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112700/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"}]}},{"iframe-admin-pages":{"vulnerabilities":[{"id":6275,"title":"IFrame Admin Pages \u003c= 0.1 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112701/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"}]}},{"ezpz-one-click-backup":{"vulnerabilities":[{"id":6276,"title":"EZPZ One Click Backup \u003c= 12.03.10 - OS Command Injection","url":["http://www.openwall.com/lists/oss-security/2014/05/01/11"],"osvdb":["106511"],"cve":["2014-3114"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"},{"id":6277,"title":"EZPZ One Click Backup \u003c= 12.03.10 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112705/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"}]}},{"dynamic-widgets":{"vulnerabilities":[{"id":6278,"title":"Dynamic Widgets \u003c= 1.5.1 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112706/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"}]}},{"download-monitor":{"vulnerabilities":[{"id":6279,"title":"Download Monitor \u003c= 3.3.6.1 - wp-admin/admin.php Multiple Parameter XSS (Note: This plugin changed its version numbering, this may produce false positive)","url":["http://www.securityfocus.com/bid/61407","http://xforce.iss.net/xforce/xfdb/85921"],"osvdb":["95613"],"cve":["2013-5098","2013-3262"],"secunia":["53116"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"3.3.6.2"},{"id":6280,"title":"Download Monitor \u003c= 3.3.5.7 - index.php dlsearch Parameter XSS (Note: This plugin changed its version numbering, this may produce false positive)","url":["http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html"],"osvdb":["85319"],"cve":["2012-4768"],"secunia":["50511"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"3.3.5.9"},{"id":6281,"title":"Download Monitor \u003c= 3.3.5.4 - Cross Site Scripting (Note: This plugin changed its version numbering, this may produce false positive)","url":["http://packetstormsecurity.com/files/112707/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"},{"id":6282,"title":"Download Monitor 2.0.6 - wp-download_monitor/download.php id Parameter SQL Injection (Note: This plugin changed its version numbering, this may produce false positive)","osvdb":["44616"],"cve":["2008-2034"],"secunia":["29876"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"2.0.8"}]}},{"download-manager":{"vulnerabilities":[{"id":6283,"title":"Download Manager 2.5.8 - Download Package file Parameter Stored XSS","url":["http://www.securityfocus.com/bid/64159"],"osvdb":["101143"],"cve":["2013-7319"],"secunia":["55969"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"2.5.9"},{"id":6284,"title":"Download Manager \u003c= 2.2.2 - admin.php cid Parameter XSS","url":["http://packetstormsecurity.com/files/112708/"],"osvdb":["81449"],"secunia":["48927"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"2.2.3"},{"id":7706,"title":"Download Manager \u003c= 2.7.4 - Code Execution / Remote File Inclusion","url":["http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html"],"osvdb":["115287"],"exploitdb":["35533"],"vuln_type":"UPLOAD","created_at":"2014-12-03T20:37:07.000Z","updated_at":"2015-01-04T08:40:12.000Z","metasploit":"exploit/unix/webapp/wp_downloadmanager_upload","fixed_in":"2.7.5"}]}},{"codestyling-localization":{"vulnerabilities":[{"id":6285,"title":"Code Styling Localization \u003c= 1.99.17 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112709/"],"secunia":["49037"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"1.99.20"}]}},{"catablog":{"vulnerabilities":[{"id":6286,"title":"Catablog \u003c= 1.6 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112619/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"}]}},{"bad-behavior":{"vulnerabilities":[{"id":6287,"title":"Bad Behavior \u003c= 2.24 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112619/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"}]}},{"bulletproof-security":{"vulnerabilities":[{"id":6288,"title":"BulletProof Security \u003c= .47 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112618/"],"osvdb":["84736"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-10-07T20:07:08.000Z","fixed_in":".47.1"},{"id":6289,"title":"BulletProof Security - Security Log Script Insertion Vulnerability","osvdb":["95928","95929","95930"],"cve":["2013-3487"],"secunia":["53614"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":".49"},{"id":7637,"title":"BulletProof Security .50.8 - Script Insertion","url":["http://packetstormsecurity.com/files/128555/"],"vuln_type":"UNKNOWN","created_at":"2014-10-07T20:02:20.000Z","updated_at":"2014-10-07T20:04:04.000Z"},{"id":7656,"title":"BulletProof Security \u003c= .51 Multiple Vulnerabilities (XSS \u0026 SSRF)","url":["http://seclists.org/bugtraq/2014/Nov/23"],"cve":["2014-7958","2014-7959","2014-8749"],"vuln_type":"MULTI","created_at":"2014-11-05T12:59:46.000Z","updated_at":"2014-11-05T13:00:10.000Z","fixed_in":".51.1"}]}},{"better-wp-security":{"vulnerabilities":[{"id":6290,"title":"Better WP Security 3.6.3 - Online Backup Storage current_time Function Brute Force Disclosure","url":["http://packetstormsecurity.com/files/125219/"],"osvdb":["103358"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"},{"id":6291,"title":"Better WP Security 3.6.3 - /wp-admin/admin-ajax.php license Parameter Stored XSS Weakness","url":["http://packetstormsecurity.com/files/125219/"],"osvdb":["103357"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"},{"id":6292,"title":"Better WP Security 3.5.5 - inc/admin/content.php id_specialfile Parameter Stored XSS","osvdb":["101788"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"3.5.6"},{"id":6293,"title":"Better WP Security \u003c= 3.5.3 - inc/secure.php logevent Function URL Handling Stored XSS","url":["http://packetstormsecurity.com/files/122615/","https://github.com/wpscanteam/wpscan/issues/251","http://www.securityfocus.com/archive/1/527634/30/0/threaded"],"osvdb":["95884"],"secunia":["54299"],"exploitdb":["27290"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"3.5.4"},{"id":6294,"title":"Better WP Security 3.4.3 - Multiple XSS","url":["http://seclists.org/bugtraq/2012/Oct/9"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"3.4.4"},{"id":6295,"title":"Better WP Security \u003c= 3.2.4 - Cross-Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/112617/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2015-01-19T15:42:29.000Z","fixed_in":"3.2.5"}]}},{"custom-contact-forms":{"vulnerabilities":[{"id":6296,"title":"Custom Contact Forms \u003c= 5.0.0.1 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112616/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"},{"id":7542,"title":"Custom Contact Forms \u003c= 5.1.0.3 Database Import/Export","url":["http://blog.sucuri.net/2014/08/database-takeover-in-custom-contact-forms.html"],"vuln_type":"AUTHBYPASS","created_at":"2014-09-17T17:42:28.000Z","updated_at":"2014-09-29T19:42:13.000Z","metasploit":"auxiliary/admin/http/wp_custom_contact_forms","fixed_in":"5.1.0.4"}]}},{"2-click-socialmedia-button":{"vulnerabilities":[{"id":6297,"title":"2-Click-Socialmedia-Buttons \u003c= 0.34 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112615/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"},{"id":6298,"title":"2-Click-Socialmedia-Buttons \u003c= 0.32.2 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112711/"],"secunia":["49181"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"0.35"}]}},{"login-with-ajax":{"vulnerabilities":[{"id":6299,"title":"Login With Ajax - Cross Site Scripting","url":["http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-003/"],"osvdb":["81712"],"cve":["2012-2759"],"secunia":["49013"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"3.0.4.1"},{"id":6300,"title":"Login With Ajax - Cross-Site Request Forgery Vulnerability","osvdb":["93031"],"cve":["2013-2707"],"secunia":["52950"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z","fixed_in":"3.1"}]}},{"media-library-categories":{"vulnerabilities":[{"id":6301,"title":"Media Library Categories \u003c= 1.0.6 - SQL Injection Vulnerability","exploitdb":["17628"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"},{"id":6302,"title":"Media Library Categories \u003c= 1.1.1 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112697/"],"osvdb":["81916","109601"],"cve":["2012-6630"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"}]}},{"deans-fckeditor-with-pwwangs-code-plugin-for-wordpress":{"vulnerabilities":[{"id":6303,"title":"FCKeditor Deans With Pwwangs Code \u003c= 1.0.0 - Remote Shell Upload","url":["http://packetstormsecurity.com/files/111319/"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:43.000Z","updated_at":"2014-08-01T10:58:43.000Z"}]}},{"zingiri-web-shop":{"vulnerabilities":[{"id":6305,"title":"Zingiri Web Shop 2.6.4 - mform.php Unspecified Issue","osvdb":["101717"],"secunia":["56230"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z","fixed_in":"2.6.5"},{"id":6306,"title":"Zingiri Web Shop 2.5.0 - ajaxfilemanager.php path Parameter File Upload Arbitrary Code Execution","url":["http://packetstormsecurity.com/files/118318/","http://www.securityfocus.com/bid/56659","http://xforce.iss.net/xforce/xfdb/80257"],"osvdb":["87833"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z"},{"id":6307,"title":"Zingiri Web Shop 2.4.3 - Shell Upload","url":["http://packetstormsecurity.com/files/113668/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z"},{"id":6308,"title":"Zingiri Web Shop - Cookie SQL Injection Vulnerability","secunia":["49398"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z","fixed_in":"2.4.8"},{"id":6309,"title":"Zingiri Web Shop \u003c= 2.4.0 - zing.inc.php page Parameter XSS","url":["http://www.securityfocus.com/bid/53278","http://xforce.iss.net/xforce/xfdb/75178"],"osvdb":["81492"],"cve":["2012-6506"],"secunia":["48991"],"exploitdb":["18787"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z","fixed_in":"2.4.2"},{"id":6310,"title":"Zingiri Web Shop \u003c= 2.4.0 - onecheckout.php notes Parameter XSS","url":["http://www.securityfocus.com/bid/53278","http://xforce.iss.net/xforce/xfdb/75179"],"osvdb":["81493"],"cve":["2012-6506"],"secunia":["48991"],"exploitdb":["18787"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z","fixed_in":"2.4.2"},{"id":6311,"title":"Zingiri Web Shop \u003c= 2.3.5 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112684/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z"},{"id":7626,"title":"Zingiri Web Shop 2.2.0 - init.inc wpabspath Parameter Remote File Inclusion","osvdb":["75619"],"secunia":["46039"],"exploitdb":["17867"],"vuln_type":"RFI","created_at":"2014-09-28T11:34:40.000Z","updated_at":"2014-09-28T15:22:15.000Z","fixed_in":"2.2.1"}]}},{"organizer":{"vulnerabilities":[{"id":6312,"title":"Organizer 1.2.1 - Cross Site Scripting / Path Disclosure","url":["http://packetstormsecurity.com/files/112086/","http://packetstormsecurity.com/files/113800/","http://xforce.iss.net/xforce/xfdb/75107"],"osvdb":["83412"],"cve":["2012-6512"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-09-29T06:17:05.000Z"}]}},{"zingiri-tickets":{"vulnerabilities":[{"id":6314,"title":"Zingiri Tickets - File Disclosure","url":["http://packetstormsecurity.com/files/111904/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z"}]}},{"cms-tree-page-view":{"vulnerabilities":[{"id":6315,"title":"CMS Tree Page View 1.2.4 - Page Creation CSRF","osvdb":["91270"],"secunia":["52581"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z","fixed_in":"1.2.5"},{"id":6316,"title":"CMS Tree Page View 0.8.8 - XSS vulnerability","url":["https://www.htbridge.com/advisory/HTB23083","http://www.securityfocus.com/bid/52708","http://xforce.iss.net/xforce/xfdb/74337"],"osvdb":["80573"],"secunia":["48510"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z","fixed_in":"0.8.9"}]}},{"all-in-one-event-calendar":{"vulnerabilities":[{"id":6318,"title":"All-in-One Event Calendar 1.9 - wp-admin/post-new.php Multiple Parameter XSS","url":["http://www.firefart.net/sql-injection-and-xss-in-all-in-one-event-calendar-wordpress-plugin/"],"osvdb":["96271"],"secunia":["54038"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z","fixed_in":"1.10"},{"id":6319,"title":"All-in-One Event Calendar 1.9 - index.php Multiple Parameter SQL Injection","url":["http://www.firefart.net/sql-injection-and-xss-in-all-in-one-event-calendar-wordpress-plugin/"],"osvdb":["96272"],"secunia":["54038"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z","fixed_in":"1.10"},{"id":7601,"title":"All-in-One Event Calendar Plugin 1.4 \u0026 1.5 Multiple XSS ","url":["https://www.htbridge.com/advisory/HTB23082","http://seclists.org/bugtraq/2012/Apr/70"],"osvdb":["81068","81069","81070","81071"],"cve":["2012-1835"],"vuln_type":"XSS","created_at":"2014-09-27T11:39:17.000Z","updated_at":"2014-09-27T11:40:33.000Z","fixed_in":"1.8.2"}]}},{"buddypress":{"vulnerabilities":[{"id":6320,"title":"Buddypress \u003c= 1.9.1 - Crafted bp_new_group_id Cookie Arbitrary Group Manipulation","url":["http://packetstormsecurity.com/files/125213/"],"osvdb":["103308"],"cve":["2014-1889"],"secunia":["56950"],"exploitdb":["31571"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z","fixed_in":"1.9.2"},{"id":6321,"title":"Buddypress \u003c= 1.9.1 - Stored Cross-Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/125212/"],"osvdb":["103307"],"cve":["2014-1888"],"secunia":["56950"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-11-04T14:29:55.000Z","fixed_in":"1.9.2"},{"id":6322,"title":"BuddyPress 1.7.1 - Multiple SQL Injections","osvdb":["104761","104760","104759","104758","104757","104755"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-11-04T14:32:47.000Z","fixed_in":"1.7.2"},{"id":6329,"title":"Buddypress - Cross-Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/119020/","http://xforce.iss.net/xforce/xfdb/80840"],"osvdb":["88886"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-11-04T14:33:18.000Z"},{"id":6330,"title":"Buddypress \u003c= 1.5.4 - SQL Injection","osvdb":["80763"],"cve":["2012-2109"],"exploitdb":["18690"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-11-04T14:33:30.000Z","fixed_in":"1.5.5"},{"id":6331,"title":"BuddyPress 1.2.9 - SQL Injection","osvdb":["104756"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-11-04T14:33:43.000Z","fixed_in":"1.2.10"}]}},{"register-plus-redux":{"vulnerabilities":[{"id":6332,"title":"Register Plus Redux \u003c= 3.8.3 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/111367/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z"}]}},{"magn-html5-drag-and-drop-media-uploader":{"vulnerabilities":[{"id":6333,"title":"Magn WP Drag and Drop \u003c= 1.1.4 - Upload Shell Upload Vulnerability","url":["http://packetstormsecurity.com/files/110103/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:44.000Z","updated_at":"2014-08-01T10:58:44.000Z"}]}},{"kish-guest-posting":{"vulnerabilities":[{"id":6334,"title":"Kish Guest Posting 1.2 - Arbitrary File Upload","url":["http://www.securityfocus.com/bid/51638"],"osvdb":["78479"],"cve":["2012-1125","2012-5318"],"exploitdb":["18412"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-10-05T14:18:33.000Z"}]}},{"allwebmenus-wordpress-menu-plugin":{"vulnerabilities":[{"id":6335,"title":"AllWebMenus Shell Upload \u003c= 1.1.9 - Shell Upload","url":["http://packetstormsecurity.com/files/108946/"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"},{"id":6336,"title":"AllWebMenus 1.1.3 - Remote File Inclusion","osvdb":["75615"],"cve":["2011-3981"],"secunia":["46068"],"exploitdb":["17861"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"1.1.4"}]}},{"shortcode-redirect":{"vulnerabilities":[{"id":6337,"title":"Shortcode Redirect \u003c= 1.0.01 - Stored Cross Site Scripting","url":["http://packetstormsecurity.com/files/108914/","http://www.securityfocus.com/bid/51626","http://xforce.iss.net/xforce/xfdb/72620"],"cve":["2012-5325"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-10-05T14:22:55.000Z"}]}},{"ucan-post":{"vulnerabilities":[{"id":6338,"title":"uCan Post \u003c= 1.0.09 - Stored XSS","exploitdb":["18390"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"}]}},{"wp-cycle-playlist":{"vulnerabilities":[{"id":6339,"title":"WP Cycle Playlist - Multiple Vulnerabilities","url":["http://1337day.com/exploit/17396"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"}]}},{"myeasybackup":{"vulnerabilities":[{"id":6340,"title":"myEASYbackup 1.0.8.1 - Directory Traversal","url":["http://packetstormsecurity.com/files/108711/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"}]}},{"count-per-day":{"vulnerabilities":[{"id":6341,"title":"Count per Day 3.2.5 - wp-admin/index.php daytoshow Parameter XSS","url":["http://packetstormsecurity.com/files/120649/"],"osvdb":["90893"],"secunia":["52436"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"},{"id":6342,"title":"Count per Day 3.2.5 - counter.php HTTP Referer Header XSS","url":["http://packetstormsecurity.com/files/120870/"],"osvdb":["91491"],"exploitdb":["24859"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"},{"id":6343,"title":"Count Per Day 3.2.3 - notes.php Malformed Requests Remote DoS","url":["http://packetstormsecurity.com/files/120631/","http://seclists.org/fulldisclosure/2013/Mar/43"],"osvdb":["90833"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"},{"id":6344,"title":"Count Per Day 3.2.3 - Multiple Script Direct Request Path Disclosure","url":["http://packetstormsecurity.com/files/120631/","http://seclists.org/fulldisclosure/2013/Mar/43"],"osvdb":["90832"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"},{"id":6345,"title":"Count Per Day 3.2.3 - notes.php note Parameter XSS","url":["http://packetstormsecurity.com/files/115904/"],"osvdb":["84933"],"secunia":["50450"],"exploitdb":["20862"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"},{"id":6346,"title":"Count Per Day 3.2.2 - notes.php note Parameter XSS","osvdb":["84920"],"secunia":["50419"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"3.2.3"},{"id":6347,"title":"Count Per Day 3.1.1 - userperspan.php Multiple Parameter XSS","url":["http://packetstormsecurity.com/files/114787/","http://www.securityfocus.com/bid/54258"],"osvdb":["83491"],"cve":["2012-3434"],"secunia":["49692"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"3.2"},{"id":6348,"title":"Count Per Day \u003c= 3.1 - download.php f Parameter Traversal Arbitrary File Access","url":["http://xforce.iss.net/xforce/xfdb/72385","http://packetstormsecurity.org/files/108631/"],"osvdb":["78270"],"secunia":["47529"],"exploitdb":["18355"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"3.1.1"},{"id":6349,"title":"Count Per Day \u003c= 3.1 - map.php map Parameter XSS","url":["http://xforce.iss.net/xforce/xfdb/72385","http://packetstormsecurity.org/files/108631/"],"osvdb":["78271"],"secunia":["47529"],"exploitdb":["18355"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"3.1.1"},{"id":6350,"title":"Count per Day \u003c= 2.17 - SQL Injection Vulnerability","osvdb":["75598"],"secunia":["46051"],"exploitdb":["17857"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"3.0"}]}},{"wp-autoyoutube":{"vulnerabilities":[{"id":6351,"title":"WP-AutoYoutube \u003c= 0.1 - Blind SQL Injection Vulnerability","url":["http://1337day.com/exploit/17368"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"}]}},{"age-verification":{"vulnerabilities":[{"id":6352,"title":"Age Verification \u003c= 0.4 - Open Redirect","osvdb":["82584"],"cve":["2012-6499"],"exploitdb":["18350"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"}]}},{"yousaytoo-auto-publishing-plugin":{"vulnerabilities":[{"id":6353,"title":"Yousaytoo Auto Publishing \u003c= 1.0 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/108470/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"}]}},{"pay-with-tweet":{"vulnerabilities":[{"id":6354,"title":"Pay With Tweet \u003c= 1.1 - Multiple Vulnerabilities","osvdb":["78204"],"cve":["2012-5350"],"secunia":["47475"],"exploitdb":["18330"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T14:27:01.000Z"}]}},{"wp-whois":{"vulnerabilities":[{"id":6355,"title":"Whois Search \u003c= 1.4.2 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/108271/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"}]}},{"upm-polls":{"vulnerabilities":[{"id":6356,"title":"UPM-POLLS 1.0.4 - BLIND SQL injection","exploitdb":["18231"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z"}]}},{"disqus-comment-system":{"vulnerabilities":[{"id":6357,"title":"Disqus \u003c= 2.75 - Remote Code Execution Vuln","url":["http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"2.76"},{"id":6358,"title":"Disqus Comment System \u003c= 2.68 - Reflected Cross-Site Scripting (XSS)","url":["http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"2.69"},{"id":6359,"title":"Disqus Blog Comments \u003c= 2.77 - Blind SQL Injection Vulnerability","osvdb":["85935"],"exploitdb":["20913"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-12-02T09:12:38.000Z","fixed_in":"2.7.8"},{"id":7537,"title":"Disqus 2.77 CSRF","url":["https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/"],"cve":["2014-5346"],"vuln_type":"CSRF","created_at":"2014-09-17T17:07:36.000Z","updated_at":"2014-09-17T17:07:36.000Z"},{"id":7538,"title":"Disqus 2.75 XSS \u0026 CSRF","url":["https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/","https://gist.github.com/nikcub/cb5dc7a5464276c8424a"],"cve":["2014-5345","2014-5347"],"vuln_type":"MULTI","created_at":"2014-09-17T17:15:47.000Z","updated_at":"2014-09-23T13:42:26.000Z","fixed_in":"2.76"}]}},{"wp-recaptcha":{"vulnerabilities":[{"id":6360,"title":"Google reCAPTCHA \u003c= 3.1.3 - Reflected XSS Vulnerability","url":["http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"3.1.4"}]}},{"link-library":{"vulnerabilities":[{"id":6362,"title":"Link Library 5.1.6 - link-library-ajax.php Multiple Parameter SQL Injection","osvdb":["102804"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"5.1.7"},{"id":6363,"title":"Link Library 5.0.8 - wp-content/plugins/link-library/tracker.php id Parameter XSS","osvdb":["74561"],"secunia":["45588"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"5.0.9"},{"id":6364,"title":"Link Library 5.0.8 - wp-content/plugins/link-library/tracker.php id Parameter SQL Injection","osvdb":["74562"],"secunia":["45588"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"5.0.9"},{"id":6365,"title":"Link Library \u003c= 5.2.1 - SQL Injection","osvdb":["84579"],"exploitdb":["17887"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:45.000Z","updated_at":"2014-08-01T10:58:45.000Z","fixed_in":"5.7.9.7"}]}},{"cevhershare":{"vulnerabilities":[{"id":6366,"title":"CevherShare 2.0 - SQL Injection Vulnerability","exploitdb":["17891"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z"}]}},{"meenews":{"vulnerabilities":[{"id":6367,"title":"meenews 5.1 - Cross-Site Scripting Vulnerabilities","url":["http://seclists.org/bugtraq/2011/Nov/151"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z"}]}},{"clickdesk-live-support-chat":{"vulnerabilities":[{"id":6368,"title":"Click Desk Live Support Chat - Cross Site Scripting Vulnerability","url":["http://seclists.org/bugtraq/2011/Nov/148"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z","fixed_in":"2.0"}]}},{"adminimize":{"vulnerabilities":[{"id":6369,"title":"adminimize 1.7.21 - 'page' Parameter Cross Site Scripting Vulnerability","url":["http://www.securityfocus.com/bid/50745","http://seclists.org/bugtraq/2011/Nov/135"],"osvdb":["77472"],"cve":["2011-4926"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z","fixed_in":"1.7.22"}]}},{"advanced-text-widget":{"vulnerabilities":[{"id":6370,"title":"Advanced Text Widget \u003c= 2.0.0 - Cross Site Scripting Vulnerability","url":["http://seclists.org/bugtraq/2011/Nov/133"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z"}]}},{"mm-duplicate":{"vulnerabilities":[{"id":6371,"title":"MM Duplicate \u003c= 1.2 - SQL Injection Vulnerability","exploitdb":["17707"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z"}]}},{"wp-menu-creator":{"vulnerabilities":[{"id":6372,"title":"Menu Creator \u003c= 1.1.7 - SQL Injection Vulnerability","exploitdb":["17689"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z"}]}},{"allow-php-in-posts-and-pages":{"vulnerabilities":[{"id":6373,"title":"Allow PHP in Posts and Pages \u003c= 2.0.0.RC2 - SQL Injection Vulnerability","exploitdb":["17688"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z","fixed_in":"2.1.0"}]}},{"global-content-blocks":{"vulnerabilities":[{"id":6374,"title":"Global Content Blocks \u003c= 1.2 - SQL Injection Vulnerability","exploitdb":["17687"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z"}]}},{"ajaxgallery":{"vulnerabilities":[{"id":6375,"title":"Ajax Gallery \u003c= 3.0 - SQL Injection Vulnerability","exploitdb":["17686"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z"}]}},{"wp-ds-faq":{"vulnerabilities":[{"id":6376,"title":"WP DS FAQ \u003c= 1.3.2 - ajax.php id Parameter SQL Injection","osvdb":["74574"],"secunia":["45640"],"exploitdb":["17683"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z"}]}},{"wp-ds-faq-plus":{"vulnerabilities":[{"id":6379,"title":"WP DS FAQ Plus 1.0.3 - Multiple Unspecified CSRF","osvdb":["106618"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z","fixed_in":"1.0.3"},{"id":6380,"title":"WP DS FAQ Plus - Unspecified SQL Injection","osvdb":["106724"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z","fixed_in":"1.0.0"}]}},{"odihost-newsletter-plugin":{"vulnerabilities":[{"id":6381,"title":"OdiHost Newsletter \u003c= 1.0 - SQL Injection Vulnerability","exploitdb":["17681"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z"}]}},{"easy-contact-form-lite":{"vulnerabilities":[{"id":6382,"title":"Easy Contact Form Lite \u003c= 1.0.7 - SQL Injection Vulnerability","exploitdb":["17680"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-08-01T10:58:46.000Z"}]}},{"wp-symposium":{"vulnerabilities":[{"id":6383,"title":"WP Symposium 13.04 - Unvalidated Redirect","osvdb":["92274"],"cve":["2013-2694"],"secunia":["52925"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-11-04T14:02:50.000Z"},{"id":6384,"title":"WP Symposium 13.02 - Cross-Site Scripting (XSS)","osvdb":["92275"],"cve":["2013-2695"],"secunia":["52864"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-11-04T14:02:30.000Z","fixed_in":"13.04"},{"id":6385,"title":"WP Symposium \u003c= 12.09 - Multiple SQL Injections","url":["http://www.securityfocus.com/bid/57478","http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/"],"osvdb":["89455","89456","89457","89458","89459"],"secunia":["50674"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-11-04T14:01:49.000Z","fixed_in":"12.12"},{"id":6390,"title":"WP Symposium \u003c= 12.07.07 - Authentication Bypass","osvdb":["83696"],"secunia":["49791"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-11-04T14:00:03.000Z"},{"id":6391,"title":"WP Symposium \u003c= 12.06.16 - Multiple SQL Injections","osvdb":["83662","83663","83668","83675"],"secunia":["49534"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-11-04T13:59:33.000Z","fixed_in":"12.07.01"},{"id":6396,"title":"WP Symposium \u003c= 11.11.26 - Remote File Upload Code Execution","url":["http://xforce.iss.net/xforce/xfdb/72012"],"osvdb":["78042","78041"],"cve":["2011-5051"],"secunia":["46097"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:46.000Z","updated_at":"2014-11-04T13:56:11.000Z","fixed_in":"11.12.24"},{"id":6397,"title":"WP Symposium \u003c= 11.11.26 - Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/bid/51017","http://xforce.iss.net/xforce/xfdb/71748"],"osvdb":["77634"],"cve":["2011-3841"],"secunia":["47243"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-11-04T14:03:27.000Z","fixed_in":"11.12.08"},{"id":6398,"title":"WP Symposium \u003c= 0.64 - SQL Injection","osvdb":["74664"],"secunia":["47243"],"exploitdb":["17679"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-11-04T14:03:06.000Z","fixed_in":"11.08.18"},{"id":7713,"title":"WP Symposium \u003c= 14.10 - XSS and SQL Injection","url":["http://www.wpsymposium.com/2014/11/release-information-for-v14-11/","http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html"],"osvdb":["116306"],"cve":["2014-8810","2014-8809"],"exploitdb":["35505"],"vuln_type":"MULTI","created_at":"2014-12-09T09:49:26.000Z","updated_at":"2015-01-04T08:37:24.000Z","fixed_in":"14.11"},{"id":7716,"title":"WP Symposium \u003c= 14.11 - Unauthenticated Shell Upload","url":["http://www.homelab.it/index.php/2014/12/11/wordpress-wp-symposium-shell-upload/","https://www.youtube.com/watch?v=pF8lIuLT6Vs","http://blog.spiderlabs.com/2014/12/honeypot-alert-wordpress-wp-symposium-1411-unauthenticated-shell-upload-exploit-attempt.html","http://blog.sucuri.net/2014/12/wp-symposium-zero-day-vulnerability-dangers.html","http://packetstormsecurity.com/files/129884/"],"osvdb":["116046"],"cve":["2014-10021"],"exploitdb":["35543","35778"],"vuln_type":"UPLOAD","created_at":"2014-12-11T22:45:46.000Z","updated_at":"2015-01-14T12:13:01.000Z","metasploit":"exploit/unix/webapp/wp_symposium_shell_upload"}]}},{"file-groups":{"vulnerabilities":[{"id":6399,"title":"File Groups \u003c= 1.1.2 - SQL Injection Vulnerability","exploitdb":["17677"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"ip-logger":{"vulnerabilities":[{"id":6400,"title":"IP-Logger \u003c= 3.0 - SQL Injection Vulnerability","exploitdb":["17673"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"beer-recipes":{"vulnerabilities":[{"id":6401,"title":"Beer Recipes 1.0 - XSS","exploitdb":["17453"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"is-human":{"vulnerabilities":[{"id":6402,"title":"Is-human \u003c= 1.4.2 - Remote Command Execution Vulnerability","exploitdb":["17299"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"editormonkey":{"vulnerabilities":[{"id":6403,"title":"EditorMonkey - (FCKeditor) Arbitrary File Upload","exploitdb":["17284"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"sermon-browser":{"vulnerabilities":[{"id":6404,"title":"SermonBrowser 0.43 - SQL Injection","exploitdb":["17214"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"ajax-category-dropdown":{"vulnerabilities":[{"id":6405,"title":"Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities","exploitdb":["17207"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"wp-custom-pages":{"vulnerabilities":[{"id":6406,"title":"WP Custom Pages 0.5.0.1 - LFI Vulnerability","exploitdb":["17119"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"flash-album-gallery":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6407,"title":"GRAND Flash Album Gallery 2.70- \"s\" Cross-Site Scripting Vulnerability","osvdb":["93714"],"cve":["2013-3261"],"secunia":["53111"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z","fixed_in":"2.72"},{"id":6408,"title":"GRAND Flash Album Gallery 2.55 - \"gid\" SQL Injection Vulnerability","osvdb":["93087"],"secunia":["53356"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z","fixed_in":"2.56"},{"id":6409,"title":"GRAND Flash Album Gallery - Multiple Vulnerabilities","secunia":["51100"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z","fixed_in":"2.17"},{"id":6410,"title":"GRAND Flash Album Gallery 1.9.0 and 2.0.0 - Multiple Vulnerabilities","url":["http://packetstormsecurity.com/files/117665/","http://www.waraxe.us/advisory-94.html"],"secunia":["51601"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"},{"id":6411,"title":"GRAND Flash Album Gallery \u003c= 1.71 - wp-admin/admin.php skin Parameter XSS","url":["http://packetstormsecurity.com/files/112704/"],"osvdb":["81923"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z","fixed_in":"1.76"},{"id":6412,"title":"GRAND Flash Album Gallery \u003c= 1.56 - XSS Vulnerability","url":["http://seclists.org/bugtraq/2011/Nov/186"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"},{"id":6413,"title":"GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid Parameter SQL Injection","osvdb":["71072"],"secunia":["43648"],"exploitdb":["16947"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"},{"id":6414,"title":"GRAND Flash Album Gallery 0.55 - admin/news.php want2Read Parameter Traversal Arbitrary File Access","osvdb":["71073"],"secunia":["43648"],"exploitdb":["16947"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"php_speedy_wp":{"vulnerabilities":[{"id":6415,"title":"PHP Speedy \u003c= 0.5.2 - (admin_container.php) Remote Code Exec Exploit","exploitdb":["16273"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"old-post-spinner":{"vulnerabilities":[{"id":6416,"title":"OPS Old Post Spinner 2.2.1 - LFI Vulnerability","exploitdb":["16251"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"jquery-mega-menu":{"vulnerabilities":[{"id":6417,"title":"jQuery Mega Menu 1.0 - Local File Inclusion","exploitdb":["16250"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"iwant-one-ihave-one":{"vulnerabilities":[{"id":6418,"title":"IWantOneButton 3.0.1 - Multiple Vulnerabilities","exploitdb":["16236"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"forum-server":{"vulnerabilities":[{"id":6419,"title":"WP Forum Server \u003c= 1.7.3 - wpf-insert.php edit_post_id Parameter SQL Injection","url":["http://packetstormsecurity.com/files/112703/"],"osvdb":["75463"],"cve":["2012-6625"],"secunia":["45974"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z","fixed_in":"1.7.4"},{"id":6420,"title":"WP Forum Server \u003c= 1.7.3 - fs-admin/wpf-add-forum.php groupid Parameter XSS","url":["http://packetstormsecurity.com/files/112703/","http://www.securityfocus.com/bid/65215"],"osvdb":["102185"],"cve":["2012-6623"],"secunia":["49167"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"},{"id":6421,"title":"WP Forum Server \u003c= 1.7.3 - fs-admin/fs-admin.php Multiple Parameter XSS","url":["http://packetstormsecurity.com/files/112703/"],"osvdb":["81914"],"cve":["2012-6622"],"secunia":["49155"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"},{"id":6422,"title":"WP Forum Server \u003c= 1.7 - SQL Injection Vulnerability","exploitdb":["17828"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"},{"id":6423,"title":"WP Forum Server 1.6.5 - feed.php topic Parameter SQL Injection","url":["http://www.securityfocus.com/bid/46360","http://www.securityfocus.com/bid/46362"],"osvdb":["70994"],"cve":["2011-1047"],"secunia":["43306"],"exploitdb":["16235"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"},{"id":6424,"title":"WP Forum Server 1.6.5 - index.php Multiple Parameter SQL Injection","url":["http://www.securityfocus.com/bid/46362"],"osvdb":["70993"],"cve":["2011-1047"],"secunia":["43306"],"exploitdb":["16235"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"relevanssi":{"vulnerabilities":[{"id":6425,"title":"Relevanssi 3.2 - Unspecified SQL Injection","url":["http://www.securityfocus.com/bid/65960"],"osvdb":["104014"],"secunia":["56641"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z","fixed_in":"3.3"},{"id":6426,"title":"Relevanssi 2.7.2 - Stored XSS Vulnerability","osvdb":["71236"],"secunia":["43461"],"exploitdb":["16233"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z","fixed_in":"2.7.3"},{"id":7740,"title":"Relevanssi \u003c= 3.3.7.1 - Cross-Site Scripting (XSS)","cve":["2014-9443"],"secunia":["61744"],"vuln_type":"XSS","created_at":"2015-01-03T11:29:33.000Z","updated_at":"2015-01-03T11:50:12.000Z","fixed_in":"3.3.8"}]}},{"gigpress":{"vulnerabilities":[{"id":6427,"title":"GigPress 2.1.10 - Stored XSS Vulnerability","exploitdb":["16232"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"}]}},{"comment-rating":{"vulnerabilities":[{"id":6428,"title":"Comment Rating 2.9.32 - Security Bypass Weakness and SQL Injection","url":["http://packetstormsecurity.com/files/120569/"],"osvdb":["90676"],"secunia":["52348"],"exploitdb":["24552"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:47.000Z","updated_at":"2014-08-01T10:58:47.000Z"},{"id":6429,"title":"Comment Rating 2.9.23 - Multiple Vulnerabilities","osvdb":["71044"],"secunia":["43406"],"exploitdb":["16221"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z","fixed_in":"2.9.24"}]}},{"z-vote":{"vulnerabilities":[{"id":6430,"title":"Z-Vote 1.1 - SQL Injection Vulnerability","exploitdb":["16218"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"}]}},{"user-photo":{"vulnerabilities":[{"id":6431,"title":"User Photo - Component Remote File Upload Vulnerability","osvdb":["71071"],"cve":["2013-1916"],"exploitdb":["16181"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z","fixed_in":"0.9.5"}]}},{"enable-media-replace":{"vulnerabilities":[{"id":6432,"title":"Enable Media Replace - Multiple Vulnerabilities","exploitdb":["16144"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"}]}},{"mingle-forum":{"vulnerabilities":[{"id":6433,"title":"Mingle Forum \u003c= 1.0.32.1 - Cross Site Scripting / SQL Injection","url":["http://packetstormsecurity.com/files/108915/","http://xforce.iss.net/xforce/xfdb/72641"],"cve":["2012-5327"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-10-05T14:27:36.000Z"},{"id":6434,"title":"Mingle Forum \u003c= 1.0.31 - SQL Injection Vulnerability","exploitdb":["17894"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"},{"id":6435,"title":"Mingle Forum \u003c= 1.0.26 - Multiple Vulnerabilities","exploitdb":["15943"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"},{"id":6436,"title":"Mingle Forum \u003c= 1.0.33 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112696/"],"secunia":["49171"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z","fixed_in":"1.0.33.2"},{"id":6437,"title":"Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Parameter XSS","osvdb":["90432"],"cve":["2013-0734"],"secunia":["52167"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z","fixed_in":"1.0.34"},{"id":6438,"title":"Mingle Forum 1.0.33.3 - wpf.class.php search_words Parameter XSS","osvdb":["90433"],"cve":["2013-0734"],"secunia":["52167"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z","fixed_in":"1.0.34"},{"id":6439,"title":"Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter SQL Injection","osvdb":["90434"],"cve":["2013-0735"],"secunia":["52167"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z","fixed_in":"1.0.34"},{"id":6440,"title":"Mingle Forum 1.0.35 - Privilege Escalation CSRF","osvdb":["96905"],"cve":["2013-0736"],"secunia":["47687"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"},{"id":7602,"title":"Mingle Forum 1.0.28 - XSS \u0026 FPD","url":["https://www.htbridge.com/advisory/HTB22848"],"osvdb":["71840"],"vuln_type":"MULTI","created_at":"2014-09-27T11:45:28.000Z","updated_at":"2014-09-27T11:46:08.000Z","fixed_in":"1.0.31"}]}},{"accept-signups":{"vulnerabilities":[{"id":6441,"title":"Accept Signups 0.1 - XSS","exploitdb":["15808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"}]}},{"events-manager-extended":{"vulnerabilities":[{"id":6442,"title":"Events Manager Extended - Persistent XSS Vulnerability","exploitdb":["14923"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"}]}},{"nextgen-smooth-gallery":{"vulnerabilities":[{"id":6443,"title":"NextGEN Smooth Gallery - Blind SQL Injection Vulnerability","exploitdb":["14541"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"},{"id":6444,"title":"NextGen Smooth Gallery - XSS","url":["http://packetstormsecurity.com/files/123074/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"}]}},{"mylinksdump":{"vulnerabilities":[{"id":6445,"title":"myLDlinker - SQL Injection Vulnerability","exploitdb":["14441"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"}]}},{"firestats":{"vulnerabilities":[{"id":6446,"title":"Firestats - Remote Configuration File Download","exploitdb":["14308"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"}]}},{"simple-press":{"vulnerabilities":[{"id":6447,"title":"Simple Press - SQL Injection Vulnerability","exploitdb":["14198"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"}]}},{"cimy-counter":{"vulnerabilities":[{"id":6448,"title":"Cimy Counter - Vulnerabilities","exploitdb":["14057"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"}]}},{"nextgen-gallery":{"vulnerabilities":[{"id":6449,"title":"NextGEN Gallery \u0026 2.0.66 - Arbitrary File Upload","url":["http://packetstormsecurity.com/files/127340/wpnextgen2063-shell.txt"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-11-04T14:15:26.000Z","fixed_in":"2.0.66"},{"id":6450,"title":"NextGEN Gallery 2.0.0 - Directory Traversal","url":["http://seclists.org/fulldisclosure/2014/Feb/171","https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/"],"osvdb":["103473"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z","fixed_in":"2.0.7"},{"id":6451,"title":"NextGEN Gallery - swfupload.swf Cross-Site Scripting (XSS)","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html","http://www.securityfocus.com/bid/60433"],"secunia":["51271"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-11-04T14:17:19.000Z","fixed_in":"1.9.8"},{"id":6453,"title":"NextGEN Gallery 1.9.12 - Arbitrary File Upload","url":["http://wordpress.org/plugins/nextgen-gallery/changelog/"],"osvdb":["94232"],"cve":["2013-3684"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z","fixed_in":"1.9.13"},{"id":6454,"title":"NextGEN Gallery 1.9.11 - Full Path Disclosure","osvdb":["90242"],"secunia":["52137"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-11-04T14:20:50.000Z"},{"id":6455,"title":"NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS","osvdb":["97690"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-08-01T10:58:48.000Z"},{"id":6456,"title":"NextGEN Gallery \u003c= 1.9.0 - Multiple Cross-Site Scripting (XSS)","osvdb":["78363","78364","78365"],"secunia":["47588"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-11-04T14:14:15.000Z","fixed_in":"1.9.1"},{"id":6460,"title":"NextGEN Gallery \u003c= 1.8.3 - XXS \u0026 CSRF","osvdb":["76577","76576"],"secunia":["46602"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:48.000Z","updated_at":"2014-11-04T14:18:59.000Z","fixed_in":"1.8.4"},{"id":6461,"title":"NextGEN Gallery \u003c= 1.7.3 - xml/ajax.php Path Disclosure","osvdb":["72023"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z","fixed_in":"1.7.4"},{"id":6462,"title":"NextGEN Gallery \u003c= 1.5.1 - Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/bid/39250"],"osvdb":["63574"],"secunia":["39341"],"exploitdb":["12098"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-11-04T14:14:43.000Z","fixed_in":"1.5.2"}]}},{"cpl":{"vulnerabilities":[{"id":6463,"title":"Copperleaf Photolog - SQL injection","exploitdb":["11458"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"events-calendar":{"vulnerabilities":[{"id":6464,"title":"Events Calendar - SQL Injection Vulnerability","osvdb":["95677"],"exploitdb":["10929"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z","fixed_in":"6.7.10"},{"id":6465,"title":"Events Calendar - wp-admin/admin.php EC_id Parameter XSS","osvdb":["74705"],"secunia":["45717"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z","fixed_in":"6.7.12a"}]}},{"ImageManager":{"vulnerabilities":[{"id":6466,"title":"Image Manager - Shell Upload Vulnerability","exploitdb":["10325"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"wp-cumulus":{"vulnerabilities":[{"id":6467,"title":"WP-Cumulus \u003c= 1.20 - Vulnerabilities","exploitdb":["10228"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"},{"id":6468,"title":"WP-Cumulus - Cross Site Scripting Vulnerabily","url":["http://seclists.org/fulldisclosure/2011/Nov/340"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z","fixed_in":"1.23"}]}},{"wp-syntax":{"vulnerabilities":[{"id":6469,"title":"WP-Syntax \u003c 0.9.10 - Remote Command Execution","exploitdb":["9431"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z","fixed_in":"0.9.10"}]}},{"my-category-order":{"vulnerabilities":[{"id":6470,"title":"My Category Order \u003c= 2.8 - SQL Injection Vulnerability","exploitdb":["9150"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"related-sites":{"vulnerabilities":[{"id":6471,"title":"Related Sites 2.1 - Blind SQL Injection Vulnerability","exploitdb":["9054"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"dm-albums":{"vulnerabilities":[{"id":6107,"title":"SWF Vulnerable to XSS Bundled in Many WordPress Plugins","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:37.000Z","updated_at":"2014-08-01T10:58:37.000Z"},{"id":6472,"title":"DM Albums 1.9.2 - Remote File Disclosure Vulnerability","exploitdb":["9048"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"},{"id":6473,"title":"DM Albums 1.9.2 - Remote File Inclusion Vuln","exploitdb":["9043"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"photoracer":{"vulnerabilities":[{"id":6474,"title":"Photoracer 1.0 - (id) SQL Injection Vulnerability","exploitdb":["8961"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"},{"id":6475,"title":"Photoracer \u003c= 1.0 - SQL Injection Vulnerability","exploitdb":["17720"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"},{"id":6476,"title":"Photoracer \u003c= 1.0 - Multiple Vulnerabilities","exploitdb":["17731"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"wp-lytebox":{"vulnerabilities":[{"id":6477,"title":"Lytebox - Local File Inclusion Vulnerability","exploitdb":["8791"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"fmoblog":{"vulnerabilities":[{"id":6478,"title":"fMoblog 2.1 - (id) SQL Injection Vulnerability","exploitdb":["8229"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"page-flip-image-gallery":{"vulnerabilities":[{"id":6479,"title":"Page Flip Image Gallery \u003c= 0.2.2 - Remote FD Vuln","url":["http://www.securityfocus.com/bid/32966","http://xforce.iss.net/xforce/xfdb/47568"],"osvdb":["50902"],"cve":["2008-5752"],"secunia":["33274"],"exploitdb":["7543"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"wp-shopping-cart":{"vulnerabilities":[{"id":6480,"title":"e-Commerce \u003c= 3.4 - Arbitrary File Upload Exploit","exploitdb":["6867"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"downloads-manager":{"vulnerabilities":[{"id":6481,"title":"Download Manager 0.2 - Arbitrary File Upload Exploit","exploitdb":["6127"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"wpSS":{"vulnerabilities":[{"id":6482,"title":"Spreadsheet \u003c= 0.6 - SQL Injection Vulnerability","exploitdb":["5486"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"wp-download":{"vulnerabilities":[{"id":6483,"title":"Download - (dl_id) SQL Injection Vulnerability","exploitdb":["5326"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"sniplets":{"vulnerabilities":[{"id":6484,"title":"Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities","exploitdb":["5194"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"wp-photo-album":{"vulnerabilities":[{"id":6485,"title":"Photo album - Remote SQL Injection Vulnerability","exploitdb":["5135"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"sf-forum":{"vulnerabilities":[{"id":6486,"title":"Simple Forum 2.0-2.1 - SQL Injection Vulnerability","exploitdb":["5126"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"},{"id":6487,"title":"Simple Forum 1.10-1.11 - SQL Injection Vulnerability","exploitdb":["5127"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"st_newsletter":{"vulnerabilities":[{"id":6488,"title":"st_newsletter - Remote SQL Injection Vulnerability","exploitdb":["5053"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"},{"id":6489,"title":"st_newsletter - (stnl_iframe.php) SQL Injection Vulnerability","exploitdb":["6777"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"wordspew":{"vulnerabilities":[{"id":6490,"title":"Wordspew - Remote SQL Injection Vulnerability","exploitdb":["5039"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"dmsguestbook":{"vulnerabilities":[{"id":6491,"title":"dmsguestbook 1.7.0 - Multiple Remote Vulnerabilities","url":["http://packetstormsecurity.com/files/129752/"],"osvdb":["41141","41137","41138","41142"],"cve":["2008-0616"],"exploitdb":["5035"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2015-01-04T09:04:40.000Z"}]}},{"wassup":{"vulnerabilities":[{"id":6492,"title":"WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit","exploitdb":["5017"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"wp-adserve":{"vulnerabilities":[{"id":6493,"title":"Adserve 0.2 - adclick.php SQL Injection Exploit","exploitdb":["5013"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:49.000Z","updated_at":"2014-08-01T10:58:49.000Z"}]}},{"fgallery":{"vulnerabilities":[{"id":6494,"title":"fGallery 2.4.1 - fimrss.php SQL Injection Vulnerability","exploitdb":["4993"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"wp-cal":{"vulnerabilities":[{"id":6495,"title":"WP-Cal 0.3 - editevent.php SQL Injection Vulnerability","exploitdb":["4992"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"wpforum":{"vulnerabilities":[{"id":6496,"title":"plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability","exploitdb":["4939"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"},{"id":6497,"title":"plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability","exploitdb":["7738"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"wp-filemanager":{"vulnerabilities":[{"id":6498,"title":"wp-FileManager 1.2 - Remote Upload Vulnerability","exploitdb":["4844"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"},{"id":6499,"title":"wp-FileManager 1.3.0 - File Download Vulnerability","osvdb":["93446"],"secunia":["53421"],"exploitdb":["25440"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z","fixed_in":"1.4.0"}]}},{"pictpress":{"vulnerabilities":[{"id":6500,"title":"PictPress \u003c= 0.91 - Remote File Disclosure Vulnerability","exploitdb":["4695"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"backupwordpress":{"vulnerabilities":[{"id":6501,"title":"BackUp \u003c= 0.4.2b - RFI Vulnerability","exploitdb":["4593"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z","fixed_in":"0.4.3"}]}},{"myflash":{"vulnerabilities":[{"id":6502,"title":"Myflash \u003c= 1.00 - (wppath) RFI Vulnerability","exploitdb":["3828"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"},{"id":6503,"title":"Myflash - myextractXML.php path Parameter Arbitrary File Access","url":["http://packetstormsecurity.com/files/118400/"],"osvdb":["88260"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"wordtube":{"vulnerabilities":[{"id":6504,"title":"plugin wordTube \u003c= 1.43 - (wpPATH) RFI Vulnerability","exploitdb":["3825"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"wp-table":{"vulnerabilities":[{"id":6505,"title":"plugin wp-Table \u003c= 1.43 - (inc_dir) RFI Vulnerability","exploitdb":["3824"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"mygallery":{"vulnerabilities":[{"id":6506,"title":"myGallery \u003c= 1.4b4 - Remote File Inclusion Vulnerability","exploitdb":["3814"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"sendit":{"vulnerabilities":[{"id":6507,"title":"SendIt \u003c= 1.5.9 - Blind SQL Injection Vulnerability","exploitdb":["17716"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"},{"id":7567,"title":"Sendit \u003c 2.1.1 SQL Injection","osvdb":["83669"],"secunia":["49506"],"vuln_type":"SQLI","created_at":"2014-09-19T12:22:09.000Z","updated_at":"2014-09-19T12:22:21.000Z","fixed_in":"2.1.1"}]}},{"js-appointment":{"vulnerabilities":[{"id":6508,"title":"Js-appointment \u003c= 1.5 - SQL Injection Vulnerability","exploitdb":["17724"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"mm-forms-community":{"vulnerabilities":[{"id":6509,"title":"MM Forms Community \u003c= 1.2.3 - SQL Injection Vulnerability","exploitdb":["17725"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"},{"id":6510,"title":"MM Forms Community 2.2.6 - Arbitrary File Upload","exploitdb":["18997"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"super-captcha":{"vulnerabilities":[{"id":6511,"title":"Super CAPTCHA \u003c= 2.2.4 - SQL Injection Vulnerability","exploitdb":["17728"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"collision-testimonials":{"vulnerabilities":[{"id":6512,"title":"Collision Testimonials \u003c= 3.0 - SQL Injection Vulnerability","exploitdb":["17729"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"oqey-headers":{"vulnerabilities":[{"id":6513,"title":"Oqey Headers \u003c= 0.3 - SQL Injection Vulnerability","exploitdb":["17730"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"fbpromotions":{"vulnerabilities":[{"id":6514,"title":"Facebook Promotions \u003c= 1.3.3 - SQL Injection Vulnerability","exploitdb":["17737"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"evarisk":{"vulnerabilities":[{"id":6515,"title":"Evarisk 5.1.5.4 - include/lib/actionsCorrectives/activite/uploadPhotoApres.php File Upload PHP Code Execution","url":["http://packetstormsecurity.com/files/113638/"],"osvdb":["82960"],"secunia":["49521"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"},{"id":6516,"title":"Evarisk \u003c= 5.1.3.6 - SQL Injection Vulnerability","exploitdb":["17738"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"profiles":{"vulnerabilities":[{"id":6517,"title":"Profiles \u003c= 2.0RC1 - SQL Injection Vulnerability","exploitdb":["17739"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"mystat":{"vulnerabilities":[{"id":6518,"title":"mySTAT \u003c= 2.6 - SQL Injection Vulnerability","exploitdb":["17740"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"sh-slideshow":{"vulnerabilities":[{"id":6519,"title":"SH Slideshow \u003c= 3.1.4 - SQL Injection Vulnerability","exploitdb":["17748"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"copyright-licensing-tools":{"vulnerabilities":[{"id":6520,"title":"iCopyright(R) Article Tools \u003c= 1.1.4 - SQL Injection Vulnerability","exploitdb":["17749"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"advertizer":{"vulnerabilities":[{"id":6521,"title":"Advertizer \u003c= 1.0 - SQL Injection Vulnerability","exploitdb":["17750"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"event-registration":{"vulnerabilities":[{"id":6522,"title":"Event Registration \u003c= 5.44 - SQL Injection Vulnerability","exploitdb":["17814"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"},{"id":6523,"title":"Event Registration \u003c= 5.43 - SQL Injection Vulnerability","exploitdb":["17751"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"},{"id":6524,"title":"Event Registration 5.32 - SQL Injection Vulnerability","exploitdb":["15513"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"crawlrate-tracker":{"vulnerabilities":[{"id":6525,"title":"Craw Rate Tracker \u003c= 2.0.2 - SQL Injection Vulnerability","exploitdb":["17755"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"wp-audio-gallery-playlist":{"vulnerabilities":[{"id":6526,"title":"wp audio gallery playlist \u003c= 0.12 - SQL Injection Vulnerability","exploitdb":["17756"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:50.000Z","updated_at":"2014-08-01T10:58:50.000Z"}]}},{"yolink-search":{"vulnerabilities":[{"id":6527,"title":"yolink Search 2.5 - \"s\" Cross-Site Scripting Vulnerability","url":["http://www.securityfocus.com/bid/57665"],"osvdb":["89756"],"secunia":["52030"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z","fixed_in":"2.6"},{"id":6528,"title":"yolink Search \u003c= 1.1.4 - includes/bulkcrawl.php Multiple Parameter SQL Injection","osvdb":["74832"],"secunia":["45801"],"exploitdb":["17757"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"pure-html":{"vulnerabilities":[{"id":6529,"title":"PureHTML \u003c= 1.0.0 - SQL Injection Vulnerability","exploitdb":["17758"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"couponer":{"vulnerabilities":[{"id":6530,"title":"Couponer \u003c= 1.2 - SQL Injection Vulnerability","exploitdb":["17759"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"grapefile":{"vulnerabilities":[{"id":6531,"title":"grapefile \u003c= 1.1 - Arbitrary File Upload","exploitdb":["17760"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"image-gallery-with-slideshow":{"vulnerabilities":[{"id":6532,"title":"image-gallery-with-slideshow \u003c= 1.5 - Arbitrary File Upload / SQL Injection","exploitdb":["17761"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg":{"vulnerabilities":[{"id":6533,"title":"Donation \u003c= 1.0 - SQL Injection Vulnerability","exploitdb":["17763"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"wp-bannerize":{"vulnerabilities":[{"id":6534,"title":"WP Bannerize \u003c= 2.8.6 - SQL Injection Vulnerability","osvdb":["74835"],"secunia":["45811"],"exploitdb":["17764"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z","fixed_in":"2.8.7"},{"id":6535,"title":"WP Bannerize \u003c= 2.8.7 - SQL Injection Vulnerability","osvdb":["76658"],"secunia":["46236"],"exploitdb":["17906"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z","fixed_in":"2.8.8"}]}},{"search-autocomplete":{"vulnerabilities":[{"id":6536,"title":"SearchAutocomplete \u003c= 1.0.8 - SQL Injection Vulnerability","exploitdb":["17767"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"videowhisper-video-presentation":{"vulnerabilities":[{"id":6537,"title":"VideoWhisper Video Presentation \u003c= 1.1 - SQL Injection Vulnerability","exploitdb":["17771"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"},{"id":6538,"title":"VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload Vulnerability","url":["http://www.securityfocus.com/bid/53851"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"},{"id":7571,"title":"VideoWhisper Video Presentation 3.25 - vp/c_login.php room_name Parameter Reflected XSS","url":["http://codevigilant.com/disclosure/wp-plugin-videowhisper-video-presentation-a3-cross-site-scripting-xss/"],"osvdb":["108315"],"cve":["2014-4570"],"vuln_type":"XSS","created_at":"2014-09-20T19:39:11.000Z","updated_at":"2014-09-20T19:40:05.000Z","fixed_in":"3.31.2"}]}},{"facebook-opengraph-meta-plugin":{"vulnerabilities":[{"id":6539,"title":"Facebook Opengraph Meta \u003c= 1.0 - SQL Injection Vulnerability","exploitdb":["17773"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"zotpress":{"vulnerabilities":[{"id":6540,"title":"Zotpress \u003c= 4.4 - SQL Injection Vulnerability","exploitdb":["17778"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"oqey-gallery":{"vulnerabilities":[{"id":6541,"title":"oQey Gallery \u003c= 0.4.8 - SQL Injection Vulnerability","exploitdb":["17779"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"tweet-old-post":{"vulnerabilities":[{"id":6542,"title":"Tweet Old Post \u003c= 3.2.5 - SQL Injection Vulnerability","exploitdb":["17789"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"post-highlights":{"vulnerabilities":[{"id":6543,"title":"post highlights \u003c= 2.2 - SQL Injection Vulnerability","exploitdb":["17790"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"knr-author-list-widget":{"vulnerabilities":[{"id":6544,"title":"KNR Author List Widget \u003c= 2.0.0 - SQL Injection Vulnerability","exploitdb":["17791"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"scormcloud":{"vulnerabilities":[{"id":6545,"title":"SCORM Cloud \u003c= 1.0.6.6 - SQL Injection Vulnerability","osvdb":["77679"],"exploitdb":["17793"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z","fixed_in":"1.0.7"}]}},{"eventify":{"vulnerabilities":[{"id":6546,"title":"Eventify - Simple Events \u003c= 1.7.f - SQL Injection Vulnerability","exploitdb":["17794"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"paid-downloads":{"vulnerabilities":[{"id":6547,"title":"Paid Downloads \u003c= 2.01 - SQL Injection Vulnerability","exploitdb":["17797"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"community-events":{"vulnerabilities":[{"id":6548,"title":"Community Events \u003c= 1.2.1 - SQL Injection Vulnerability","exploitdb":["17798"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"1-flash-gallery":{"vulnerabilities":[{"id":6549,"title":"1-flash-gallery \u003c= 1.9.0 - XSS in ZeroClipboard.swf","url":["http://1337day.com/exploit/20396"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"},{"id":6550,"title":"1 Flash Gallery - Arbiraty File Upload Exploit (MSF)","exploitdb":["17801"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"wp-filebase":{"vulnerabilities":[{"id":6551,"title":"WP-Filebase Download Manager 0.3.0.02 - class/Admin.php GetFileHash Function Remote Command Execution","url":["http://www.securityfocus.com/bid/66341"],"osvdb":["105039"],"secunia":["57456"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z","fixed_in":"0.3.0.03"},{"id":6552,"title":"WP-Filebase 0.2.9.24- Unspecified Vulnerabilities","url":["http://xforce.iss.net/xforce/xfdb/80034"],"osvdb":["87294"],"secunia":["51269"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z","fixed_in":"0.2.9.25"},{"id":6553,"title":"WP-Filebase Download Manager \u003c= 0.2.9 - wpfb-ajax.php base Parameter SQL Injection","osvdb":["75308"],"secunia":["45931"],"exploitdb":["17808"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"a-to-z-category-listing":{"vulnerabilities":[{"id":6554,"title":"A to Z Category Listing \u003c= 1.3 - SQL Injection Vulnerability","exploitdb":["17809"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"}]}},{"wp-e-commerce":{"vulnerabilities":[{"id":6555,"title":"WP-e-Commerce 3.8.9.5 - Cross Site Scripting Vulnerability","url":["http://1337day.com/exploit/20517"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-08-01T10:58:51.000Z"},{"id":6556,"title":"WP-e-Commerce 3.8.9.5 - Remote Code Execution","url":["http://packetstormsecurity.com/files/124921/"],"osvdb":["102484","102486"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-11-04T14:35:18.000Z"},{"id":6557,"title":"WP-e-Commerce 3.8.9.5 - Local File Inclusion","url":["http://packetstormsecurity.com/files/124921/"],"osvdb":["102485"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-11-04T14:36:21.000Z"},{"id":6559,"title":"WP-e-Commerce 3.8.9.5 - GIF File Upload","url":["http://packetstormsecurity.com/files/124921/"],"osvdb":["102497"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-11-04T14:36:09.000Z"},{"id":6560,"title":"WP-e-Commerce 3.8.9 - Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/bid/56499","http://xforce.iss.net/xforce/xfdb/80048"],"osvdb":["88231"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:51.000Z","updated_at":"2014-11-04T14:35:56.000Z","fixed_in":"3.8.9.1"},{"id":6561,"title":"WP-e-Commerce 3.8.9 - SQL Injection","url":["http://www.securityfocus.com/bid/56499","http://xforce.iss.net/xforce/xfdb/80042"],"osvdb":["88232"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-11-04T14:36:58.000Z","fixed_in":"3.8.9.1"},{"id":6562,"title":"WP e-Commerce 3.8.6 - Cross-Site Scripting (XSS)","osvdb":["74295"],"secunia":["45513"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-11-04T14:36:45.000Z","fixed_in":"3.8.8"},{"id":6563,"title":"WP e-Commerce \u003c= 3.8.6 - SQL Injection Vulnerability","exploitdb":["17832"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"},{"id":7631,"title":"WP-e-Commerce \u003c= 3.8.7.5 - Unspecified SQL Injection Vulnerability","url":["http://www.securityfocus.com/bid/51637"],"cve":["2012-5310"],"secunia":["47627"],"vuln_type":"SQLI","created_at":"2014-10-05T13:51:38.000Z","updated_at":"2014-10-05T13:52:16.000Z","fixed_in":"3.8.7.6"},{"id":7653,"title":"WP-e-Commerce \u003c= 3.8.14.3 - Authorisation Bypass","url":["http://blog.sucuri.net/2014/10/security-advisory-medium-severity-wp-ecommerce-wordpress-plugin.html","https://github.com/wp-e-commerce/WP-e-Commerce/commit/390c2ecc68027fbf21fb5d99a556d88c7bd8c05b"],"osvdb":["114024"],"vuln_type":"AUTHBYPASS","created_at":"2014-11-01T10:06:46.000Z","updated_at":"2014-11-02T19:15:20.000Z","fixed_in":"3.8.14.4"}]}},{"filedownload":{"vulnerabilities":[{"id":6564,"title":"Filedownload 0.1 - (download.php) Remote File Disclosure Vulnerability","exploitdb":["17858"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"thecartpress":{"vulnerabilities":[{"id":6565,"title":"TheCartPress \u003c= 1.6 - Cross Site Sripting","url":["http://packetstormsecurity.com/files/108272/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"},{"id":6566,"title":"TheCartPress 1.1.1 - Remote File Inclusion","osvdb":["75616"],"exploitdb":["17860"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z","fixed_in":"1.1.2"}]}},{"wpeasystats":{"vulnerabilities":[{"id":6567,"title":"WPEasyStats 1.8 - Remote File Inclusion","exploitdb":["17862"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"annonces":{"vulnerabilities":[{"id":6568,"title":"Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution","url":["http://packetstormsecurity.com/files/113637/"],"osvdb":["82948"],"secunia":["49488"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"livesig":{"vulnerabilities":[{"id":6569,"title":"Livesig 0.4 - Remote File Inclusion","exploitdb":["17864"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"disclosure-policy-plugin":{"vulnerabilities":[{"id":6570,"title":"Disclosure Policy 1.0 - Remote File Inclusion","exploitdb":["17865"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"mailz":{"vulnerabilities":[{"id":6571,"title":"Mailing List 1.3.2 - Remote File Inclusion","osvdb":["75617"],"exploitdb":["17866"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z","fixed_in":"1.3.4"},{"id":6572,"title":"Mailing List - Arbitrary file download","exploitdb":["18276"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z","fixed_in":"1.4.1"}]}},{"g-web-shop":{"vulnerabilities":[{"id":6574,"title":"Zingiri Web Shop \u003c= 2.2.3 - ajax_file_cut.php selectedDoc Parameter Remote PHP Code","url":["http://www.securityfocus.com/bid/50700"],"osvdb":["77091"],"secunia":["46835"],"exploitdb":["18111"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-09-19T15:20:18.000Z","fixed_in":"2.2.4"}]}},{"mini-mail-dashboard-widget":{"vulnerabilities":[{"id":6575,"title":"Mini Mail Dashboard Widget 1.36 - wp-mini-mail.php abspath Parameter Remote File Inclusion","osvdb":["75402"],"secunia":["45953"],"exploitdb":["17868"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z","fixed_in":"1.37"},{"id":6576,"title":"Mini Mail Dashboard Widget 1.42 - Message Body XSS","osvdb":["85135"],"exploitdb":["20358"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z","fixed_in":"1.43"}]}},{"relocate-upload":{"vulnerabilities":[{"id":6577,"title":"Relocate Upload 0.14 - Remote File Inclusion","exploitdb":["17869"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"category-grid-view-gallery":{"vulnerabilities":[{"id":6578,"title":"Category Grid View Gallery 0.1.1 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"},{"id":6579,"title":"Category Grid View Gallery 2.3.1 - CatGridPost.php ID Parameter XSS","url":["http://packetstormsecurity.com/files/122259/"],"osvdb":["94805"],"cve":["2013-4117"],"secunia":["54035"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z","fixed_in":"2.3.3"}]}},{"auto-attachments":{"vulnerabilities":[{"id":6580,"title":"Auto Attachments 0.2.9 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"wp-marketplace":{"vulnerabilities":[{"id":6581,"title":"WP Marketplace 1.1.0 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"dp-thumbnail":{"vulnerabilities":[{"id":6582,"title":"DP Thumbnail 1.0 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"vk-gallery":{"vulnerabilities":[{"id":6583,"title":"Vk Gallery 1.1.0 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"rekt-slideshow":{"vulnerabilities":[{"id":6584,"title":"Rekt Slideshow 1.0.5 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"cac-featured-content":{"vulnerabilities":[{"id":6585,"title":"CAC Featured Content 0.8 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"rent-a-car":{"vulnerabilities":[{"id":6586,"title":"Rent A Car 1.0 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"lisl-last-image-slider":{"vulnerabilities":[{"id":6587,"title":"LISL Last Image Slider 1.0 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"islidex":{"vulnerabilities":[{"id":6588,"title":"Islidex 2.7 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"kino-gallery":{"vulnerabilities":[{"id":6589,"title":"Kino Gallery 1.0 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"cms-pack-cache":{"vulnerabilities":[{"id":6590,"title":"Cms Pack 1.3 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"a-gallery":{"vulnerabilities":[{"id":6591,"title":"A Gallery 0.9 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"category-list-portfolio-page":{"vulnerabilities":[{"id":6592,"title":"Category List Portfolio Page 0.9 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"really-easy-slider":{"vulnerabilities":[{"id":6593,"title":"Really Easy Slider 0.1 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:52.000Z","updated_at":"2014-08-01T10:58:52.000Z"}]}},{"verve-meta-boxes":{"vulnerabilities":[{"id":6594,"title":"Verve Meta Boxes 1.2.8 - Shell Upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"}]}},{"user-avatar":{"vulnerabilities":[{"id":6595,"title":"User Avatar 1.3.7 - shell upload vulnerability","exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"}]}},{"extend-wordpress":{"vulnerabilities":[{"id":6596,"title":"Extend 1.3.7 - Shell Upload vulnerability","url":["http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/"],"osvdb":["75638"],"cve":["2011-4106"],"exploitdb":["17872"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"}]}},{"adrotate":{"vulnerabilities":[{"id":6597,"title":"AdRotate \u003c= 3.9.4 - clicktracker.php track Parameter SQL Injection","url":["http://packetstormsecurity.com/files/125330/"],"osvdb":["103578"],"cve":["2014-1854"],"secunia":["57079"],"exploitdb":["31834"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"3.9.5"},{"id":6598,"title":"AdRotate \u003c= 3.6.6 - SQL Injection Vulnerability","osvdb":["77507"],"cve":["2011-4671"],"secunia":["46814"],"exploitdb":["18114"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"3.6.8"},{"id":6599,"title":"AdRotate \u003c= 3.6.5 - SQL Injection Vulnerability","url":["http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html"],"osvdb":["77507"],"cve":["2011-4671"],"exploitdb":["17888"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"3.6.8"}]}},{"wp-spamfree":{"vulnerabilities":[{"id":6600,"title":"WP-SpamFree 3.2.1 - Spam SQL Injection Vulnerability","exploitdb":["17970"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"}]}},{"gd-star-rating":{"vulnerabilities":[{"id":6601,"title":"GD Star Rating 1.9.22 - gd-star-rating-stats.php s Parameter SQL Injection","url":["http://packetstormsecurity.com/files/125932/","http://seclists.org/fulldisclosure/2014/Mar/399","https://security.dxw.com/advisories/xss-csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/"],"osvdb":["105085"],"cve":["2014-2839"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2015-01-14T11:47:24.000Z"},{"id":6602,"title":"GD Star Rating 1.9.22 - gd-star-rating-stats.php Setting Manipulation CSRF","url":["http://packetstormsecurity.com/files/125932/","http://seclists.org/fulldisclosure/2014/Mar/399","https://security.dxw.com/advisories/xss-csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/"],"osvdb":["105086"],"cve":["2014-2838"],"secunia":["57667"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2015-01-14T11:48:45.000Z"},{"id":6603,"title":"GD Star Rating 1.9.18 - Export Security Bypass Security Issue","osvdb":["105086"],"secunia":["49850"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"1.9.19"},{"id":6604,"title":"GD Star Rating \u003c= 1.9.16 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/112702/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"},{"id":6605,"title":"GD Star Rating \u003c= 1.9.10 - gd-star-rating/export.php de Parameter SQL Injection","osvdb":["83466"],"exploitdb":["17973"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"},{"id":6606,"title":"GD Star Rating 1.9.7 - gd-star-rating/widgets/widget_top.php wpfn Parameter XSS","url":["http://seclists.org/bugtraq/2011/Feb/219"],"osvdb":["71060"],"secunia":["43403"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"}]}},{"contact-form-wordpress":{"vulnerabilities":[{"id":6607,"title":"Contact Form \u003c= 2.7.5 - SQL Injection","exploitdb":["17980"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"}]}},{"wp-photo-album-plus":{"vulnerabilities":[{"id":6608,"title":"WP Photo Album Plus \u003c= 4.1.1 - SQL Injection","exploitdb":["17983"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-12-05T17:24:25.000Z","fixed_in":"4.2.0"},{"id":6609,"title":"WP Photo Album Plus \u003c 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS","osvdb":["88851"],"secunia":["51669","51679"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-12-05T17:25:26.000Z","fixed_in":"4.8.12"},{"id":6610,"title":"WP Photo Album Plus - Full Path Disclosure","url":["http://1337day.com/exploit/20125"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"4.9.1"},{"id":6611,"title":"WP Photo Album Plus - index.php wppa-tag Parameter XSS","osvdb":["89165"],"secunia":["51829"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"4.9.3"},{"id":6612,"title":"WP Photo Album Plus - \"commentid\" Cross-Site Scripting Vulnerability","osvdb":["93033"],"cve":["2013-3254"],"secunia":["53105"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"5.0.3"},{"id":6613,"title":"WP Photo Album Plus - wp-admin/admin.php edit_id Parameter XSS","osvdb":["94465"],"secunia":["53915"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"5.0.11"},{"id":7550,"title":"WP Photo Album Plus 5.4.5 - 5.4.8 Stored XSS","url":["https://vexatioustendencies.com/stored-xss-in-wp-photo-album-plus-5-4-5/","https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-1/"],"vuln_type":"XSS","created_at":"2014-09-17T18:15:06.000Z","updated_at":"2014-09-17T18:15:59.000Z","fixed_in":"5.4.8"},{"id":7624,"title":"WP Photo Album Plus 5.4.4 \u0026 5.4.3 Cross-Site Scripting (XSS)","url":["http://www.intelligentexploit.com/view-details.html?id=19787"],"vuln_type":"XSS","created_at":"2014-09-28T10:09:31.000Z","updated_at":"2014-09-28T10:09:58.000Z","fixed_in":"5.4.5"},{"id":7686,"title":"WP Photo Album Plus 5.4.17 Reflected XSS","url":["http://security.szurek.pl/wp-photo-album-plus-5417-reflected-xss.html"],"cve":["2014-8814"],"vuln_type":"XSS","created_at":"2014-11-24T08:43:56.000Z","updated_at":"2014-11-24T08:44:15.000Z","fixed_in":"5.4.18"}]}},{"backwpup":{"vulnerabilities":[{"id":6614,"title":"BackWPUp 2.1.4 - Code Execution","exploitdb":["17987"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"},{"id":6615,"title":"plugin BackWPup 1.5.2, 1.6.1, 1.7.1 - Remote and Local Code Execution Vulnerability","osvdb":["71481"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"},{"id":6616,"title":"BackWPup 3.0.12 - wp-admin/admin.php tab Parameter XSS","url":["https://www.htbridge.com/advisory/HTB23161","http://packetstormsecurity.com/files/122916/"],"osvdb":["96505"],"cve":["2013-4626"],"secunia":["54515"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"3.0.13"}]}},{"portable-phpmyadmin":{"vulnerabilities":[{"id":6617,"title":"portable-phpMyAdmin - Authentication Bypass","osvdb":["88391"],"cve":["2012-5469"],"secunia":["51520"],"exploitdb":["23356"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"1.3.1"},{"id":6618,"title":"Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure","url":["http://www.securityfocus.com/bid/63249","http://seclists.org/oss-sec/2013/q4/138"],"osvdb":["98766"],"cve":["2013-4454"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"},{"id":6619,"title":"Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass","url":["http://seclists.org/oss-sec/2013/q4/138"],"osvdb":["98767"],"cve":["2013-4462"],"secunia":["55270"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z"}]}},{"super-refer-a-friend":{"vulnerabilities":[{"id":6620,"title":"super-refer-a-friend - Full Path Disclosure","url":["http://1337day.com/exploit/20126"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"1.0"}]}},{"w3-total-cache":{"vulnerabilities":[{"id":6621,"title":"W3 Total Cache 0.9.2.4 - Username and Hash Extract","url":["http://seclists.org/fulldisclosure/2012/Dec/242","https://github.com/FireFart/W3TotalCacheExploit"],"osvdb":["92742","92741"],"cve":["2012-6079","2012-6078"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-09-28T07:49:56.000Z","metasploit":"auxiliary/gather/wp_w3_total_cache_hash_extract","fixed_in":"0.9.2.5"},{"id":6622,"title":"W3 Total Cache - Remote Code Execution","url":["http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/","http://wordpress.org/support/topic/pwn3d","http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html"],"osvdb":["92652"],"cve":["2013-2010"],"secunia":["53052"],"exploitdb":["25137"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-10-02T20:38:40.000Z","metasploit":"exploit/unix/webapp/php_wordpress_total_cache","fixed_in":"0.9.2.9"},{"id":7621,"title":"W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF","url":["http://seclists.org/fulldisclosure/2014/Sep/29"],"osvdb":["111231"],"vuln_type":"CSRF","created_at":"2014-09-28T07:49:02.000Z","updated_at":"2014-09-28T07:49:02.000Z"},{"id":7717,"title":"W3 Total Cache \u003c= 0.9.4 - Cross-Site Request Forgery (CSRF)","url":["http://mazinahmed1.blogspot.com/2014/12/w3-total-caches-w3totalfail.html"],"vuln_type":"CSRF","created_at":"2014-12-12T09:15:25.000Z","updated_at":"2014-12-12T16:18:00.000Z","fixed_in":"0.9.4.1"},{"id":7718,"title":"W3 Total Cache \u003c= 0.9.4 - Debug Mode XSS","cve":["2014-8724"],"vuln_type":"XSS","created_at":"2014-12-12T09:20:23.000Z","updated_at":"2014-12-12T09:20:47.000Z","fixed_in":"0.9.4.1"}]}},{"wp-super-cache":{"vulnerabilities":[{"id":6623,"title":"WP-Super-Cache 1.3 - Remote Code Execution","url":["http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/","http://wordpress.org/support/topic/pwn3d","http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"1.3.1"},{"id":6624,"title":"WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS","osvdb":["92832"],"cve":["2013-2008"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"1.3.1"},{"id":6625,"title":"WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS","osvdb":["92831"],"cve":["2013-2008"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"1.3.1"},{"id":6626,"title":"WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS","osvdb":["92830"],"cve":["2013-2008"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:53.000Z","updated_at":"2014-08-01T10:58:53.000Z","fixed_in":"1.3.1"},{"id":6627,"title":"WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS","osvdb":["92829"],"cve":["2013-2008"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"1.3.1"},{"id":6628,"title":"WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS","osvdb":["92828"],"cve":["2013-2008"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"1.3.1"},{"id":6629,"title":"WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS","osvdb":["92827"],"cve":["2013-2008"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"1.3.1"}]}},{"ripe-hd-player":{"vulnerabilities":[{"id":6630,"title":"ripe-hd-player 1.0 - ripe-hd-player/config.php id Parameter SQL Injection","url":["http://xforce.iss.net/xforce/xfdb/81415"],"osvdb":["89437"],"exploitdb":["24229"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z"},{"id":6631,"title":"ripe-hd-player 1.0 - Multiple Script Direct Request Path Disclosure","url":["http://www.securityfocus.com/bid/57473","http://xforce.iss.net/xforce/xfdb/81414"],"osvdb":["89438"],"exploitdb":["24229"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z"}]}},{"floating-tweets":{"vulnerabilities":[{"id":6632,"title":"floating-tweets - persistent XSS","url":["http://packetstormsecurity.com/files/119499/","http://websecurity.com.ua/6023/"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z"},{"id":6633,"title":"floating-tweets - directory traversal","url":["http://packetstormsecurity.com/files/119499/","http://websecurity.com.ua/6023/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z"}]}},{"ipfeuilledechou":{"vulnerabilities":[{"id":6634,"title":"ipfeuilledechou - SQL Injection Vulnerability","url":["http://www.exploit4arab.com/exploits/377","http://1337day.com/exploit/20206"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z"}]}},{"simple-login-log":{"vulnerabilities":[{"id":6635,"title":"Simple Login Log - XSS","secunia":["51780"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"0.9.4"},{"id":6636,"title":"Simple Login Log - SQL Injection","secunia":["51780"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"0.9.4"}]}},{"wp-slimstat":{"vulnerabilities":[{"id":6637,"title":"WP SlimStat \u003c= 3.5.5 - Overview URI Stored XSS","url":["https://github.com/getusedtoit/wp-slimstat/issues/3"],"osvdb":["104428"],"cve":["2014-100027"],"secunia":["57305"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2015-01-13T22:02:33.000Z","fixed_in":"3.5.6"},{"id":6638,"title":"WP SlimStat 2.8.4 - wp-content/plugins/wp-slimstat/admin/view/panel1.php s Parameter XSS","osvdb":["89052"],"secunia":["51721"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"2.8.5"},{"id":7744,"title":"WP SlimStat \u003c= 3.9.1 - Cross-Site Scripting (XSS)","url":["https://wordpress.org/plugins/wp-slimstat/changelog/"],"vuln_type":"XSS","created_at":"2015-01-06T10:23:23.000Z","updated_at":"2015-01-07T08:38:16.000Z","fixed_in":"3.9.2"}]}},{"wp-slimstat-ex":{"vulnerabilities":[{"id":6639,"title":"SlimStat-Ex - Open Flash Chart Arbitrary File Creation Vulnerability","url":["http://packetstormsecurity.com/files/123494/"],"secunia":["55160"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z"}]}},{"browser-rejector":{"vulnerabilities":[{"id":6640,"title":"Browser Rejector - Remote and Local File Inclusion","osvdb":["89053"],"secunia":["51739"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"2.11"}]}},{"wp-file-uploader":{"vulnerabilities":[{"id":6641,"title":"File Uploader - PHP File Upload Vulnerability","url":["http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z"}]}},{"cardoza-wordpress-poll":{"vulnerabilities":[{"id":6642,"title":"Cardoza WordPress poll 34.05 - Multiple External Function Remote Poll Manipulation","url":["http://seclists.org/bugtraq/2013/Jan/86","http://packetstormsecurity.com/files/119736/"],"osvdb":["89443"],"cve":["2013-1401"],"secunia":["51925"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"34.06"},{"id":6643,"title":"Cardoza WordPress poll - CWPPoll.js Multiple Method pollid Parameter SQL Injection","url":["http://packetstormsecurity.com/files/119736/","http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html","http://seclists.org/bugtraq/2013/Jan/86"],"osvdb":["89444"],"cve":["2013-1400"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z"},{"id":6644,"title":"Cardoza WordPress poll - Multiple SQL Injection Vulnerabilities","secunia":["50910"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"33.6"}]}},{"devformatter":{"vulnerabilities":[{"id":6645,"title":"Developer Formatter 2013.0.1.40 - devformatter.php Multiple Action CSRF","url":["http://packetstormsecurity.com/files/119731/","http://seclists.org/bugtraq/2013/Jan/91","http://1337day.com/exploit/20210"],"osvdb":["89475"],"secunia":["51912"],"exploitdb":["24294"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"2013.0.1.41"},{"id":6646,"title":"Developer Formatter 2013.0.1.40 - devformatter.php Multiple Field XSS","url":["http://seclists.org/bugtraq/2013/Jan/91"],"osvdb":["89474"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"2013.0.1.41"}]}},{"dvs-custom-notification":{"vulnerabilities":[{"id":6647,"title":"DVS Custom Notification - Cross-Site Request Forgery Vulnerability","osvdb":["89441"],"cve":["2012-4921"],"secunia":["51531"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"1.0.1"}]}},{"events-manager":{"vulnerabilities":[{"id":6648,"title":"Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabilities","osvdb":["98198"],"secunia":["55182"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-08-01T10:58:54.000Z","fixed_in":"5.5.2"},{"id":6649,"title":"Events Manager 5.3.8 - Multiple Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/bid/60078"],"osvdb":["93556","93557","93558"],"secunia":["53478"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-11-04T14:39:57.000Z","fixed_in":"5.3.9"},{"id":6652,"title":"Events Manager 5.3.5 - Multiple Cross-Site Scripting (XSS)","osvdb":["90913","90914","90915"],"secunia":["52475"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-11-04T14:41:31.000Z","fixed_in":"5.3.6"},{"id":6655,"title":"Events Manager 5.3.3 - Multiple Cross-Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/120688/","http://www.securityfocus.com/bid/57477"],"osvdb":["89488","89487","89486"],"cve":["2013-1407"],"secunia":["51869"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:54.000Z","updated_at":"2014-11-04T14:43:08.000Z","fixed_in":"5.3.4"}]}},{"solvemedia":{"vulnerabilities":[{"id":6658,"title":"SolveMedia 1.1.0 - plugins.php API Key Manipulation CSRF","url":["http://1337day.com/exploit/20222"],"osvdb":["89585"],"secunia":["51927"],"exploitdb":["24364"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"1.1.1"},{"id":6659,"title":"SolveMedia 1.1.0 -  solvemedia.admin.inc Admin Options Page CSRF","osvdb":["106320"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"1.1.1"}]}},{"usc-e-shop":{"vulnerabilities":[{"id":6660,"title":"Welcart e-Commerce 1.3.12 - wp-admin/admin-ajax.php Multiple Parameter DOM-Based XSS","url":["http://packetstormsecurity.com/files/125513/","http://www.securityfocus.com/bid/65954"],"osvdb":["103956"],"secunia":["57222"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z"},{"id":6661,"title":"Welcart e-Commerce 1.3.12 - purchase_limit Parameter DOM-based XSS","url":["http://packetstormsecurity.com/files/125513/","http://www.securityfocus.com/bid/65954"],"osvdb":["103955"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z"},{"id":6662,"title":"Welcart e-Commerce 1.3.12 - wp-admin/admin.php Multiple Parameter SQL Injection","url":["http://packetstormsecurity.com/files/125513/","http://www.securityfocus.com/bid/65954"],"osvdb":["103954"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z"},{"id":6663,"title":"Welcart e-Commerce - wp-admin/admin.php Multiple Parameter SQL Injection","url":["http://packetstormsecurity.com/files/125513/","http://www.securityfocus.com/bid/65954"],"osvdb":["103954"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z"},{"id":6664,"title":"Welcart e-Commerce - Cross-Site Scripting and Request Forgery Vulnerabilities","secunia":["51581"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z"}]}},{"knews":{"vulnerabilities":[{"id":6665,"title":"Knews 1.2.5 - Multilingual Newsletters Cross-Site Request Forgery Vulnerability","url":["http://www.securityfocus.com/bid/56926","http://xforce.iss.net/xforce/xfdb/80661"],"osvdb":["88427"],"secunia":["51543"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"1.2.6"},{"id":6666,"title":"Knews 1.2.5 - Unspecified XSS","osvdb":["88426"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"1.2.6"},{"id":6667,"title":"Knews 1.1.0 - wysiwyg/fontpicker/index.php ff Parameter XSS","osvdb":["83643"],"secunia":["49825"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"1.1.1"}]}},{"video-lead-form":{"vulnerabilities":[{"id":6668,"title":"Video Lead Form - \"errMsg\" Cross-Site Scripting Vulnerability","osvdb":["88002"],"cve":["2012-6312"],"secunia":["51419"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z"}]}},{"sagepay-direct-for-woocommerce-payment-gateway":{"vulnerabilities":[{"id":6669,"title":"WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DRedirect.php Multiple Parameter Reflected XSS","osvdb":["102882"],"secunia":["56801"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"0.1.6.7"},{"id":6670,"title":"WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DCallBack.php Multiple Parameter Reflected XSS","osvdb":["102746"],"secunia":["56801"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"0.1.6.7"},{"id":6671,"title":"WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DComplete.php Multiple Parameter Reflected XSS","osvdb":["102747"],"secunia":["56801"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"0.1.6.7"}]}},{"woocommerce-predictive-search":{"vulnerabilities":[{"id":6672,"title":"WooCommerce Predictive Search - index.php rs Parameter XSS","url":["http://www.securityfocus.com/bid/56703"],"osvdb":["87890"],"secunia":["51385"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"1.0.6"}]}},{"woocommerce":{"vulnerabilities":[{"id":6673,"title":"WooCommerce 2.0.17 - hide-wc-extensions-message Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/123684/","http://www.securityfocus.com/bid/63228"],"osvdb":["98754"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"2.0.17"},{"id":6674,"title":"WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS","url":["http://packetstormsecurity.com/files/122465/"],"osvdb":["95480"],"secunia":["53930"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"2.0.13"},{"id":7575,"title":"WooCommerce 2.1.12 - wp-admin/admin.php range Parameter Reflected XSS","url":["http://seclists.org/fulldisclosure/2014/Sep/59","https://security.dxw.com/advisories/reflected-xss-in-woocommerce-excelling-ecommerce-allows-attackers-ability-to-do-almost-anything-an-admin-user-can-do/"],"osvdb":["111611"],"vuln_type":"XSS","created_at":"2014-09-21T12:19:29.000Z","updated_at":"2014-09-21T12:20:04.000Z","fixed_in":"2.2.3"},{"id":7699,"title":"WooCommerce \u003c= 2.2.2 - Reflected XSS","url":["http://seclists.org/fulldisclosure/2014/Sep/59"],"osvdb":["111611"],"cve":["2014-6313"],"secunia":["61377"],"vuln_type":"XSS","created_at":"2014-12-01T19:37:56.000Z","updated_at":"2014-12-01T19:38:59.000Z"}]}},{"wp-e-commerce-predictive-search":{"vulnerabilities":[{"id":6675,"title":"WP e-Commerce Predictive Search - \"rs\" Cross-Site Scripting Vulnerability","secunia":["51384"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z"}]}},{"wp-tiger":{"vulnerabilities":[{"id":6676,"title":"vTiger - CRM Lead Capture Unspecified Vulnerability","secunia":["51305"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"1.1.0"}]}},{"wp-postviews":{"vulnerabilities":[{"id":6678,"title":"WP-PostViews 1.62 - Setting Manipulation CSRF","osvdb":["93096"],"cve":["2013-3252"],"secunia":["53127"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"1.63"}]}},{"dx-contribute":{"vulnerabilities":[{"id":6679,"title":"DX-Contribute - Cross-Site Request Forgery Vulnerability","secunia":["51082"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z"}]}},{"wysija-newsletters":{"vulnerabilities":[{"id":6680,"title":"MailPoet Newsletters 2.6.6 - Theme File Upload Handling Remote Code Execution","url":["http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html","http://www.openwall.com/lists/oss-security/2014/07/02/1"],"osvdb":["108614"],"cve":["2014-4725"],"secunia":["59455"],"exploitdb":["33991"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-09-21T07:36:53.000Z","metasploit":"exploit/unix/webapp/wp_wysija_newsletters_upload","fixed_in":"2.6.7"},{"id":6681,"title":"Wysija Newsletters 2.2 - SQL Injection Vulnerability","url":["https://www.htbridge.com/advisory/HTB23140","http://packetstormsecurity.com/files/120089/","http://seclists.org/bugtraq/2013/Feb/29","http://cxsecurity.com/issue/WLB-2013020039"],"osvdb":["89924"],"cve":["2013-1408"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"2.2.1"},{"id":6682,"title":"Wysija Newsletters - swfupload Cross-Site Scripting Vulnerability","url":["http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html"],"secunia":["51249"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"2.1.7"},{"id":7573,"title":"MailPoet Newsletters  2.6.7 - helpers/back.php page Parameter Unspecified Issue","url":["http://www.securityfocus.com/bid/68462"],"osvdb":["108912"],"cve":["2014-4726"],"vuln_type":"UNKNOWN","created_at":"2014-09-21T07:28:08.000Z","updated_at":"2014-09-21T07:28:42.000Z","fixed_in":"2.6.8"},{"id":7574,"title":"MailPoet Newsletters 2.6.10 - Unspecified CSRF","osvdb":["110475"],"cve":["2014-3907"],"vuln_type":"CSRF","created_at":"2014-09-21T08:24:03.000Z","updated_at":"2014-09-21T08:24:33.000Z","fixed_in":"2.6.11"}]}},{"hitasoft_player":{"vulnerabilities":[{"id":6683,"title":"Hitasoft FLV Player - \"id\" SQL Injection Vulnerability","secunia":["51179"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z"}]}},{"spider-calendar":{"vulnerabilities":[{"id":6684,"title":"Spider Calendar 1.3.0 - Multiple Vulnerabilities","osvdb":["93584"],"secunia":["53481"],"exploitdb":["25723"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z"},{"id":6685,"title":"Spider Calendar 1.1.0 - \"many_sp_calendar\" Cross-Site Scripting Vulnerability","osvdb":["86604"],"secunia":["50981"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"1.1.1"},{"id":6686,"title":"Spider Calendar 1.0.1 - front_end/spidercalendarbig.php date Parameter XSS","url":["http://packetstormsecurity.org/files/117078/"],"osvdb":["85897"],"secunia":["50812"],"exploitdb":["21715"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:55.000Z","updated_at":"2014-08-01T10:58:55.000Z","fixed_in":"1.1.3"},{"id":6687,"title":"Spider Calendar 1.0.1 - spidercalendarbig_seemore.php calendar_id Parameter SQL Injection","url":["http://packetstormsecurity.org/files/117078/"],"osvdb":["85898"],"secunia":["50812"],"exploitdb":["21715"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"1.1.3"}]}},{"dynamic-font-replacement-4wp":{"vulnerabilities":[{"id":6688,"title":"Dynamic Font Replacement 1.3 - SQL Injection Vulnerability","url":["http://1337day.com/exploit/20239"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z"}]}},{"form":{"vulnerabilities":[{"id":6689,"title":"Zingiri Form Builder - \"error\" Cross-Site Scripting Vulnerability","secunia":["50983"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"1.2.1"}]}},{"white-label-cms":{"vulnerabilities":[{"id":6690,"title":"White Label CMS - Cross-Site Request Forgery Vulnerability","secunia":["50487"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"1.5.1"}]}},{"download-shortcode":{"vulnerabilities":[{"id":6691,"title":"Download Shortcode - \"file\" Arbitrary File Disclosure Vulnerability","secunia":["50924"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"0.2.1"}]}},{"eshop-magic":{"vulnerabilities":[{"id":6692,"title":"eShop Magic 0.1 - eshop-magic/download.php file Parameter Traversal Arbitrary File Access","url":["http://xforce.iss.net/xforce/xfdb/79222"],"osvdb":["86155"],"secunia":["50933"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"0.2"}]}},{"pinterest-pin-it-button":{"vulnerabilities":[{"id":6693,"title":"Pinterest \"Pin It\" Button Lite 1.3.1 - Multiple Unspecified Vulnerabilities","osvdb":["85956"],"secunia":["50868"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"1.4.0"}]}},{"css-plus":{"vulnerabilities":[{"id":6694,"title":"CSS Plus 1.3.1 - Unspecified Vulnerabilities","osvdb":["85875"],"secunia":["50793"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"1.3.2"}]}},{"multisite-plugin-manager":{"vulnerabilities":[{"id":6695,"title":"Multisite plugin Manager 3.1.1 - Two Cross-Site Scripting Vulnerabilities","osvdb":["85818"],"secunia":["50762"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"3.1.2"}]}},{"abc-test":{"vulnerabilities":[{"id":6696,"title":"ABC Test - \"id\" Cross-Site Scripting Vulnerability","url":["http://scott-herbert.com/?p=142"],"osvdb":["85773"],"secunia":["50608"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z"}]}},{"token-manager":{"vulnerabilities":[{"id":6697,"title":"Token Manager 1.0.2 - \"tid\" Cross-Site Scripting Vulnerabilities","osvdb":["85738"],"secunia":["50722"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z"}]}},{"sexy-add-template":{"vulnerabilities":[{"id":6698,"title":"Sexy Add Template 1.0 - PHP Code Execution CSRF","osvdb":["85730"],"secunia":["50709"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z"}]}},{"notices":{"vulnerabilities":[{"id":6699,"title":"Notices Ticker 5.0 - Cross-Site Request Forgery Vulnerability","url":["http://packetstormsecurity.org/files/116774/"],"osvdb":["85729"],"secunia":["50717"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z"}]}},{"mf-gig-calendar":{"vulnerabilities":[{"id":6700,"title":"MF Gig Calendar 0.9.4.1 - URL Cross-Site Scripting Vulnerability","url":["http://packetstormsecurity.org/files/116713/"],"osvdb":["85682"],"cve":["2012-4242"],"secunia":["50571"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z"}]}},{"wp-topbar":{"vulnerabilities":[{"id":6701,"title":"WP-TopBar 4.02 - wp-topbar.php wptbbartext Parameter XSS","osvdb":["85659"],"secunia":["50693"],"exploitdb":["21393"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"4.03"},{"id":6702,"title":"WP-TopBar 4.02 - TopBar Message Manipulation CSRF","osvdb":["85660"],"secunia":["50693"],"exploitdb":["21393"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"4.03"},{"id":6703,"title":"wp-topbar \u003c= 3.04 - XSS in ZeroClipboard.swf","url":["http://1337day.com/exploit/20396"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z"}]}},{"webplayer":{"vulnerabilities":[{"id":6704,"title":"HD Webplayer - Two SQL Injection Vulnerabilities","osvdb":["87832"],"secunia":["50466"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z"}]}},{"cloudsafe365-for-wp":{"vulnerabilities":[{"id":6705,"title":"Cloudsafe365 - Multiple Vulnerabilities","secunia":["50392"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"1.47"}]}},{"vitamin":{"vulnerabilities":[{"id":6706,"title":"Vitamin 1.0 - add_headers.php path Parameter Traversal Arbitrary File Access","osvdb":["84463"],"cve":["2012-6651"],"secunia":["50176"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"1.1"},{"id":6707,"title":"Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access","osvdb":["84464"],"cve":["2012-6651"],"secunia":["50176"],"vuln_type":"LFI","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"1.1"}]}},{"featured-post-with-thumbnail":{"vulnerabilities":[{"id":6708,"title":"Featured Post with thumbnail 1.4 - Unspecified timthumb Vulnerability","osvdb":["84460"],"secunia":["50161"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"1.5"}]}},{"wp-effective-lead-management":{"vulnerabilities":[{"id":6709,"title":"WP Lead Management 3.0.0 - Script Insertion Vulnerabilities","osvdb":["84462"],"secunia":["50166"],"exploitdb":["20270"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z"}]}},{"xve-various-embed":{"vulnerabilities":[{"id":6710,"title":"XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities","secunia":["50173"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"1.0.4"}]}},{"g-lock-double-opt-in-manager":{"vulnerabilities":[{"id":6711,"title":"G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities","url":["http://packetstormsecurity.org/files/115173/"],"osvdb":["84434"],"secunia":["50100"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z"}]}},{"kau-boys-backend-localization":{"vulnerabilities":[{"id":6712,"title":"Backend Localization 1.6.1 - options-general.php kau-boys_backend_localization_language Parameter XSS","osvdb":["84418"],"secunia":["50099"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"2.0"},{"id":6713,"title":"Backend Localization 1.6.1 - wp-login.php kau-boys_backend_localization_language Parameter XSS","osvdb":["84419"],"secunia":["50099"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"2.0"}]}},{"flexi-quote-rotator":{"vulnerabilities":[{"id":6714,"title":"Flexi Quote Rotator - Cross-Site Request Forgery and SQL Injection Vulnerabilities","secunia":["49910"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:56.000Z","updated_at":"2014-08-01T10:58:56.000Z","fixed_in":"0.9.2"}]}},{"gotmls":{"vulnerabilities":[{"id":6715,"title":"Get Off Malicious Scripts - Cross-Site Scripting Vulnerability","secunia":["50030"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z","fixed_in":"1.2.07.20"}]}},{"cimy-user-extra-fields":{"vulnerabilities":[{"id":6716,"title":"Cimy User Extra Fields - Arbitrary File Upload Vulnerability","secunia":["49975"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z","fixed_in":"2.3.9"}]}},{"nmedia-user-file-uploader":{"vulnerabilities":[{"id":6717,"title":"N-Media File Uploader Plugin \u003c 2.0 Arbitrary File Upload","secunia":["49996"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-09-28T10:15:24.000Z","fixed_in":"2.0"},{"id":7625,"title":"N-Media File Uploader Plugin \u003c 3.4 Arbitrary File Upload ","url":["http://jvn.jp/en/jp/JVN87863382/index.html"],"cve":["2014-5324"],"vuln_type":"UPLOAD","created_at":"2014-09-28T10:13:21.000Z","updated_at":"2014-09-28T10:14:42.000Z","fixed_in":"3.5"}]}},{"wp-explorer-gallery":{"vulnerabilities":[{"id":6718,"title":"wp-explorer-gallery - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/20251"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"accordion":{"vulnerabilities":[{"id":6719,"title":"accordion - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/20254"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"wp-catpro":{"vulnerabilities":[{"id":6720,"title":"wp-catpro - Arbitrary File Upload Vulnerability","url":["http://1337day.com/exploit/20256"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"RLSWordPressSearch":{"vulnerabilities":[{"id":6721,"title":"RLSWordPressSearch - register.php agentid Parameter SQL Injection","url":["http://packetstormsecurity.com/files/119938/"],"osvdb":["89824"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"wordpress-simple-shout-box":{"vulnerabilities":[{"id":6722,"title":"wordpress-simple-shout-box - SQL Injection","url":["http://cxsecurity.com/issue/WLB-2013010235"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"portfolio-slideshow-pro":{"vulnerabilities":[{"id":6723,"title":"portfolio-slideshow-pro v3 - SQL Injection","url":["http://cxsecurity.com/issue/WLB-2013010236"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"simple-history":{"vulnerabilities":[{"id":6724,"title":"Simple History - RSS Feed \"rss_secret\" Disclosure Weakness","url":["http://www.securityfocus.com/bid/57628"],"osvdb":["89640"],"secunia":["51998"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z","fixed_in":"1.0.8"}]}},{"p1m-media-manager":{"vulnerabilities":[{"id":6725,"title":"p1m media manager - SQL Injection Vulnerability","url":["http://1337day.com/exploit/20270"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"wp-table-reloaded":{"vulnerabilities":[{"id":6726,"title":"wp-table-reloaded \u003c= 1.9.3 - zeroclipboard.swf id Parameter XSS","url":["http://packetstormsecurity.com/files/119968/","http://seclists.org/bugtraq/2013/Feb/28","http://www.securityfocus.com/bid/57664"],"osvdb":["89754"],"cve":["2013-1463"],"secunia":["52027"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z","fixed_in":"1.9.4"}]}},{"wordpress-gallery":{"vulnerabilities":[{"id":6727,"title":"Gallery - \"load\" Remote File Inclusion Vulnerability","url":["http://www.securityfocus.com/bid/57650"],"osvdb":["89753"],"cve":["2012-4919"],"secunia":["51347"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"forumconverter":{"vulnerabilities":[{"id":6728,"title":"ForumConverter - SQL Injection Vulnerability","url":["http://1337day.com/exploit/20275"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"newsletter":{"vulnerabilities":[{"id":6729,"title":"Newsletter - SQL Injection Vulnerability","url":["http://1337day.com/exploit/20287"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z","fixed_in":"3.0.9"},{"id":6730,"title":"Newsletter 3.2.6 - \"alert\" Cross-Site Scripting Vulnerability","url":["http://packetstormsecurity.com/files/121634/","http://www.securityfocus.com/bid/59856","http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php"],"osvdb":["93421"],"secunia":["53398"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z","fixed_in":"3.2.7"}]}},{"commentluv":{"vulnerabilities":[{"id":6731,"title":"CommentLuv 2.92.3 - Cross Site Scripting Vulnerability","url":["https://www.htbridge.com/advisory/HTB23138","http://packetstormsecurity.com/files/120090/","http://seclists.org/bugtraq/2013/Feb/30","http://cxsecurity.com/issue/WLB-2013020040"],"osvdb":["89925"],"cve":["2013-1409"],"secunia":["52092"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z","fixed_in":"2.92.4"}]}},{"wp-forum":{"vulnerabilities":[{"id":6732,"title":"wp-forum - SQL Injection","url":["http://cxsecurity.com/issue/WLB-2013020035"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"wp-ecommerce-shop-styling":{"vulnerabilities":[{"id":6733,"title":"WP ecommerce Shop Styling 1.7.2 - generate-pdf.php dompdf Parameter Remote File Inclusion","osvdb":["89921"],"cve":["2013-0724"],"secunia":["51707"],"vuln_type":"RFI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z","fixed_in":"1.8"}]}},{"audio-player":{"vulnerabilities":[{"id":6734,"title":"Audio Player - player.swf playerID Parameter XSS","url":["http://packetstormsecurity.com/files/120129/","http://seclists.org/bugtraq/2013/Feb/35"],"osvdb":["89963"],"cve":["2013-1464"],"secunia":["52083"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z","fixed_in":"2.0.4.6"}]}},{"ckeditor-for-wordpress":{"vulnerabilities":[{"id":6735,"title":"CKEditor 4.0 - Arbitrary File Upload Exploit","url":["http://1337day.com/exploit/20318"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"myftp-ftp-like-plugin-for-wordpress":{"vulnerabilities":[{"id":6736,"title":"myftp-ftp-like-plugin-for-wordpress v2 - SQL Injection","url":["http://cxsecurity.com/issue/WLB-2013020061"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"password-protected":{"vulnerabilities":[{"id":6737,"title":"Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect","osvdb":["90559"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"contact-form-plugin":{"vulnerabilities":[{"id":6738,"title":"Contact Form 3.34 - contact_form.php cntctfrm_contact_message Parameter XSS","osvdb":["90502"],"secunia":["52179"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z","fixed_in":"3.35"},{"id":6739,"title":"Contact Form 3.36 - contact_form.php cntctfrm_contact_email Parameter XSS","osvdb":["90503"],"secunia":["52250"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"smart-flv":{"vulnerabilities":[{"id":6740,"title":"smart-flv - jwplayer.swf XSS","url":["http://www.openwall.com/lists/oss-security/2013/02/24/7","http://packetstormsecurity.com/files/115100/"],"osvdb":["90606"],"cve":["2013-1765"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"GoogleAlertandtwitterplugin":{"vulnerabilities":[{"id":6741,"title":"Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection","url":["http://1337day.com/exploit/20433"],"vuln_type":"MULTI","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"php-shell":{"vulnerabilities":[{"id":6742,"title":"PHP Shell Plugin","url":["https://github.com/wpscanteam/wpscan/issues/138","http://plugins.svn.wordpress.org/php-shell/trunk/shell.php"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"marekkis-watermark":{"vulnerabilities":[{"id":6743,"title":"Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS","url":["http://packetstormsecurity.com/files/120378/","http://seclists.org/bugtraq/2013/Feb/83"],"osvdb":["90362"],"cve":["2013-1758"],"secunia":["52227"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"responsive-logo-slideshow":{"vulnerabilities":[{"id":6744,"title":"Responsive Logo Slideshow - URL and Image Field XSS","url":["http://packetstormsecurity.com/files/120379/","http://seclists.org/bugtraq/2013/Feb/84"],"osvdb":["90406"],"cve":["2013-1759"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"zopim-live-chat":{"vulnerabilities":[{"id":6745,"title":"zopim-live-chat \u003c= 1.2.5 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"osvdb":["90374"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:57.000Z","updated_at":"2014-08-01T10:58:57.000Z"}]}},{"ed2k-link-selector":{"vulnerabilities":[{"id":6746,"title":"ed2k-link-selector \u003c= 1.1.7 - XSS in ZeroClipboard","url":["http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"wppygments":{"vulnerabilities":[{"id":6747,"title":"wppygments \u003c= 0.3.2 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"osvdb":["90374"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"copy-in-clipboard":{"vulnerabilities":[{"id":6748,"title":"copy-in-clipboard \u003c= 0.8 - XSS in ZeroClipboard","url":["http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"search-and-share":{"vulnerabilities":[{"id":6749,"title":"search-and-share 0.9.3 - SearchAndShare.php Direct Request Path Disclosure","url":["http://packetstormsecurity.com/files/121595/","http://seclists.org/fulldisclosure/2013/May/49"],"osvdb":["93260"],"vuln_type":"FPD","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"},{"id":6750,"title":"search-and-share \u003c= 0.9.3 - XSS in ZeroClipboard","url":["http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"placester":{"vulnerabilities":[{"id":6751,"title":"placester \u003c= 0.3.12 - XSS in ZeroClipboard","url":["http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"drp-coupon":{"vulnerabilities":[{"id":6752,"title":"drp-coupon \u003c= 2.1 - XSS in ZeroClipboard","url":["http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"coupon-code-plugin":{"vulnerabilities":[{"id":6753,"title":"coupon-code-plugin \u003c= 2.1 - XSS in ZeroClipboard","url":["http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"q2w3-inc-manager":{"vulnerabilities":[{"id":6754,"title":"q2w3-inc-manager \u003c= 2.3.1 - XSS in ZeroClipboard","url":["http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"scorerender":{"vulnerabilities":[{"id":6755,"title":"scorerender \u003c= 0.3.4 - XSS in ZeroClipboard","url":["http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"wp-link-to-us":{"vulnerabilities":[{"id":6756,"title":"wp-link-to-us \u003c= 2.0 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"buckets":{"vulnerabilities":[{"id":6757,"title":"buckets \u003c= 0.1.9.2 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"java-trackback":{"vulnerabilities":[{"id":6758,"title":"java-trackback \u003c= 0.2 - XSS in ZeroClipboard","url":["http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"slidedeck2":{"vulnerabilities":[{"id":6759,"title":"slidedeck2 2.3.3 - Unspecified File Inclusion","osvdb":["105132"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z","fixed_in":"2.3.5"},{"id":6760,"title":"slidedeck2 \u003c= 2.1.20130228 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"wp-clone-by-wp-academy":{"vulnerabilities":[{"id":6761,"title":"wp-clone-by-wp-academy \u003c= 2.1.1 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"tiny-url":{"vulnerabilities":[{"id":6762,"title":"tiny-url \u003c= 1.3.2 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"thethe-layout-grid":{"vulnerabilities":[{"id":6763,"title":"thethe-layout-grid \u003c= 1.0.0 - XSS in ZeroClipboard.","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"paypal-digital-goods-monetization-powered-by-cleeng":{"vulnerabilities":[{"id":6764,"title":"paypal-digital-goods-monetization-powered-by-cleeng \u003c= 2.2.13 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"mobileview":{"vulnerabilities":[{"id":6765,"title":"mobileview \u003c= 1.0.7 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"jaspreetchahals-coupons-lite":{"vulnerabilities":[{"id":6766,"title":"jaspreetchahals-coupons-lite \u003c= 2.1 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"geshi-source-colorer":{"vulnerabilities":[{"id":6767,"title":"geshi-source-colorer \u003c= 0.13 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"click-to-copy-grab-box":{"vulnerabilities":[{"id":6768,"title":"click-to-copy-grab-box \u003c= 0.1.1 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-10-16T09:21:39.000Z"}]}},{"cleeng":{"vulnerabilities":[{"id":6769,"title":"cleeng \u003c= 2.3.2 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"bp-code-snippets":{"vulnerabilities":[{"id":6770,"title":"bp-code-snippets \u003c= 2.0 - XSS in ZeroClipboard","url":["http://www.openwall.com/lists/oss-security/2013/03/10/2","http://1337day.com/exploit/20396"],"cve":["2013-1808"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"snazzy-archives":{"vulnerabilities":[{"id":6771,"title":"snazzy-archives \u003c= 1.7.1 - swf/tagcloud.swf tagcloud Parameter XSS","url":["http://www.openwall.com/lists/oss-security/2013/03/10/3"],"osvdb":["91127"],"cve":["2009-4168"],"secunia":["52527"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z","fixed_in":"1.7.2"}]}},{"vkontakte-api":{"vulnerabilities":[{"id":6772,"title":"vkontakte-api - vkontakte-api/swf/tagcloud.swf tagcloud Parameter XSS","url":["http://seclists.org/oss-sec/2013/q1/616","http://www.openwall.com/lists/oss-security/2013/03/11/1"],"osvdb":["91128"],"cve":["2009-4168"],"secunia":["52539"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"terillion-reviews":{"vulnerabilities":[{"id":6773,"title":"Terillion Reviews \u003c 1.2 - Profile Id Field XSS","url":["http://packetstormsecurity.com/files/120730/","http://www.securityfocus.com/bid/58415","http://xforce.iss.net/xforce/xfdb/82727"],"osvdb":["91123"],"cve":["2013-2501"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"o2s-gallery":{"vulnerabilities":[{"id":6774,"title":"o2s-gallery - Cross Site Scripting Vulnerability","url":["http://1337day.com/exploit/20516"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"bp-gallery":{"vulnerabilities":[{"id":6775,"title":"bp-gallery 1.2.5 - Cross Site Scripting Vulnerability","url":["http://1337day.com/exploit/20518"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"simply-poll":{"vulnerabilities":[{"id":6776,"title":"Simply Poll 1.4.1 - wp-admin/admin.php question Parameter XSS","url":["http://packetstormsecurity.com/files/120833/"],"osvdb":["91446"],"exploitdb":["24850"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"},{"id":6777,"title":"Simply Poll 1.4.1 - wp-admin/admin.php Poll Manipulation CSRF","url":["http://packetstormsecurity.com/files/120833/"],"osvdb":["91447"],"secunia":["52681"],"exploitdb":["24850"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"occasions":{"vulnerabilities":[{"id":6778,"title":"Occasions 1.0.4 - Manipulation CSRF","url":["http://packetstormsecurity.com/files/120871/"],"osvdb":["91489"],"secunia":["52651"],"exploitdb":["24858"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"},{"id":6779,"title":"Occasions 1.0.4 - occasions/occasions.php occ_content1 Parameter XSS","url":["http://packetstormsecurity.com/files/120871/"],"osvdb":["91490"],"exploitdb":["24858"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:58.000Z","updated_at":"2014-08-01T10:58:58.000Z"}]}},{"mathjax-latex":{"vulnerabilities":[{"id":6780,"title":"Mathjax Latex 1.1 - Setting Manipulation CSRF","url":["http://packetstormsecurity.com/files/120931/","http://1337day.com/exploit/20566"],"osvdb":["91737"],"exploitdb":["24889"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"1.2"}]}},{"wp-banners-lite":{"vulnerabilities":[{"id":6781,"title":"WP-Banners-Lite 1.4.0 - XSS vulnerability","url":["http://packetstormsecurity.com/files/120928/","http://seclists.org/fulldisclosure/2013/Mar/209","http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"}]}},{"backupbuddy":{"vulnerabilities":[{"id":6782,"title":"Backupbuddy - importbuddy.php Direct Request Remote Backup File Disclosure","url":["http://packetstormsecurity.com/files/120923/","http://seclists.org/fulldisclosure/2013/Mar/206"],"osvdb":["91631"],"cve":["2013-2741"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"},{"id":6783,"title":"Backupbuddy - importbuddy.php step Parameter Manipulation Authentication Bypass","url":["http://packetstormsecurity.com/files/120923/","http://seclists.org/fulldisclosure/2013/Mar/206"],"osvdb":["91890"],"cve":["2013-2743"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"},{"id":6784,"title":"Backupbuddy - importbuddy.php step Parameter Remote PHP Information Disclosure","url":["http://packetstormsecurity.com/files/120923/","http://seclists.org/fulldisclosure/2013/Mar/206","http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html"],"osvdb":["91891"],"cve":["2013-2744"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"},{"id":6785,"title":"Backupbuddy - importbuddy.php Restore Operation Persistence Weakness","url":["http://packetstormsecurity.com/files/120923/","http://seclists.org/fulldisclosure/2013/Mar/206"],"osvdb":["91892"],"cve":["2013-2742"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"}]}},{"wp-funeral-press":{"vulnerabilities":[{"id":6786,"title":"FuneralPress 1.1.6 - Persistent XSS","url":["http://seclists.org/fulldisclosure/2013/Mar/282"],"osvdb":["91868"],"cve":["2013-3529"],"exploitdb":["24914"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"}]}},{"chikuncount":{"vulnerabilities":[{"id":6787,"title":"chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability","exploitdb":["24492"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","metasploit":"exploit/unix/webapp/open_flash_chart_upload_exec"}]}},{"open-flash-chart-core-wordpress-plugin":{"vulnerabilities":[{"id":6788,"title":"open-flash-chart-core - ofc_upload_image.php Arbitrary File Upload Vulnerability","cve":["2009-4140"],"secunia":["37903"],"exploitdb":["24492"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","metasploit":"exploit/unix/webapp/open_flash_chart_upload_exec","fixed_in":"0.5"}]}},{"spamtask":{"vulnerabilities":[{"id":6789,"title":"spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability","exploitdb":["24492"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","metasploit":"exploit/unix/webapp/open_flash_chart_upload_exec"}]}},{"php-analytics":{"vulnerabilities":[{"id":6790,"title":"php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability","exploitdb":["24492"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","metasploit":"exploit/unix/webapp/open_flash_chart_upload_exec"}]}},{"seo-spy-google-wordpress-plugin":{"vulnerabilities":[{"id":6791,"title":"seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability","exploitdb":["24492"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","metasploit":"exploit/unix/webapp/open_flash_chart_upload_exec"}]}},{"wp-seo-spy-google":{"vulnerabilities":[{"id":6792,"title":"wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability","exploitdb":["24492"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","metasploit":"exploit/unix/webapp/open_flash_chart_upload_exec"}]}},{"podpress":{"vulnerabilities":[{"id":6793,"title":"podPress 8.8.10.13 - players/1pixelout/1pixelout_player.swf playerID Parameter XSS","url":["http://packetstormsecurity.com/files/121011/"],"osvdb":["91129"],"cve":["2013-2714"],"secunia":["52544"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"8.8.10.17"}]}},{"fbsurveypro":{"vulnerabilities":[{"id":6794,"title":"fbsurveypro - XSS Vulnerability","url":["http://1337day.com/exploit/20623"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"}]}},{"timelineoptinpro":{"vulnerabilities":[{"id":6795,"title":"timelineoptinpro - XSS Vulnerability","url":["http://1337day.com/exploit/20620"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"}]}},{"kioskprox":{"vulnerabilities":[{"id":6796,"title":"kioskprox - XSS Vulnerability","url":["http://1337day.com/exploit/20624"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"}]}},{"bigcontact":{"vulnerabilities":[{"id":6797,"title":"bigcontact - SQLI","url":["http://plugins.trac.wordpress.org/changeset/689798"],"vuln_type":"SQLI","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"1.4.7"}]}},{"drawblog":{"vulnerabilities":[{"id":6798,"title":"drawblog - CSRF","url":["http://plugins.trac.wordpress.org/changeset/691178"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"0.81"}]}},{"social-media-widget":{"vulnerabilities":[{"id":6799,"title":"Social Media Widget - malicious code","url":["https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=691839@social-media-widget/trunk\u0026new=693941@social-media-widget/trunk","http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"4.0.2"},{"id":6800,"title":"Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection","url":["http://seclists.org/oss-sec/2013/q2/10"],"osvdb":["92312"],"cve":["2013-1949"],"secunia":["53020"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"4.0.1"}]}},{"facebook-members":{"vulnerabilities":[{"id":6801,"title":"facebook-members 5.0.4 - Setting Manipulation CSRF","osvdb":["92642"],"cve":["2013-2703"],"secunia":["52962"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"5.0.5"}]}},{"foursquare-checkins":{"vulnerabilities":[{"id":6802,"title":"foursquare-checkins - CSRF","osvdb":["92641"],"cve":["2013-2709"],"secunia":["53151"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"1.3"}]}},{"formidable":{"vulnerabilities":[{"id":6803,"title":"Formidable Forms 1.06.03 - ofc_upload_image.php Shell Upload Remote Code Execution","url":["http://www.securityfocus.com/bid/67390","http://packetstormsecurity.com/files/126583/"],"osvdb":["106985"],"vuln_type":"RCE","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"},{"id":6804,"title":"formidable Pro - Unspecified Vulnerabilities","secunia":["53121"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"1.06.09"}]}},{"all-in-one-webmaster":{"vulnerabilities":[{"id":6805,"title":"All in one webmaster 8.2.3 - Script Insertion CSRF","osvdb":["92640"],"cve":["2013-2696"],"secunia":["52877"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"8.2.4"}]}},{"background-music":{"vulnerabilities":[{"id":6806,"title":"background-music 1.0 - jPlayer.swf XSS","secunia":["53057"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"}]}},{"haiku-minimalist-audio-player":{"vulnerabilities":[{"id":6807,"title":"haiku-minimalist-audio-player \u003c= 1.1.0 - jPlayer.swf XSS","osvdb":["92254"],"secunia":["51336"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"1.1.0"}]}},{"jammer":{"vulnerabilities":[{"id":6808,"title":"jammer \u003c= 0.2 - jPlayer.swf XSS","osvdb":["92254"],"secunia":["53106"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z"}]}},{"syntaxhighlighter":{"vulnerabilities":[{"id":6809,"title":"SyntaxHighlighter Evolved 3.1.9 - Unspecified XSS","osvdb":["106587"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"3.1.10"},{"id":6810,"title":"SyntaxHighlighter Evolved 3.1.5 - clipboard.swf Unspecified XSS","osvdb":["92848"],"secunia":["53235"],"vuln_type":"XSS","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"3.1.6"}]}},{"top-10":{"vulnerabilities":[{"id":6811,"title":"top-10 1.9.2 - Setting Manipulation CSRF","osvdb":["92849"],"secunia":["53205"],"vuln_type":"CSRF","created_at":"2014-08-01T10:58:59.000Z","updated_at":"2014-08-01T10:58:59.000Z","fixed_in":"1.9.3"}]}},{"easy-adsense-lite":{"vulnerabilities":[{"id":6812,"title":"Easy AdSense Lite 6.06 - Setting Manipulation CSRF","osvdb":["92910"],"cve":["2013-2702"],"secunia":["52953"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"6.10"}]}},{"uk-cookie":{"vulnerabilities":[{"id":6813,"title":"uk-cookie - XSS","url":["http://seclists.org/bugtraq/2012/Nov/50"],"osvdb":["87561"],"cve":["2012-5856"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z"},{"id":6814,"title":"uk-cookie - CSRF","url":["http://www.openwall.com/lists/oss-security/2013/06/06/10"],"osvdb":["94032"],"cve":["2013-2180"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z"}]}},{"wp-cleanfix":{"vulnerabilities":[{"id":6815,"title":"wp-cleanfix - Remote Command Execution, CSRF and XSS","url":["https://github.com/wpscanteam/wpscan/issues/186","http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning"],"osvdb":["93450","93468"],"cve":["2013-2108","2013-2109"],"secunia":["53395"],"vuln_type":"MULTI","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"3.0.2"}]}},{"mail-on-update":{"vulnerabilities":[{"id":6816,"title":"Mail On Update 5.1.0 - Email Option Manipulation CSRF","url":["http://www.openwall.com/lists/oss-security/2013/05/16/8"],"osvdb":["93452"],"secunia":["53449"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"5.2.0"}]}},{"advanced-xml-reader":{"vulnerabilities":[{"id":6817,"title":"Advanced XML Reader 0.3.4 - XML External Entity (XXE) Injection","url":["http://packetstormsecurity.com/files/121492/"],"vuln_type":"XXE","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z"},{"id":6818,"title":"Advanced XML Reader 0.1.1 - XML External Entity (XXE) Data Parsing Arbitrary File Disclosure","url":["http://seclists.org/bugtraq/2013/May/5"],"osvdb":["92904"],"vuln_type":"XXE","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z"}]}},{"related-posts-by-zemanta":{"vulnerabilities":[{"id":6819,"title":"Related Posts by Zemanta 1.3.1 - Cross-Site Request Forgery Vulnerability","osvdb":["93364"],"cve":["2013-3477"],"secunia":["53321"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"1.3.2"}]}},{"wordpress-23-related-posts-plugin":{"vulnerabilities":[{"id":6820,"title":"WordPress Related Posts 2.6.1 - Cross-Site Request Forgery Vulnerability","osvdb":["93362"],"cve":["2013-3476"],"secunia":["53279"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"2.7.2"}]}},{"related-posts":{"vulnerabilities":[{"id":6821,"title":"Related Posts 2.7.1 - Cross-Site Request Forgery Vulnerability","url":["http://www.securityfocus.com/bid/59836"],"osvdb":["93363"],"cve":["2013-3257"],"secunia":["53122"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"2.7.2"}]}},{"wp-print-friendly":{"vulnerabilities":[{"id":6822,"title":"WP Print Friendly 3.3.7 - wp-admin/options.php printfriendly_option custom_image Parameter XSS","url":["http://packetstormsecurity.com/files/125420/"],"osvdb":["103874"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"0.5.3"},{"id":6823,"title":"WP Print Friendly \u003c= 0.5.2 - Security Bypass Vulnerability","osvdb":["93243"],"secunia":["53371"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"0.5.3"}]}},{"contextual-related-posts":{"vulnerabilities":[{"id":6824,"title":"Contextual Related Posts 1.8.10.1 - contextual-related-posts.php Multiple Parameter SQL Injection","url":["http://www.securityfocus.com/bid/67853"],"osvdb":["104655"],"cve":["2014-3937"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"1.8.10.2"},{"id":6825,"title":"Contextual Related Posts 1.8.6 - Cross-Site Request Forgery Vulnerability","osvdb":["93088"],"cve":["2013-2710"],"secunia":["52960"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"1.8.7"}]}},{"calendar":{"vulnerabilities":[{"id":6826,"title":"Calendar 1.3.2 - Entry Addition CSRF","osvdb":["93025"],"cve":["2013-2698"],"secunia":["52841"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"1.3.3"}]}},{"feedweb":{"vulnerabilities":[{"id":6827,"title":"Feedweb 2.4 - DOM Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/bid/65800"],"osvdb":["103788"],"secunia":["57108"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2015-01-15T18:06:07.000Z"},{"id":6828,"title":"Feedweb \u003c= 1.8.8 - Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/bid/58771"],"osvdb":["91951"],"cve":["2013-3720"],"secunia":["52855"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2015-01-15T18:07:37.000Z","fixed_in":"1.9"},{"id":7755,"title":"Feedweb 2.4.1-3.0.6 - SQL Injection","url":["http://wordpressa.quantika14.com/repository/index.php?id=26"],"vuln_type":"SQLI","created_at":"2015-01-15T18:03:06.000Z","updated_at":"2015-01-15T18:03:35.000Z","fixed_in":"3.0.7"}]}},{"wp-print":{"vulnerabilities":[{"id":6829,"title":"WP-Print 2.51 - Setting Manipulation CSRF","url":["http://www.securityfocus.com/bid/58900"],"osvdb":["92053"],"cve":["2013-2693"],"secunia":["52878"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"2.52"}]}},{"trafficanalyzer":{"vulnerabilities":[{"id":6830,"title":"Traffic Analyzer 3.3.2 - js/ta_loaded.js.php aoid Parameter XSS","url":["http://packetstormsecurity.com/files/121167/"],"osvdb":["92197"],"cve":["2013-3526"],"secunia":["52929"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z"}]}},{"wp-download-manager":{"vulnerabilities":[{"id":6831,"title":"WP-DownloadManager 1.60 - Script Insertion CSRF","url":["http://www.securityfocus.com/bid/58937"],"osvdb":["92119"],"cve":["2013-2697"],"secunia":["52863"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"1.61"}]}},{"digg-digg":{"vulnerabilities":[{"id":6832,"title":"Digg Digg 5.3.4 - Setting Manipulation CSRF","url":["http://www.securityfocus.com/bid/60046","http://xforce.iss.net/xforce/xfdb/84418"],"osvdb":["93544"],"cve":["2013-3258"],"secunia":["53120"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"5.3.5"}]}},{"ssquiz":{"vulnerabilities":[{"id":6833,"title":"SS Quiz - Multiple Unspecified Vulnerabilities","url":["http://wordpress.org/plugins/ssquiz/changelog/"],"osvdb":["93531"],"secunia":["53378"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"2.0"}]}},{"funcaptcha":{"vulnerabilities":[{"id":6834,"title":"FunCaptcha 0.3.2- Setting Manipulation CSRF","url":["http://wordpress.org/extend/plugins/funcaptcha/changelog/"],"osvdb":["92272"],"secunia":["53021"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"0.3.3"},{"id":6835,"title":"FunCaptcha 0.4.3 - wp_funcaptcha_admin_activate.php URI XSS","osvdb":["100392"],"secunia":["55863"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"0.4.4"}]}},{"xili-language":{"vulnerabilities":[{"id":6836,"title":"xili-language - index.php lang Parameter XSS","osvdb":["93233"],"secunia":["53364"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"2.8.6"}]}},{"wordpress-seo":{"vulnerabilities":[{"id":6837,"title":"WordPress SEO - Security issue which allowed any user to reset settings","url":["http://wordpress.org/plugins/wordpress-seo/changelog/"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:00.000Z","updated_at":"2014-08-01T10:59:00.000Z","fixed_in":"1.4.5"},{"id":6839,"title":"WordPress SEO \u003c 1.4.7 - Reset Settings Feature Access Restriction Bypass","osvdb":["92147"],"secunia":["52949"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-09-17T09:07:36.000Z","fixed_in":"1.4.7"}]}},{"underconstruction":{"vulnerabilities":[{"id":6841,"title":"Under Construction 1.08 - Setting Manipulation CSRF","url":["http://wordpress.org/plugins/underconstruction/changelog/"],"osvdb":["93857"],"cve":["2013-2699"],"secunia":["52881"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"1.09"}]}},{"adif-log-search-widget":{"vulnerabilities":[{"id":6842,"title":"ADIF Log Search Widget - XSS Arbitrary Vulnerability","url":["http://packetstormsecurity.com/files/121777/"],"osvdb":["93721"],"secunia":["53599"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"exploit-scanner":{"vulnerabilities":[{"id":6843,"title":"Exploit Scanner - FPD and Security bypass vulnerabilities","url":["http://seclists.org/fulldisclosure/2013/May/216"],"osvdb":["93799"],"vuln_type":"MULTI","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"ga-universal":{"vulnerabilities":[{"id":6844,"title":"GA Universal 1.0 - Setting Manipulation CSRF","url":["http://wordpress.org/plugins/ga-universal/changelog/"],"osvdb":["92237"],"secunia":["52976"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"1.0.1"}]}},{"export-to-text":{"vulnerabilities":[{"id":6845,"title":"Export to text - Remote File Inclusion Vulnerability","osvdb":["93715"],"secunia":["51348"],"vuln_type":"RFI","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"2.3"}]}},{"qtranslate":{"vulnerabilities":[{"id":6846,"title":"qTranslate 2.5.34 - Setting Manipulation CSRF","osvdb":["93873"],"cve":["2013-3251"],"secunia":["53126"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"image-slider-with-description":{"vulnerabilities":[{"id":6847,"title":"Image slider with description - Unspecified Vulnerability","osvdb":["93691"],"secunia":["53588"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"7.0"}]}},{"user-role-editor":{"vulnerabilities":[{"id":6848,"title":"User Role Editor - Cross-Site Request Forgery Vulnerability","osvdb":["93699"],"secunia":["53593"],"exploitdb":["25721"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"3.14"}]}},{"eelv-newsletter":{"vulnerabilities":[{"id":6849,"title":"EELV Newsletter 3.4.3 - lettreinfo.php Unspecified XSS","osvdb":["104875"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"3.5.0"},{"id":6850,"title":"EELV Newsletter - Cross-Site Scripting Vulnerability","osvdb":["93685"],"secunia":["53546"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"3.3.1"}]}},{"frontier-post":{"vulnerabilities":[{"id":6851,"title":"Frontier Post - Publishing Posts Security Bypass","osvdb":["93639"],"secunia":["53474"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"spider-catalog":{"vulnerabilities":[{"id":6852,"title":"Spider Catalog - Cross-Site Scripting and SQL Injection Vulnerabilities","osvdb":["93591","93593","93594","93595","93596","93597","93598"],"secunia":["53491"],"vuln_type":"MULTI","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"spider-event-calendar":{"vulnerabilities":[{"id":6853,"title":"Spider Event Calendar - Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities","osvdb":["93582","93583","93584","93585","93586","93587","93588"],"secunia":["53481"],"vuln_type":"MULTI","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"antivirus":{"vulnerabilities":[{"id":6854,"title":"AntiVirus 1.0 - PHP Backdoor Detection Bypass","url":["http://packetstormsecurity.com/files/121833/","http://seclists.org/fulldisclosure/2013/Jun/0"],"osvdb":["95134"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"},{"id":6855,"title":"AntiVirus 1.0 - uninstall.php Direct Request Path Disclosure","url":["http://packetstormsecurity.com/files/121833/","http://seclists.org/fulldisclosure/2013/Jun/0"],"osvdb":["95135"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"1.1"}]}},{"wp-maintenance-mode":{"vulnerabilities":[{"id":6856,"title":"WP Maintenance Mode 1.8.7 - Setting Manipulation CSRF","osvdb":["94450"],"cve":["2013-3250"],"secunia":["53125"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"1.8.8"}]}},{"ultimate-auction":{"vulnerabilities":[{"id":6857,"title":"Ultimate Auction 1.0 - CSRF Vulnerability","osvdb":["94407"],"exploitdb":["26240"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"mapsmarker":{"vulnerabilities":[{"id":6858,"title":"Leaflet Maps Marker - Multiple security issues","url":["http://www.mapsmarker.com/2012/06/06/leaflet-maps-marker-v2-4-is-available/"],"secunia":["49845"],"vuln_type":"MULTI","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"2.4"},{"id":6859,"title":"Leaflet Maps Marker - Tag Multiple Parameter SQL Injection","url":["http://www.mapsmarker.com/2013/05/24/v3-5-4-with-lots-of-translation-updates-bugfixes-is-available/"],"osvdb":["94388"],"secunia":["53855"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"3.5.4"}]}},{"leaflet-maps-marker-pro":{"vulnerabilities":[{"id":6860,"title":"Leaflet Maps Marker Pro - SQLI, XSS, Shell Upload, file delete","url":["http://www.mapsmarker.com/2014/03/26/pro-v1-5-8-with-wordpress-3-9-compatibility-improvements-based-on-a-security-audit-by-the-city-of-vienna-is-available/"],"vuln_type":"MULTI","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"1.5.8"}]}},{"xorbin-analog-flash-clock":{"vulnerabilities":[{"id":6861,"title":"Xorbin Analog Flash Clock 1.0 - Flash-based XSS","url":["http://packetstormsecurity.com/files/122222/"],"cve":["2013-4692"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"xorbin-digital-flash-clock":{"vulnerabilities":[{"id":6862,"title":"Xorbin Digital Flash Clock 1.0 - Flash-based XSS","url":["http://packetstormsecurity.com/files/122223/"],"cve":["2013-4693"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"dropdown-menu-widget":{"vulnerabilities":[{"id":6863,"title":"Dropdown Menu Widget 1.9.1 - Script Insertion CSRF","osvdb":["94771"],"cve":["2013-2704"],"secunia":["52958"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"buddypress-extended-friendship-request":{"vulnerabilities":[{"id":6864,"title":"BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS","osvdb":["94807"],"cve":["2013-4944"],"secunia":["54048"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z","fixed_in":"1.0.2"}]}},{"wp-private-messages":{"vulnerabilities":[{"id":6865,"title":"wp-private-messages - /wp-admin/profile.php msgid Parameter SQL Injection","osvdb":["94702"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"stream-video-player":{"vulnerabilities":[{"id":6866,"title":"Stream Video Player \u003c= 1.4.0 - Setting Manipulation CSRF","osvdb":["94466"],"cve":["2013-2706"],"secunia":["52954"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:01.000Z","updated_at":"2014-08-01T10:59:01.000Z"}]}},{"duplicator":{"vulnerabilities":[{"id":6867,"title":"Duplicator - installer.cleanup.php package Parameter XSS","url":["http://packetstormsecurity.com/files/122535/"],"osvdb":["95627"],"cve":["2013-4625"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"0.4.5"}]}},{"citizen-space":{"vulnerabilities":[{"id":6868,"title":"Citizen Space 1.0 - Script Insertion CSRF","osvdb":["95570"],"secunia":["54256"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"1.1"}]}},{"spicy-blogroll":{"vulnerabilities":[{"id":6869,"title":"Spicy Blogroll - spicy-blogroll-ajax.php Remote File Inclusion","url":["http://packetstormsecurity.com/files/122396/"],"osvdb":["95557"],"exploitdb":["26804"],"vuln_type":"RFI","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-11-14T16:25:53.000Z"}]}},{"pie-register":{"vulnerabilities":[{"id":6870,"title":"Pie Register - wp-login.php Multiple Parameter XSS","url":["http://www.securityfocus.com/bid/61140","http://xforce.iss.net/xforce/xfdb/85604"],"osvdb":["95160"],"cve":["2013-4954"],"secunia":["54123"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"1.31"},{"id":7757,"title":"Pie Register \u003c= 2.0.13 - Privilege escalation","url":["http://security.szurek.pl/pie-register-2013-privilege-escalation.html"],"cve":["2014-8802"],"vuln_type":"AUTHBYPASS","created_at":"2015-01-17T17:32:57.000Z","updated_at":"2015-01-17T17:33:39.000Z","fixed_in":"2.0.14"}]}},{"xhanch-my-twitter":{"vulnerabilities":[{"id":6871,"title":"Xhanch my Twitter - CSRF in admin/setting.php","osvdb":["96027"],"cve":["2013-3253"],"secunia":["53133"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"2.7.7"}]}},{"sexybookmarks":{"vulnerabilities":[{"id":6872,"title":"SexyBookmarks - Setting Manipulation CSRF","osvdb":["95908"],"cve":["2013-3256"],"secunia":["53138"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"6.1.5.0"}]}},{"hms-testimonials":{"vulnerabilities":[{"id":6873,"title":"HMS Testimonials 2.0.10 - CSRF","url":["http://wordpress.org/plugins/hms-testimonials/changelog/","http://packetstormsecurity.com/files/122761/"],"osvdb":["96107","96108","96109","96110","96111"],"cve":["2013-4240"],"secunia":["54402"],"exploitdb":["27531"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"2.0.11"},{"id":6874,"title":"HMS Testimonials 2.0.10 - XSS","url":["http://wordpress.org/plugins/hms-testimonials/changelog/","http://packetstormsecurity.com/files/122761/"],"osvdb":["96107","96108","96109","96110","96111"],"cve":["2013-4241"],"secunia":["54402"],"exploitdb":["27531"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"2.0.11"}]}},{"indianic-testimonial":{"vulnerabilities":[{"id":6875,"title":"IndiaNIC Testimonial 2.2 - Setting Manipulation CSRF","url":["http://packetstormsecurity.com/files/123036/","http://seclists.org/fulldisclosure/2013/Sep/5"],"osvdb":["96792"],"cve":["2013-5672"],"exploitdb":["28054"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"},{"id":6876,"title":"IndiaNIC Testimonial 2.2 - testimonial.php custom_query Parameter SQL Injection","url":["http://packetstormsecurity.com/files/123036/","http://seclists.org/fulldisclosure/2013/Sep/5"],"osvdb":["96793"],"cve":["2013-5673"],"exploitdb":["28054"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"},{"id":6877,"title":"IndiaNIC Testimonial 2.2 - iNIC_testimonial_save Action Multiple Parameter XSS","url":["http://packetstormsecurity.com/files/123036/","http://seclists.org/fulldisclosure/2013/Sep/5"],"osvdb":["96795"],"exploitdb":["28054"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"}]}},{"usernoise":{"vulnerabilities":[{"id":6878,"title":"Usernoise 3.7.8 - Feedback Submission summary Field XSS","url":["http://packetstormsecurity.com/files/122701/"],"osvdb":["96000"],"exploitdb":["27403"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"3.7.9"}]}},{"platinum-seo-pack":{"vulnerabilities":[{"id":6879,"title":"platinum_seo_pack.php - s Parameter Reflected XSS","osvdb":["97263"],"cve":["2013-5918"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"1.3.8"}]}},{"design-approval-system":{"vulnerabilities":[{"id":6880,"title":"Design Approval System 3.6 - XSS Vulnerability","url":["http://seclists.org/bugtraq/2013/Sep/54","http://packetstormsecurity.com/files/123227/"],"osvdb":["97192","97279"],"cve":["2013-5711"],"secunia":["54704"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"3.7"}]}},{"event-easy-calendar":{"vulnerabilities":[{"id":6881,"title":"Event Easy Calendar 1.0.0 - Multiple Administrator Action CSRF","url":["http://packetstormsecurity.com/files/123132/"],"osvdb":["97042"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"},{"id":6882,"title":"Event Easy Calendar 1.0.0 - Multiple Unspecified XSS","url":["http://packetstormsecurity.com/files/123132/"],"osvdb":["97041"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"}]}},{"bradesco-gateway":{"vulnerabilities":[{"id":6883,"title":"Bradesco - falha.php URI Reflected XSS","url":["http://packetstormsecurity.com/files/123356/"],"osvdb":["97624"],"cve":["2013-5916"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"}]}},{"social-hashtags":{"vulnerabilities":[{"id":6884,"title":"Social Hashtags 2.0.0 - New Post Title Field Stored XSS","url":["http://packetstormsecurity.com/files/123485/"],"osvdb":["98027"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"}]}},{"simple-flickr-display":{"vulnerabilities":[{"id":6885,"title":"Simple Flickr Display - Username Field Stored XSS","osvdb":["97991"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"}]}},{"lazy-seo":{"vulnerabilities":[{"id":6886,"title":"Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution","url":["http://packetstormsecurity.com/files/123349/","http://xforce.iss.net/xforce/xfdb/87384"],"osvdb":["97662"],"cve":["2013-5961"],"exploitdb":["28452"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"}]}},{"seo-watcher":{"vulnerabilities":[{"id":6887,"title":"SEO Watcher - Open Flash Chart Arbitrary File Creation Vulnerability","url":["http://packetstormsecurity.com/files/123493/"],"secunia":["55162"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"}]}},{"all-in-one-seo-pack":{"vulnerabilities":[{"id":6888,"title":"All in One SEO Pack \u003c= 2.1.5 - aioseop_functions.php new_meta Parameter XSS","url":["http://blog.sucuri.net/2014/05/vulnerability-found-in-the-all-in-one-seo-pack-wordpress-plugin.html"],"osvdb":["107640"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"2.1.6"},{"id":6889,"title":"All in One SEO Pack \u003c= 2.1.5 - Unspecified Privilege Escalation","url":["http://blog.sucuri.net/2014/05/vulnerability-found-in-the-all-in-one-seo-pack-wordpress-plugin.html"],"osvdb":["107641"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"2.1.6"},{"id":6890,"title":"All in One SEO Pack \u003c= 2.0.3 - XSS Vulnerability","url":["http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html","http://packetstormsecurity.com/files/123490/","http://www.securityfocus.com/bid/62784","http://seclists.org/bugtraq/2013/Oct/8"],"osvdb":["98023"],"cve":["2013-5988"],"secunia":["55133"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-10-16T09:43:39.000Z","fixed_in":"2.0.3.1"}]}},{"simple-dropbox-upload-form":{"vulnerabilities":[{"id":6891,"title":"Simple Dropbox Upload - Arbitrary File Upload Vulnerability","url":["http://packetstormsecurity.com/files/123235/","http://xforce.iss.net/xforce/xfdb/87166"],"osvdb":["97457"],"cve":["2013-5963"],"secunia":["54856"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"1.8.8.1"}]}},{"wp-ultimate-email-marketer":{"vulnerabilities":[{"id":6892,"title":"WP Ultimate Email Marketer - Multiple Vulnerabilities","url":["http://www.securityfocus.com/bid/62621"],"osvdb":["97648","97649","97650","97651","97652","97653","97654","97655","97656"],"cve":["2013-3263","2013-3264"],"secunia":["53170"],"vuln_type":"MULTI","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"}]}},{"wp-miniaudioplayer":{"vulnerabilities":[{"id":6893,"title":"mb.miniAudioPlayer 1.4.2 - TinyMCE Popup Unspecified Issue","osvdb":["101718"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"1.4.3"},{"id":6894,"title":"miniAudioPlayer 1.3.8 - maplayertinymce.php Multiple Parameter XSS","url":["http://packetstormsecurity.com/files/123372/","http://www.securityfocus.com/bid/62629"],"osvdb":["97768"],"secunia":["54979"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z"}]}},{"simple-custom-website-data":{"vulnerabilities":[{"id":6895,"title":"Custom Website Data 1.2 - Record Deletion CSRF","osvdb":["101642"],"secunia":["54823"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:02.000Z","updated_at":"2014-08-01T10:59:02.000Z","fixed_in":"1.3"},{"id":6896,"title":"Custom Website Data 1.0 - wp-admin/admin.php ref Parameter XSS","url":["http://www.securityfocus.com/bid/62624"],"osvdb":["97668"],"secunia":["54865"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z","fixed_in":"1.1"}]}},{"complete-gallery-manager":{"vulnerabilities":[{"id":6897,"title":"Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability","url":["http://packetstormsecurity.com/files/123303/","http://xforce.iss.net/xforce/xfdb/87172"],"osvdb":["97481"],"cve":["2013-5962"],"secunia":["54894"],"exploitdb":["28377"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z","fixed_in":"3.3.4"}]}},{"lbg_zoominoutslider":{"vulnerabilities":[{"id":6898,"title":"LBG Zoominoutslider - add_banner.php name Parameter Stored XSS","url":["http://packetstormsecurity.com/files/123367/"],"osvdb":["97887"],"secunia":["54983"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6899,"title":"LBG Zoominoutslider - settings_form.php Multiple Parameter Stored XSS","url":["http://packetstormsecurity.com/files/123914/","http://seclists.org/fulldisclosure/2013/Nov/30"],"osvdb":["99339"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6900,"title":"LBG Zoominoutslider - add_playlist_record.php Multiple Parameter Stored XSS","url":["http://packetstormsecurity.com/files/123914/","http://seclists.org/fulldisclosure/2013/Nov/30"],"osvdb":["99340"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6901,"title":"LBG Zoominoutslider - add_banner.php Unspecified XSS","url":["http://packetstormsecurity.com/files/123367/"],"osvdb":["99320"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6902,"title":"LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure","url":["http://seclists.org/fulldisclosure/2013/Nov/30"],"osvdb":["99341"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"woopra":{"vulnerabilities":[{"id":6903,"title":"Woopra - Remote Code Execution","url":["http://packetstormsecurity.com/files/123525/"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"fgallery_plus":{"vulnerabilities":[{"id":6904,"title":"fGallery_Plus - fim_rss.php album Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/123347/","http://seclists.org/bugtraq/2013/Sep/105","http://seclists.org/bugtraq/2013/Sep/107","http://seclists.org/bugtraq/2013/Sep/108"],"osvdb":["97625"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"nospampti":{"vulnerabilities":[{"id":6905,"title":"NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection","url":["http://packetstormsecurity.com/files/123331/"],"osvdb":["97528"],"cve":["2013-5917"],"exploitdb":["28485"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"comment-attachment":{"vulnerabilities":[{"id":6906,"title":"Comment Attachment 1.0 - XSS Vulnerability","url":["http://packetstormsecurity.com/files/123327/","http://www.securityfocus.com/bid/62438"],"osvdb":["97600"],"cve":["2013-6010"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"mukioplayer-for-wordpress":{"vulnerabilities":[{"id":6907,"title":"Mukioplayer 1.6 - SQL Injection","url":["http://packetstormsecurity.com/files/123231/"],"osvdb":["97609"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"encrypted-blog":{"vulnerabilities":[{"id":6908,"title":"Encrypted Blog 0.0.6.2 - encrypt_blog_form.php redirect_to Parameter Arbitrary Site Redirect","url":["http://packetstormsecurity.com/files/122992/"],"osvdb":["97881"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6909,"title":"Encrypted Blog 0.0.6.2 - encrypt_blog_form.php redirect_to Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/122992/"],"osvdb":["97882"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"wp-simple-login-registration-plugin":{"vulnerabilities":[{"id":6910,"title":"Simple Login Registration 1.0.1 - XSS","url":["http://packetstormsecurity.com/files/122963/"],"osvdb":["96660"],"secunia":["54583"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"post-gallery":{"vulnerabilities":[{"id":6911,"title":"Post Gallery - XSS","url":["http://packetstormsecurity.com/files/122957/"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"proplayer":{"vulnerabilities":[{"id":6912,"title":"ProPlayer 4.7.9.1 - SQL Injection","osvdb":["93564"],"exploitdb":["25605"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"booking":{"vulnerabilities":[{"id":6913,"title":"Booking Calendar 4.1.4 - CSRF Vulnerability","url":["http://packetstormsecurity.com/files/122691/","http://wpbookingcalendar.com/"],"osvdb":["96088"],"secunia":["54461"],"exploitdb":["27399"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z","fixed_in":"4.1.6"}]}},{"thinkit-wp-contact-form":{"vulnerabilities":[{"id":6914,"title":"ThinkIT \u003c= 0.3 - wp-admin/admin.php Contact Form Deletion CSRF","url":["http://packetstormsecurity.com/files/122898/"],"osvdb":["96514"],"secunia":["54592"],"exploitdb":["27751"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6915,"title":"ThinkIT \u003c= 0.2 - wp-admin/admin.php toitcf_current_id Parameter XSS","url":["http://packetstormsecurity.com/files/122898/"],"osvdb":["96515"],"secunia":["54592"],"exploitdb":["27751"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z","fixed_in":"0.3"}]}},{"quick-contact-form":{"vulnerabilities":[{"id":6916,"title":"Quick Contact Form 6.2 - Unspecified XSS","osvdb":["101782"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z","fixed_in":"6.3"},{"id":6917,"title":"Quick Contact Form 6.0 - Persistent XSS","url":["http://packetstormsecurity.com/files/123549/","http://quick-plugins.com/quick-contact-form/"],"osvdb":["98279"],"secunia":["55172"],"exploitdb":["28808"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z","fixed_in":"6.1"}]}},{"quick-paypal-payments":{"vulnerabilities":[{"id":6918,"title":"Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS","url":["http://packetstormsecurity.com/files/123662/"],"osvdb":["98715"],"secunia":["55292"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"email-newsletter":{"vulnerabilities":[{"id":6919,"title":"Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability","url":["http://www.securityfocus.com/bid/53850"],"osvdb":["83541"],"secunia":["49758"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6920,"title":"Email Newsletter 8.0 - csv/export.php Direct Request Information Disclosure","url":["http://packetstormsecurity.org/files/113322/"],"osvdb":["82812"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"faqs-manager":{"vulnerabilities":[{"id":6921,"title":"IndiaNIC FAQs Manager 1.0 - Blind SQL Injection","url":["http://packetstormsecurity.com/files/120911/"],"osvdb":["91623"],"exploitdb":["24868"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6922,"title":"IndiaNIC FAQs Manager 1.0 - Ask Question Form question Parameter XSS","url":["http://packetstormsecurity.com/files/120910/"],"osvdb":["91624"],"secunia":["52780"],"exploitdb":["24867"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6923,"title":"IndiaNIC FAQs Manager 1.0 - CAPTCHA Value Disclosure","url":["http://packetstormsecurity.com/files/120910/"],"osvdb":["91625"],"exploitdb":["24867"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6924,"title":"IndiaNIC FAQs Manager 1.0 - FAQ Setting Manipulation CSRF","url":["http://packetstormsecurity.com/files/120910/"],"osvdb":["91626"],"secunia":["52780"],"exploitdb":["24867"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"booking-system":{"vulnerabilities":[{"id":6925,"title":"Booking System - events_facualty_list.php eid Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/122289/"],"osvdb":["96740"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"},{"id":6926,"title":"Booking System 1.2 - dopbs-backend-forms.php booking_form_id Parameter SQL injection","url":["http://www.securityfocus.com/archive/1/532168"],"osvdb":["107204"],"cve":["2014-3210"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z","fixed_in":"1.3"}]}},{"js-restaurant":{"vulnerabilities":[{"id":6927,"title":"JS Restaurant - popup.php restuarant_id Parameter SQL Injection","url":["http://packetstormsecurity.com/files/122316/"],"osvdb":["96743"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"FlagEm":{"vulnerabilities":[{"id":6928,"title":"FlagEm - flagit.php cID Parameter XSS","url":["http://www.securityfocus.com/bid/61401","http://xforce.iss.net/xforce/xfdb/85925","http://packetstormsecurity.com/files/122505/"],"osvdb":["98226"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:03.000Z","updated_at":"2014-08-01T10:59:03.000Z"}]}},{"chat":{"vulnerabilities":[{"id":6929,"title":"Chat - message Parameter XSS","osvdb":["95984"],"secunia":["54403"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z"}]}},{"shareaholic":{"vulnerabilities":[{"id":6930,"title":"Shareaholic - Unspecified CSRF","osvdb":["96321"],"secunia":["54529"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"7.0.3.4"}]}},{"page-showcaser-boxes":{"vulnerabilities":[{"id":6931,"title":"Page Showcaser Boxes - Title Field Stored XSS","osvdb":["97579"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z"}]}},{"a-forms":{"vulnerabilities":[{"id":6932,"title":"A Forms 1.4.0 - a-forms.php a_form_tracking_page FunctionMultiple Parameters SQL Injection","osvdb":["96404"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.4.2"},{"id":6933,"title":"A Forms 1.4.0 - Form Submission CSRF","osvdb":["96381"],"secunia":["54489"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.4.1"},{"id":6934,"title":"A Forms 1.4.0 - a-forms.php a_form_shortcode Function Multiple Parameter XSS","osvdb":["96410"],"secunia":["54489"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.4.2"},{"id":6935,"title":"A Forms 1.4.0 - a-forms.php aform_css_file_selector() Function css_file_selection Parameter XSS","osvdb":["96809"],"secunia":["54489"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.4.2"},{"id":6936,"title":"A Forms 1.4.0 - a-forms.php add_field_to_section Function Multiple Parameter XSS","osvdb":["96810"],"secunia":["54489"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.4.2"},{"id":6937,"title":"A Forms 1.4.0 - a-forms.php a_form_initial_page Function Multiple Parameter XSS","osvdb":["96811"],"secunia":["54489"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.4.2"},{"id":6938,"title":"A Forms 1.4.0 - a-forms.php a_form_page Function Multiple Parameter XSS","osvdb":["96812"],"secunia":["54489"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.4.2"},{"id":6939,"title":"A Forms 1.4.0 -  a-forms.php a_form_section_page Function message Parameter XSS","osvdb":["96813"],"secunia":["54489"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.4.2"},{"id":6940,"title":"A Forms 1.4.0 - a-forms.php a_form_tracking_page Function Multiple Parameter XSS","osvdb":["96814"],"secunia":["54489"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.4.2"}]}},{"share-this":{"vulnerabilities":[{"id":6941,"title":"ShareThis 7.0.3 - Setting Manipulation CSRF","url":["http://www.securityfocus.com/bid/62154"],"osvdb":["96884"],"cve":["2013-3479"],"secunia":["53135"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"7.0.6"}]}},{"simple-flash-video":{"vulnerabilities":[{"id":6942,"title":"Simple Flash Video 1.7 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/123562/","http://www.securityfocus.com/bid/62950"],"osvdb":["98371"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z"}]}},{"landing-pages":{"vulnerabilities":[{"id":6944,"title":"Landing Pages 1.2.1 - module.utils.php post Parameter SQL Injection","url":["http://www.securityfocus.com/bid/62942","http://xforce.iss.net/xforce/xfdb/87803"],"osvdb":["98334"],"cve":["2013-6243"],"secunia":["55192"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.2.3"},{"id":6945,"title":"Landing Pages 1.2.1 - module.redirect-ab-testing.php permalink_name Parameter SQL Injection","osvdb":["102407"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.2.3"}]}},{"cart66-lite":{"vulnerabilities":[{"id":6946,"title":"Cart66 1.5.1.14 - admin.php cart66-products Page Product Manipulation CSRF","url":["http://packetstormsecurity.com/files/123587/"],"osvdb":["98352"],"cve":["2013-5977"],"secunia":["55265"],"exploitdb":["28959"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.5.1.15"},{"id":6947,"title":"Cart66 - admin.php cart66-products Page Multiple Field Stored XSS","url":["http://packetstormsecurity.com/files/123587/"],"osvdb":["98353"],"cve":["2013-5978"],"exploitdb":["28959"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.5.1.15"},{"id":7705,"title":"Cart66 Lite \u003c= 1.5.1.17 - Blind SQL Injection","url":["http://security.szurek.pl/cart66-lite-wordpress-ecommerce-15117-blind-sql-injection.html","http://packetstormsecurity.com/files/129395/"],"osvdb":["115286"],"cve":["2014-9305"],"exploitdb":["35459"],"vuln_type":"SQLI","created_at":"2014-12-03T17:18:56.000Z","updated_at":"2014-12-19T21:12:56.000Z","fixed_in":"1.5.2"},{"id":7737,"title":"Cart66 Lite \u003c= 1.5.3 - SQL Injection","url":["https://research.g0blin.co.uk/g0blin-00022/"],"cve":["2014-9442"],"vuln_type":"SQLI","created_at":"2015-01-01T16:42:34.000Z","updated_at":"2015-01-03T11:26:31.000Z","fixed_in":"1.5.4"}]}},{"category-wise-search":{"vulnerabilities":[{"id":6948,"title":"Wise Search Widget 1.1 - s Parameter Reflected XSS","osvdb":["97989"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z"}]}},{"catholic-liturgical-calendar":{"vulnerabilities":[{"id":6949,"title":"Catholic Liturgical Calendar Widget 0.0.1 - Title Field Stored XSS","osvdb":["98026"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"0.0.2"}]}},{"zenphoto":{"vulnerabilities":[{"id":6950,"title":"Zenphoto 1.4.5.2 - wordpress_import.php wp_prefix Function SQL Injection","url":["http://packetstormsecurity.com/files/123501/","http://www.securityfocus.com/bid/62815","http://seclists.org/bugtraq/2013/Oct/20"],"osvdb":["98091"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.4.5.4"}]}},{"bp-group-documents":{"vulnerabilities":[{"id":6951,"title":"Group Documents 1.2.1 - Document Upload Multiple Field Stored XSS","url":["http://seclists.org/fulldisclosure/2014/Feb/170"],"osvdb":["103475"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.2.2"},{"id":6952,"title":"Group Documents 1.2.1 - bp-group-documents-settings.php file Parameter Remote Path Traversal File Location Manipulation","url":["http://seclists.org/fulldisclosure/2014/Feb/170"],"osvdb":["103476"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.2.2"},{"id":6953,"title":"Group Documents 1.2.1 - Document Property Manipulation CSRF","url":["http://seclists.org/fulldisclosure/2014/Feb/170"],"osvdb":["103477"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.2.2"},{"id":6954,"title":"Group Documents 1.2 - File Uploading Multiple Parameter Stored XSS","url":["http://www.securityfocus.com/bid/62886"],"osvdb":["98246"],"secunia":["55130"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"1.2.2"}]}},{"ab-categories-search-widget":{"vulnerabilities":[{"id":6955,"title":"AB Categories Search Widget 0.1 - s Parameter Reflected XSS","osvdb":["97987"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z"}]}},{"sl-user-create":{"vulnerabilities":[{"id":6956,"title":"SL User Create 0.2.4 - LSL script Secret String Weakness Information Disclosure","url":["http://www.securityfocus.com/bid/63009"],"osvdb":["98456"],"secunia":["55262"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z","fixed_in":"0.2.5"}]}},{"player":{"vulnerabilities":[{"id":6957,"title":"Spider Video Player 2.1 - settings.php theme Parameter SQL Injection","url":["http://packetstormsecurity.com/files/121250/","http://www.securityfocus.com/bid/59021","http://xforce.iss.net/xforce/xfdb/83374"],"osvdb":["92264"],"cve":["2013-3532"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z"},{"id":6958,"title":"Spider Video Player 2.1 - settings.php s_v_player_id Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124353/"],"osvdb":["100848"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z"},{"id":7669,"title":"WordPress Video Player \u003c 1.5.2 - Multiple Cross-Site Scripting (XSS)","url":["https://github.com/wp-plugins/player/commit/fe967bebc75e69a7afb28748377b6e4d0a1f9483","https://wordpress.org/plugins/player/changelog/"],"cve":["2014-8584"],"vuln_type":"XSS","created_at":"2014-11-11T17:47:08.000Z","updated_at":"2014-11-16T12:53:22.000Z","fixed_in":"1.5.2"}]}},{"finalist":{"vulnerabilities":[{"id":6959,"title":"Finalist - vote.php id Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/123597/"],"osvdb":["98665"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:04.000Z","updated_at":"2014-08-01T10:59:04.000Z"},{"id":6960,"title":"Finalist - vote.php id Parameter SQL Injection","url":["http://packetstormsecurity.com/files/120951/"],"osvdb":["98665"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"dexs-pm-system":{"vulnerabilities":[{"id":6961,"title":"Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS","url":["http://packetstormsecurity.com/files/123634/","http://www.securityfocus.com/bid/63021"],"osvdb":["98668"],"secunia":["55296"],"exploitdb":["28970"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"video-metabox":{"vulnerabilities":[{"id":6962,"title":"Video Metabox 1.1 - Persistent XSS Vulnerability Disclosure","url":["http://www.securityfocus.com/bid/63172"],"osvdb":["98641"],"secunia":["55257"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-09-27T15:51:57.000Z","fixed_in":"1.1.1"}]}},{"wp-realty":{"vulnerabilities":[{"id":6963,"title":"WP Realty - MySQL Time Based Injection","url":["http://packetstormsecurity.com/files/123655/","http://www.securityfocus.com/bid/63217"],"osvdb":["98748"],"exploitdb":["29021"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"},{"id":6964,"title":"WP Realty - index_ext.php listing_id Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124418/"],"osvdb":["101583"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"feed":{"vulnerabilities":[{"id":6965,"title":"Feed - news_dt.php nid Parameter SQL Injection","url":["http://packetstormsecurity.com/files/122260/"],"osvdb":["94804"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"social-sharing-toolkit":{"vulnerabilities":[{"id":6966,"title":"Social Sharing Toolkit 2.1.1 - Setting Manipulation CSRF","url":["http://www.securityfocus.com/bid/63198"],"osvdb":["98717"],"cve":["2013-2701"],"secunia":["52951"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"},{"id":6967,"title":"Social Sharing Toolkit 2.1.1 - Unspecified XSS","osvdb":["98931"],"cve":["2013-6280"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"2.1.2"}]}},{"videowall":{"vulnerabilities":[{"id":6968,"title":"Videowall - index.php page_id Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/123693/","http://seclists.org/bugtraq/2013/Oct/98"],"osvdb":["98765"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"really-simple-facebook-twitter-share-buttons":{"vulnerabilities":[{"id":6969,"title":"Really simple Facebook Twitter share buttons 2.10.4 - Settings Page Manipulation CSRF","url":["http://www.securityfocus.com/bid/62268"],"osvdb":["97190"],"secunia":["54707"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"2.10.5"}]}},{"car-demon":{"vulnerabilities":[{"id":6970,"title":"Car Demon 1.0.1 - /wp-admin/edit.php Multiple Parameter XSS","osvdb":["90365"],"secunia":["51088"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"},{"id":6971,"title":"Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS","osvdb":["90366"],"secunia":["51088"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"blue-wrench-videos-widget":{"vulnerabilities":[{"id":6973,"title":"Blue Wrench Video Widget 1.0.2 - Multiple Stored Cross-Site Scripting (XSS)","osvdb":["98923","98922"],"cve":["2013-6797"],"secunia":["55456"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-09-27T14:09:40.000Z","fixed_in":"2.0.0"}]}},{"wp-mailup":{"vulnerabilities":[{"id":6974,"title":"MailUp 1.3.2 - ajax.functions.php Ajax Function Call Handling XSS Weakness","osvdb":["91274"],"cve":["2013-0731","2013-2640"],"secunia":["51917"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"1.3.3"}]}},{"wp-online-store":{"vulnerabilities":[{"id":6975,"title":"WP Online Store 1.3.1 - index.php slug Parameter Traversal Local File Inclusion","osvdb":["90243"],"secunia":["50836"],"vuln_type":"LFI","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"1.3.2"},{"id":6976,"title":"WP Online Store 1.3.1 - index.php Multiple Parameter Traversal Arbitrary File Access","osvdb":["90244"],"secunia":["50836"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"1.3.2"}]}},{"payment-gateways-caller-for-wp-e-commerce":{"vulnerabilities":[{"id":6977,"title":"Payment Gateways Caller for WP e-Commerce 0.1.0 - load_merchant Parameter Traversal Local file Inclusion","url":["http://packetstormsecurity.com/files/123744/"],"osvdb":["98916"],"vuln_type":"LFI","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"0.1.1"}]}},{"easy-photo-album":{"vulnerabilities":[{"id":6978,"title":"Easy Photo Album 1.1.5 - Album Information Disclosure","osvdb":["98802"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"1.1.6"}]}},{"hungred-post-thumbnail":{"vulnerabilities":[{"id":6979,"title":"Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution","url":["http://packetstormsecurity.com/files/113402/","http://www.securityfocus.com/bid/53898"],"osvdb":["82830"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"dhtmlxspreadsheet":{"vulnerabilities":[{"id":6980,"title":"Spreadsheet - /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/123699/","http://www.securityfocus.com/bid/63256"],"osvdb":["98831"],"cve":["2013-6281"],"secunia":["55396"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"tweet-blender":{"vulnerabilities":[{"id":6981,"title":"Tweet Blender 4.0.1 - Unspecified XSS","url":["http://packetstormsecurity.com/files/124047/"],"osvdb":["98978"],"cve":["2013-6342"],"secunia":["55780"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"4.0.2"}]}},{"sb-uploader":{"vulnerabilities":[{"id":6982,"title":"WordPress SB Uploader 3.9 - Arbitrary File Upload Vulnerability","url":["http://packetstormsecurity.com/files/119159/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"connections":{"vulnerabilities":[{"id":6983,"title":"Connections Business Directory 0.7.9.3 - includes/template/class.template-parts.php Pagination URL Handling XSS","osvdb":["106558"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"0.7.9.4"},{"id":6984,"title":"Connections \u003c= 0.7.1.5 - Unspecified Security Vulnerability","url":["http://www.securityfocus.com/bid/51204"],"cve":["2011-5254"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"0.7.1.5"}]}},{"gallery-bank":{"vulnerabilities":[{"id":6985,"title":"Gallery Bank 2.0.19 - edit-album.php album_id Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/123924/","http://www.securityfocus.com/bid/63382"],"osvdb":["99045"],"secunia":["55443"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"2.0.20"},{"id":6986,"title":"Gallery Bank 2.0.19 - Multiple Unspecified Issues","url":["http://www.securityfocus.com/bid/63382"],"osvdb":["99046"],"secunia":["55443"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"2.0.20"},{"id":6987,"title":"Gallery Bank 2.0.19 - album-gallery-bank-class.php recordsArray Parameter Reflected XSS","url":["http://www.securityfocus.com/bid/63385","http://seclists.org/fulldisclosure/2013/Nov/38"],"osvdb":["99345"],"secunia":["55443"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z","fixed_in":"2.0.20"},{"id":7687,"title":"Gallery Bank \u003c= 3.0.60 - Shell Upload","url":["http://cxsecurity.com/issue/WLB-2014100159","http://www.intelligentexploit.com/view-details.html?id=20048"],"secunia":["55443"],"vuln_type":"UPLOAD","created_at":"2014-11-25T12:01:00.000Z","updated_at":"2014-11-25T12:01:20.000Z","fixed_in":"3.0.61"}]}},{"rockhoist-ratings":{"vulnerabilities":[{"id":6988,"title":"Rockhoist Ratings 1.2.2 - wp-admin/admin-ajax.php postID Parameter SQL Injection","url":["http://www.securityfocus.com/bid/63441"],"osvdb":["99195"],"secunia":["55445"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"wordpress-checkout":{"vulnerabilities":[{"id":6989,"title":"Checkout Plugin - File Upload Remote Code Execution","url":["http://packetstormsecurity.com/files/123866/"],"osvdb":["99225"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"mobilechief-mobile-site-creator":{"vulnerabilities":[{"id":6990,"title":"MobileChief - jQuery Validation Cross-Site Scripting Vulnerability","url":["http://packetstormsecurity.com/files/123809/"],"secunia":["55501"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:05.000Z","updated_at":"2014-08-01T10:59:05.000Z"}]}},{"timeline":{"vulnerabilities":[{"id":6991,"title":"Facebook Survey Pro - timeline/index.php id Parameter SQL Injection","url":["http://packetstormsecurity.com/files/118238/","http://www.securityfocus.com/bid/56595","http://xforce.iss.net/xforce/xfdb/80141"],"secunia":["87817"],"exploitdb":["22853"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"live-comment-preview":{"vulnerabilities":[{"id":6992,"title":"Live Comment Preview 2.0.2 - Comment Field Preview XSS","osvdb":["92944"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"polldaddy":{"vulnerabilities":[{"id":6993,"title":"Polldaddy Polls and Rating 2.0.24 - polldaddy-org.php unique_id Ratings Shortcode XSS","url":["http://www.securityfocus.com/bid/68512"],"osvdb":["108640"],"cve":["2014-4856"],"secunia":["59323"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"2.0.25"},{"id":6994,"title":"Polldaddy Polls and Rating 2.0.23 - polldaddy-org.php polldaddy-ratings-title-filter Parameter Reflected XSS","url":["http://www.securityfocus.com/bid/68512"],"osvdb":["108641"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"2.0.24"},{"id":6995,"title":"Polldaddy Polls and Ratings 2.0.20 - Cross-Site Request Forgery Vulnerability","url":["http://www.securityfocus.com/bid/63557"],"osvdb":["99515"],"secunia":["55464"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"2.0.21"}]}},{"jigoshop":{"vulnerabilities":[{"id":6996,"title":"Jigoshop 1.8 - Multiple Script Direct Request Path Disclosure","osvdb":["99485"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"fcchat":{"vulnerabilities":[{"id":6997,"title":"FCChat 2.2.11-2.2.13 - Upload.php Arbitrary File Upload Vulnerability","url":["http://www.securityfocus.com/bid/53855"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"another-wordpress-classifieds-plugin":{"vulnerabilities":[{"id":6998,"title":"Another WordPress Classifieds \u003c= 1.8.9.4 - Unspecified Image Upload","url":["http://www.securityfocus.com/bid/52861"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-11-10T21:42:36.000Z","fixed_in":"2.0"},{"id":7659,"title":"Another WordPress Classifieds Plugin \u003c 3.0 - SQLi \u0026 XSS","url":["http://xforce.iss.net/xforce/xfdb/98588","http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html"],"cve":["2014-10012","2014-10013"],"exploitdb":["35204"],"vuln_type":"MULTI","created_at":"2014-11-10T21:40:31.000Z","updated_at":"2015-01-13T15:08:12.000Z","fixed_in":"3.0"}]}},{"picturesurf-gallery":{"vulnerabilities":[{"id":6999,"title":"Picturesurf Gallery 1.2 - upload.php Arbitrary File Upload Vulnerability","url":["http://www.securityfocus.com/bid/53894"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"social-slider-2":{"vulnerabilities":[{"id":7000,"title":"Social Slider \u003c= 5.6.5 - social-slider-2/ajax.php rA Parameter SQL Injection","osvdb":["74421"],"secunia":["45549"],"exploitdb":["17617"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"6.0.0"}]}},{"redirection":{"vulnerabilities":[{"id":7001,"title":"Redirection 2.3.3 - view/admin/item.php URL Handling Reflected XSS","osvdb":["101774"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"2.3.4"},{"id":7002,"title":"Redirection - view/admin/log_item.php Non-existent Posts Referer HTTP Header XSS","osvdb":["76092","77447"],"cve":["2011-4562"],"secunia":["46310"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"2.2.10"},{"id":7003,"title":"Redirection - wp-admin/tools.php id Parameter XSS","osvdb":["74783"],"secunia":["45782"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"2.2.9"}]}},{"eshop":{"vulnerabilities":[{"id":7004,"title":"eShop - wp-admin/admin.php Multiple Parameter XSS","url":["http://seclists.org/bugtraq/2011/Aug/52","http://www.htbridge.ch/advisory/multiple_xss_in_eshop_for_wordpress.html"],"osvdb":["74464"],"secunia":["45553"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"6.2.9"}]}},{"all-in-one-adsense-and-ypn":{"vulnerabilities":[{"id":7005,"title":"All in One Adsense YPN 2.0.1 - all-in-one-adsense-and-ypn.php Unspecified XSS","osvdb":["74900"],"secunia":["45579"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"},{"id":7006,"title":"All in One Adsense YPN 2.0.1 - all-in-one-adsense-and-ypn.php Direct Request AdSense Account Manipulation","osvdb":["74899"],"secunia":["45579"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"SearchNSave":{"vulnerabilities":[{"id":7007,"title":"Search N Save - SearchNSave/error_log Direct Request Path Disclosure","osvdb":["95196"],"secunia":["54078"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"taggator":{"vulnerabilities":[{"id":7008,"title":"TagGator - 'tagid' Parameter SQL Injection Vulnerability","url":["http://www.securityfocus.com/bid/52908"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"uploadify-integration":{"vulnerabilities":[{"id":7009,"title":"Uploadify Integration 0.9.6 - Multiple Cross Site Scripting Vulnerabilities","url":["http://www.securityfocus.com/bid/52944"],"osvdb":["81093","81094","81095"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"wpsc-mijnpress":{"vulnerabilities":[{"id":7010,"title":"WPsc MijnPress - 'rwflush' Parameter Cross Site Scripting Vulnerability","url":["http://www.securityfocus.com/bid/53302"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"leaflet-maps-marker":{"vulnerabilities":[{"id":7011,"title":"Leaflet Maps Marker 3.5.2 - Two SQL Injection Vulnerabilities","secunia":["53855"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"3.5.3"}]}},{"google-xml-sitemaps-generator":{"vulnerabilities":[{"id":7012,"title":"XML Sitemap Generator 3.2.8 - XML File Overwrite Arbitrary Code Execution","url":["http://packetstormsecurity.com/files/119357/"],"osvdb":["89411"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"spam-free-wordpress":{"vulnerabilities":[{"id":7013,"title":"Spam Free Plugin 1.9.2 - Multiple Script Direct Request Path Disclosure","url":["http://xforce.iss.net/xforce/xfdb/81007"],"osvdb":["88954"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"},{"id":7014,"title":"Spam Free Plugin 1.9.2 - IP Blocklist Restriction Bypass","url":["http://xforce.iss.net/xforce/xfdb/81006","http://packetstormsecurity.com/files/119274/"],"osvdb":["88955"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"editorial-calendar":{"vulnerabilities":[{"id":7015,"title":"Editorial Calendar 2.6 - Post Title XSS","osvdb":["90226"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"2.7"},{"id":7016,"title":"Editorial Calendar 2.6 - Permission Verification Arbitrary Calendar Post Deletion","osvdb":["90227"],"secunia":["52218"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"2.7"},{"id":7017,"title":"Editorial Calendar 2.6 - Post Query Multiple Filter SQL Injection","osvdb":["90228"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z"}]}},{"shareyourcart":{"vulnerabilities":[{"id":7018,"title":"ShareYourCart 1.6.1 - SDK Multiple Unspecified Path Disclosure","osvdb":["81618"],"cve":["2012-4332"],"secunia":["48960"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"1.7.1"}]}},{"alo-easymail":{"vulnerabilities":[{"id":7019,"title":"ALO EasyMail Newsletter 2.4.7 - Multiple Unspecified XSS","osvdb":["82324"],"secunia":["49320"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"2.4.8"}]}},{"contact-form-7":{"vulnerabilities":[{"id":7020,"title":"Contact Form 7 \u003c= 3.7.1 - Security Bypass Vulnerability","url":["http://www.securityfocus.com/bid/66381/"],"cve":["2014-2265"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:06.000Z","updated_at":"2014-08-01T10:59:06.000Z","fixed_in":"3.7.2"},{"id":7022,"title":"Contact Form 7 \u003c= 3.5.2 - File Upload Remote Code Execution","url":["http://packetstormsecurity.com/files/124154/"],"osvdb":["100189"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-12-09T10:19:05.000Z","fixed_in":"3.5.3"}]}},{"store-locator":{"vulnerabilities":[{"id":7023,"title":"Store Locator \u003c= 2.6.1 - Cross-Site Request Forgery Vulnerability","osvdb":["100485"],"secunia":["55276"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z","fixed_in":"2.12"}]}},{"optinfirex":{"vulnerabilities":[{"id":7024,"title":"Optinfirex - lp/index.php id Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124188/"],"osvdb":["100435"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"amerisale-re":{"vulnerabilities":[{"id":7025,"title":"Amerisale-Re - Remote Shell Upload","url":["http://packetstormsecurity.com/files/124992/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7026,"title":"Amerisale-Re - netriesdetail/upload.php edit Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124187/","http://xforce.iss.net/xforce/xfdb/89263"],"osvdb":["100434"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"js-multihotel":{"vulnerabilities":[{"id":7027,"title":"JS MultiHotel 2.2.1 - includes/show_image.php file Parameter Remote File Inclusion DoS","url":["http://packetstormsecurity.com/files/125959/","http://seclists.org/fulldisclosure/2014/Mar/428"],"osvdb":["105185"],"vuln_type":"RFI","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7028,"title":"JS MultiHotel 2.2.1 - includes/delete_img.php path Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/125959/","http://seclists.org/fulldisclosure/2014/Mar/428","http://www.securityfocus.com/bid/66529"],"osvdb":["105186"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7029,"title":"JS MultiHotel 2.2.1 - Multiple Script Direct Request Path Disclosure","url":["http://packetstormsecurity.com/files/125959/","http://seclists.org/fulldisclosure/2014/Mar/428"],"osvdb":["105187"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7030,"title":"JS MultiHotel 2.2.1 - includes/timthumb.php src Parameter Direct Request Path Disclosure","url":["http://seclists.org/fulldisclosure/2014/Mar/413","http://www.securityfocus.com/bid/66529","http://packetstormsecurity.com/files/125959/"],"osvdb":["105119"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-09-19T08:30:19.000Z"},{"id":7031,"title":"JS MultiHotel 2.2.1 - refreshDate.php roomid Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124239/","http://www.securityfocus.com/bid/64045"],"osvdb":["100575"],"secunia":["55919"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"dzs-videogallery":{"vulnerabilities":[{"id":7032,"title":"DZS Video Gallery - ajax.php source Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/125179/"],"osvdb":["103283"],"secunia":["56904"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7033,"title":"DZS Video Gallery - upload.php File Upload Remote Code Execution","osvdb":["100620"],"exploitdb":["29834"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7034,"title":"DZS Video Gallery 3.1.3 - Remote File Disclosure","url":["http://packetstormsecurity.com/files/124317/"],"osvdb":["100750"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7035,"title":"DZS Video Gallery - preview_allchars.swf logoLink Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/126846/","http://www.securityfocus.com/bid/67698","http://seclists.org/fulldisclosure/2014/May/157"],"osvdb":["107521"],"cve":["2014-3923"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7036,"title":"DZS Video Gallery - deploy/preview_skin_overlay.swf logoLink Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/126846/","http://www.securityfocus.com/bid/67698","http://seclists.org/fulldisclosure/2014/May/157"],"osvdb":["107522"],"cve":["2014-3923"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7037,"title":"DZS Video Gallery - deploy/preview.swf logoLink Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/126846/","http://www.securityfocus.com/bid/67698","http://seclists.org/fulldisclosure/2014/May/157"],"osvdb":["107523"],"cve":["2014-3923"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7038,"title":"DZS Video Gallery - preview_skin_rouge.swf logoLink Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/126846/","http://www.securityfocus.com/bid/67698","http://seclists.org/fulldisclosure/2014/May/157"],"osvdb":["107524"],"cve":["2014-3923"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7605,"title":"DZS Video Gallery Plugin - RCE \u0026 More","url":["http://seclists.org/fulldisclosure/2014/May/157","http://seclists.org/fulldisclosure/2014/Jul/65"],"cve":["2014-9094"],"vuln_type":"RCE","created_at":"2014-09-27T12:04:59.000Z","updated_at":"2014-12-29T23:04:38.000Z"}]}},{"askapache-firefox-adsense":{"vulnerabilities":[{"id":7039,"title":"AskApache Firefox Adsense 3.0 - Unspecified CSRF","url":["https://www.htbridge.com/advisory/HTB23188"],"osvdb":["100662"],"cve":["2013-6992"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"ad-minister":{"vulnerabilities":[{"id":7040,"title":"Ad-minister 0.6 - Unspecified XSS","url":["http://packetstormsecurity.com/files/124604/","https://www.htbridge.com/advisory/HTB23187"],"osvdb":["100663"],"cve":["2013-6993"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"tdo-mini-forms":{"vulnerabilities":[{"id":7041,"title":"TDO Mini Forms 0.13.9 - tdomf-upload-inline.php File Upload Remote Code Execution","url":["http://packetstormsecurity.com/files/124352/"],"osvdb":["100847"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"huskerportfolio":{"vulnerabilities":[{"id":7042,"title":"HuskerPortfolio 0.3 - huskerPortfolio.php File Upload CSRF","url":["http://packetstormsecurity.com/files/124359/"],"osvdb":["100845"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"formcraft":{"vulnerabilities":[{"id":7043,"title":"FormCraft - form.php id Parameter SQL Injection","url":["http://packetstormsecurity.com/files/124343/"],"osvdb":["100877"],"secunia":["56044"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-09-17T19:28:48.000Z"},{"id":7552,"title":" FormCraft \u003c= 2.0.5 Arbitrary File Deletion","url":["http://1337day.com/exploit/22648"],"vuln_type":"UNKNOWN","created_at":"2014-09-17T19:52:30.000Z","updated_at":"2014-09-17T19:52:43.000Z"}]}},{"zarzadzanie_kontem":{"vulnerabilities":[{"id":7044,"title":"Zarzadzanie Kontem - ajaxfilemanager.php File Upload Arbitrary Code Execution","url":["http://packetstormsecurity.com/files/118322/"],"osvdb":["87834"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"ads-box":{"vulnerabilities":[{"id":7045,"title":"Ads Box - iframe_ampl.php count Parameter SQL Injection","url":["http://packetstormsecurity.com/files/118342/","http://www.securityfocus.com/bid/56681","http://xforce.iss.net/xforce/xfdb/80256"],"osvdb":["88257"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"broken-link-checker":{"vulnerabilities":[{"id":7046,"title":"Broken Link Checker 1.9.1 - Bulk Action Form URL Handling XSS","osvdb":["101059"],"secunia":["56053"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z","fixed_in":"1.9.2"},{"id":7047,"title":"Broken Link Checker 1.9.1 - Sort Direction Query Argument Handling XSS","osvdb":["101066"],"secunia":["56053"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z","fixed_in":"1.9.2"},{"id":7707,"title":"Broken Link Checker 1.10.1 - Authenticated Stored XSS","url":["https://wordpress.org/plugins/broken-link-checker/changelog/"],"vuln_type":"XSS","created_at":"2014-12-04T15:47:34.000Z","updated_at":"2014-12-04T15:47:57.000Z","fixed_in":"1.10.2"}]}},{"easy-career-openings":{"vulnerabilities":[{"id":7048,"title":"Easy Career Openings - jobid Parameter SQL Injection","url":["http://packetstormsecurity.com/files/124309/"],"osvdb":["100677"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"q-and-a":{"vulnerabilities":[{"id":7049,"title":"Q and A 1.0.6.2 - Multiple Scripts Direct Request Path Disclosure","osvdb":["100793"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"ml-slider":{"vulnerabilities":[{"id":7050,"title":"Meta Slider 2.5 - metaslider.php id Parameter XSS","url":["http://packetstormsecurity.com/files/127288/","http://www.securityfocus.com/bid/68283"],"osvdb":["108611"],"cve":["2014-4846"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"},{"id":7051,"title":"Meta Slider 2.1.6 - Multiple Script Direct Request Path Disclosure","osvdb":["100794"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"custom-tables":{"vulnerabilities":[{"id":7052,"title":"Custom Tables 3.4.4 - iframe.php key Parameter XSS","osvdb":["83646"],"secunia":["49823"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:07.000Z","updated_at":"2014-08-01T10:59:07.000Z"}]}},{"wp-socializer":{"vulnerabilities":[{"id":7053,"title":"WP Socializer 2.4.2 - admin/wpsr-services-selector.php val Parameter XSS","osvdb":["83645"],"secunia":["49824"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"church-admin":{"vulnerabilities":[{"id":7054,"title":"church_admin 0.33.4.5 - includes/validate.php id Parameter XSS","osvdb":["83644"],"secunia":["49827"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"phpfreechat":{"vulnerabilities":[{"id":7055,"title":"PHPFreeChat 0.2.8 - lib/csstidy-1.2/css_optimiser.php url Parameter XSS","osvdb":["83642"],"secunia":["49826"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"simple-embed-code":{"vulnerabilities":[{"id":7056,"title":"Artiss Code Embed 2.0.1 - wp-admin/admin.php suffix Parameter XSS","osvdb":["83686"],"secunia":["49848"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"2.0.2"}]}},{"dewplayer-flash-mp3-player":{"vulnerabilities":[{"id":7057,"title":"Dewplayer - dewplayer-vinyl.swf xml Parameter XML File Handling XSS","url":["http://packetstormsecurity.com/files/124582/","http://www.securityfocus.com/bid/64506","http://seclists.org/fulldisclosure/2013/Dec/192"],"osvdb":["101353"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"},{"id":7058,"title":"Dewplayer - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS","url":["http://packetstormsecurity.com/files/124582/","http://www.securityfocus.com/bid/64506","http://seclists.org/fulldisclosure/2013/Dec/192"],"osvdb":["101352"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"},{"id":7059,"title":"Dewplayer \u003c= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness","url":["http://seclists.org/fulldisclosure/2013/Dec/209"],"osvdb":["101440"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"advanced-dewplayer":{"vulnerabilities":[{"id":7060,"title":"Advanced Dewplayer - dewplayer-vinyl.swf xml Parameter XML File Handling XSS","url":["http://packetstormsecurity.com/files/124582/","http://www.securityfocus.com/bid/64506","http://seclists.org/fulldisclosure/2013/Dec/192"],"osvdb":["101353"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"},{"id":7058,"title":"Dewplayer - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS","url":["http://packetstormsecurity.com/files/124582/","http://www.securityfocus.com/bid/64506","http://seclists.org/fulldisclosure/2013/Dec/192"],"osvdb":["101352"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"},{"id":7061,"title":"Advanced Dewplayer \u003c= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness","url":["http://seclists.org/fulldisclosure/2013/Dec/209"],"osvdb":["101440"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"},{"id":7062,"title":"Advanced Dewplayer \u003c= 1.2 - download-file.php dew_file Parameter Traversal Arbitrary File Access","url":["http://seclists.org/oss-sec/2013/q4/566"],"osvdb":["101513"],"secunia":["55941"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"sem-wysiwyg":{"vulnerabilities":[{"id":7063,"title":"SEM WYSIWYG - Arbitrary File Upload","url":["http://packetstormsecurity.com/files/115789/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"recommend-a-friend":{"vulnerabilities":[{"id":7064,"title":"Recommend a friend 2.0.2 - inc/raf_form.php current_url Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124587/"],"osvdb":["101487"],"cve":["2013-7276"],"secunia":["56209"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"securimage-wp":{"vulnerabilities":[{"id":7065,"title":"Securimage-WP 3.2.4 - siwp_test.php URI XSS","url":["http://packetstormsecurity.com/files/121588/","http://xforce.iss.net/xforce/xfdb/84186"],"osvdb":["93259"],"secunia":["53376"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"amazon-affiliate-link-localizer":{"vulnerabilities":[{"id":7066,"title":"Amazon Affiliate Link Localizer 1.8.2 - amazon_affiliate_link_localizer.php amzn_com Parameter XSS","url":["http://www.dfcode.org/code.php?id=27"],"osvdb":["100783"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"maxbuttons":{"vulnerabilities":[{"id":7067,"title":"MaxButtons 1.19.0 - includes/maxbuttons-button-css.php Authentication Bypass","osvdb":["101773"],"secunia":["56272"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"1.20.0"},{"id":7646,"title":"MaxButtons 1.26.0 - Cross Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/128693/","https://www.htbridge.com/advisory/HTB23237"],"cve":["2014-7181"],"vuln_type":"XSS","created_at":"2014-10-15T19:34:21.000Z","updated_at":"2014-10-15T20:31:59.000Z","fixed_in":"1.26.1"}]}},{"aprils-super-functions-pack":{"vulnerabilities":[{"id":7068,"title":"April's Super Functions Pack 1.4.7 - readme.php page Parameter Reflected XSS","osvdb":["101807"],"cve":["2014-100026"],"secunia":["55576"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2015-01-17T18:52:33.000Z","fixed_in":"1.4.8"}]}},{"wordpress-connect":{"vulnerabilities":[{"id":7069,"title":"WordPress Connect 2.0.3 - Editor Pages Unspecified XSS","osvdb":["101716"],"secunia":["56238"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"page-layout-builder":{"vulnerabilities":[{"id":7070,"title":"Page Layout Builder 1.3.4 - includes/layout-settings.php layout_settings_id Parameter Reflected XSS","osvdb":["101723"],"secunia":["56214"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"1.3.6"},{"id":7071,"title":"Page Layout Builder 1.3.4 - Unspecified Issue","osvdb":["101724"],"secunia":["56214"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"1.3.6"}]}},{"foliopress-wysiwyg":{"vulnerabilities":[{"id":7072,"title":"Foliopress WYSIWYG - Unspecified XSS","osvdb":["101726"],"secunia":["56261"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"2.6.8.5"}]}},{"intouch":{"vulnerabilities":[{"id":7073,"title":"intouch 2.0 - intouch.js.php intouch_failure Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124687/","http://www.securityfocus.com/bid/64680"],"osvdb":["101822"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"nmedia-mailchimp-widget":{"vulnerabilities":[{"id":7074,"title":"Nmedia MailChimp 3.1 - api_mailchimp/postToMailChimp.php abs_path Parameter XSS","osvdb":["83083"],"secunia":["49538"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"3.2"}]}},{"ns-utilities":{"vulnerabilities":[{"id":7075,"title":"NS Utilities 1.0 - Unspecified Remote Issue","osvdb":["82944"],"secunia":["49476"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"1.1"}]}},{"spiffy":{"vulnerabilities":[{"id":7076,"title":"Spiffy XSPF Player 0.1 - playlist.php playlist_id Parameter SQL Injection","url":["http://packetstormsecurity.com/files/121204/","http://www.securityfocus.com/bid/58976","http://xforce.iss.net/xforce/xfdb/83345"],"osvdb":["92258"],"cve":["2013-3530"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"easy-media-gallery":{"vulnerabilities":[{"id":7077,"title":"Easy Media Gallery 1.2.29 - wp-admin/edit.php Multiple Parameter Stored XSS","url":["http://packetstormsecurity.com/files/125396/","http://www.securityfocus.com/bid/65804"],"osvdb":["103779"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"},{"id":7078,"title":"Easy Media Gallery 1.2.25 - includes/emg-settings.php spg_add_admin Function Admin User Creation CSRF","url":["http://incolumitas.com/2013/12/17/exploiting-wordpress-plugins-using-insecure-admin-forms-no-3-example-exploit-included/"],"osvdb":["101941"],"secunia":["56408"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"1.2.27"}]}},{"wp-members":{"vulnerabilities":[{"id":7079,"title":"WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS","url":["http://packetstormsecurity.com/files/124720/","http://www.securityfocus.com/bid/64713"],"osvdb":["101946"],"secunia":["56271"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"2.8.10"},{"id":7080,"title":"WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124720/","http://www.securityfocus.com/bid/64713"],"osvdb":["101947"],"secunia":["56271"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"2.8.10"}]}},{"wpmbytplayer":{"vulnerabilities":[{"id":7081,"title":"mb.YTPlayer for background videos 1.7.2 - TinyMCE Popup Unspecified Issue","osvdb":["101718"],"secunia":["56270"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"1.7.3"}]}},{"keyring":{"vulnerabilities":[{"id":7082,"title":"Keyring 1.5 - OAuth Example Page XSS","secunia":["56367"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z"}]}},{"avchat-3":{"vulnerabilities":[{"id":7083,"title":"AVChat Video Chat 1.4.1 - index_popup.php Multiple Parameters Reflected XSS","osvdb":["102206"],"secunia":["56447"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:08.000Z","updated_at":"2014-08-01T10:59:08.000Z","fixed_in":"1.4.2"}]}},{"groupdocs-comparison":{"vulnerabilities":[{"id":7084,"title":"GroupDocs Comparison 1.0.2 - grpdocscomparison.php Multiple Parameter XSS","osvdb":["102297"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.0.3"}]}},{"groupdocs-signature":{"vulnerabilities":[{"id":7085,"title":"GroupDocs Signature 1.2.0 - grpdocs-dialog.php Multiple Parameter XSS","osvdb":["102298"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.2.1"},{"id":7086,"title":"GroupDocs Signature 1.2.0 - options.php Multiple Parameter XSS","osvdb":["102299"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.2.1"}]}},{"groupdocs-viewer":{"vulnerabilities":[{"id":7087,"title":"GroupDocs Viewer 1.4.1 - options.php Multiple Parameter XSS","osvdb":["102299"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.4.2"},{"id":7088,"title":"GroupDocs Viewer 1.4.1 - grpdocs-dialog.php Multiple Parameter XSS","osvdb":["102300"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.4.2"}]}},{"groupdocs-documents-annotation":{"vulnerabilities":[{"id":7089,"title":"GroupDocs Document Annotation 1.3.8 - options.php Multiple Parameter XSS","osvdb":["102299"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.3.9"},{"id":7090,"title":"GroupDocs Document Annotation 1.3.8 - grpdocs-dialog.php Multiple Parameter XSS","osvdb":["102301"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.3.9"}]}},{"athlon-manage-calameo-publications":{"vulnerabilities":[{"id":7091,"title":"Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS","osvdb":["102433"],"secunia":["56428"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.1.1"}]}},{"ss-downloads":{"vulnerabilities":[{"id":7092,"title":"SS Downloads  1.4.4.1 - services/getfile.php file Parameter XSS","osvdb":["102501"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.5"},{"id":7093,"title":"SS Downloads  1.4.4.1 - ss-downloads.php Multiple Variables XSS","osvdb":["102502"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.5"},{"id":7094,"title":"SS Downloads  1.4.4.1 - templates/download.php Multiple Parameters Reflected XSS","osvdb":["102503"],"secunia":["56428"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.5"},{"id":7095,"title":"SS Downloads  1.4.4.1 - templates/register.php Multiple Parameter Reflected XSS","osvdb":["102504"],"secunia":["56428"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.5"},{"id":7096,"title":"SS Downloads  1.4.4.1 - templates/emailsent.php Multiple Parameter Reflected XSS","osvdb":["102537"],"secunia":["56532"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.5"},{"id":7097,"title":"SS Downloads  1.4.4.1 - templates/emailform.php Multiple Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124958/"],"osvdb":["102538"],"secunia":["56532"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.5"},{"id":7098,"title":"SS Downloads  1.4.4.1 - templates/emailandnameform.php Multiple Parameter Reflected XSS","osvdb":["102539"],"secunia":["56532"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.5"}]}},{"global-flash-galleries":{"vulnerabilities":[{"id":7099,"title":"Global Flash Galleries - popup.php id Parameter SQL Injection","osvdb":["104907"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z"},{"id":7100,"title":"Global Flash Galleries - swfupload.php Unauthenticated Image Upload Weakness","url":["http://packetstormsecurity.com/files/124850/","http://www.securityfocus.com/bid/65060"],"osvdb":["102423"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z"}]}},{"social-connect":{"vulnerabilities":[{"id":7101,"title":"Social Connect 0.10.1 - diagnostics/test.php testing Parameter Reflected XSS","osvdb":["102411"],"secunia":["56587"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"0.10.2"}]}},{"let-them-unsubscribe":{"vulnerabilities":[{"id":7102,"title":"Let Them Unsubscribe 1.0 - let-them-unsubscribe.php Multiple Unspecified Issues","osvdb":["102500"],"secunia":["56659"],"vuln_type":"MULTI","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.1"}]}},{"seo-image":{"vulnerabilities":[{"id":7103,"title":"SEO Friendly Images 2.7.4 - seo-friendly-images.php Add Page CSRF","osvdb":["101789"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"2.7.5"},{"id":7104,"title":"SEO Friendly Images 2.7.4 - seo-friendly-images.php Multiple Parameters XSS","osvdb":["101790"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"2.7.5"},{"id":7741,"title":"SEO Friendly Images \u003c= 3.0.4 - Cross-Site Scripting (XSS)","url":["https://wordpress.org/plugins/seo-image/changelog/","https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=1058363%40seo-image\u0026old=1056220%40seo-image\u0026sfp_email=\u0026sfph_mail="],"vuln_type":"XSS","created_at":"2015-01-03T11:37:15.000Z","updated_at":"2015-01-03T11:48:56.000Z","fixed_in":"3.0.5"}]}},{"wordpress-social-ring":{"vulnerabilities":[{"id":7105,"title":"Social Ring 1.0 - share.php url Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124851/"],"osvdb":["102424"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"1.1.9"}]}},{"flagallery-skins":{"vulnerabilities":[{"id":7106,"title":"GRAND FlAGallery Skins - compact_music_player/gallery.php playlist Parameter SQL Injection","url":["http://packetstormsecurity.com/files/121699/"],"osvdb":["93581"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z"}]}},{"contus-video-gallery":{"vulnerabilities":[{"id":7107,"title":"Contus Video Gallery 2.0 \u0026 1.6 - SQL Injection","url":["http://www.securityfocus.com/bid/59845","http://xforce.iss.net/xforce/xfdb/84239"],"osvdb":["93369"],"cve":["2013-3478"],"secunia":["51344"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-09-24T11:15:31.000Z","fixed_in":"2.1"},{"id":7597,"title":"Contus Video Gallery 2.3.1.0.1 - SQL Injection","url":["http://packetstormsecurity.com/files/127611/"],"osvdb":["109621","109620","109619","109618","109616","109617","109615","109614","109613","109612","109611"],"cve":["2014-9097","2014-9098"],"vuln_type":"SQLI","created_at":"2014-09-23T14:06:12.000Z","updated_at":"2014-12-29T23:11:29.000Z","fixed_in":"2.5"}]}},{"webengage":{"vulnerabilities":[{"id":7108,"title":"WebEngage 2.0.0 - callback.php Multiple Parameter Reflected XSS","osvdb":["102560"],"secunia":["56700"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"2.0.1"},{"id":7109,"title":"WebEngage 2.0.0 - renderer.php Multiple Parameter Reflected XSS","osvdb":["102561"],"secunia":["56700"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"2.0.1"},{"id":7110,"title":"WebEngage 2.0.0 - resize.php height Parameter XSS","osvdb":["102562"],"secunia":["56700"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:09.000Z","updated_at":"2014-08-01T10:59:09.000Z","fixed_in":"2.0.1"}]}},{"seolinkrotator":{"vulnerabilities":[{"id":7112,"title":"Seo Link Rotator - pusher.php title Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/124959/"],"osvdb":["102594"],"secunia":["56710"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z"}]}},{"nokia-mapsplaces":{"vulnerabilities":[{"id":7113,"title":"Nokia Maps and Places 1.6.6 - place.html href Parameter Reflected XSS","osvdb":["102669"],"cve":["2014-1750"],"secunia":["56604"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.6.7"}]}},{"webinar_plugin":{"vulnerabilities":[{"id":7114,"title":"Easy Webinar - get_widget.php wid Parameter SQL Injection","osvdb":["86754"],"exploitdb":["22300"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.6.7"}]}},{"wp-social-invitations":{"vulnerabilities":[{"id":7115,"title":"WP Social Invitations \u003c=1.4.4.2 - test.php Multiple Parameter Reflected XSS","osvdb":["102741"],"secunia":["56711"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.4.4.3"}]}},{"infusionsoft":{"vulnerabilities":[{"id":7116,"title":"Infusionsoft Gravity Forms Add-on 1.5.6 - Unspecified XSS","osvdb":["102742"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.5.7"},{"id":7634,"title":"Infusionsoft Gravity Forms 1.5.3 - 1.5.10 Arbitrary File Upload","url":["http://research.g0blin.co.uk/cve-2014-6446/"],"cve":["2014-6446"],"exploitdb":["34925"],"vuln_type":"UPLOAD","created_at":"2014-10-06T17:26:08.000Z","updated_at":"2014-10-11T12:46:21.000Z","metasploit":"exploit/unix/webapp/php_wordpress_infusionsoft","fixed_in":"1.5.10"}]}},{"comment-control":{"vulnerabilities":[{"id":7117,"title":"Comment Control 0.3.0 - comment-control.php type Parameter SQL Injection","osvdb":["102581"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"0.3.1"}]}},{"wptouch":{"vulnerabilities":[{"id":7118,"title":"WPtouch 3.x - Insecure Nonce Generation","url":["http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-09-16T14:13:17.000Z","metasploit":"exploit/unix/webapp/wp_wptouch_file_upload","fixed_in":"3.4.3"},{"id":7119,"title":"WPtouch 1.9.27 - 'wptouch_redirect' Parameter URI Redirection Vulnerability","url":["http://www.securityfocus.com/bid/48348"],"osvdb":["110087"],"exploitdb":["17423"],"vuln_type":"REDIRECT","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-09-17T15:07:42.000Z","fixed_in":"1.9.30"},{"id":7120,"title":"WPtouch 1.9.19.4 - Cross-Site Scripting (XSS)","url":["http://www.securityfocus.com/bid/45139"],"osvdb":["69538"],"cve":["2010-4779"],"secunia":["42438"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-09-27T13:48:58.000Z","fixed_in":"1.9.20"},{"id":7121,"title":"WPtouch 1.9.8 - ajax/file_upload.php Crafted Content-Type File Upload Remote Code Execution","osvdb":["102582"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.9.8.1"},{"id":7122,"title":"WPtouch 1.9.8 - include/submit.php Multiple Parameter SQL Injection","osvdb":["102583"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.9.8.1"}]}},{"better-search":{"vulnerabilities":[{"id":7123,"title":"Better Search 1.2.1 - admin.inc.php Setting Manipulation CSRF","osvdb":["102584"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.3"},{"id":7725,"title":"Better Search \u003c= 1.3.4 - Reflective XSS","url":["https://wordpress.org/plugins/better-search/changelog/"],"vuln_type":"XSS","created_at":"2014-12-16T15:52:32.000Z","updated_at":"2014-12-16T15:52:55.000Z","fixed_in":"1.3.5"}]}},{"stop-user-enumeration":{"vulnerabilities":[{"id":7125,"title":"Stop User Enumeration 1.2.4 - POST Request Protection Bypass","url":["http://packetstormsecurity.com/files/125035/","http://seclists.org/fulldisclosure/2014/Feb/3"],"osvdb":["102799"],"secunia":["56643"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z"}]}},{"delightful-downloads":{"vulnerabilities":[{"id":7126,"title":"Delightful Downloads 1.3.1.1 - meta-boxes.php dedo_meta_boxes_save Function Multiple Action Authorization Bypass","osvdb":["102932"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.3.2"},{"id":7127,"title":"Delightful Downloads 1.3.1.1 - includes/functions.php User-Agent HTTP Header Stored XSS","osvdb":["102928"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.3.2"}]}},{"mobiloud-mobile-app-plugin":{"vulnerabilities":[{"id":7128,"title":"Mobiloud 1.9.0 - comments/disqus_count.php shortname Parameter Reflected XSS","osvdb":["102898"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.9.1"},{"id":7129,"title":"Mobiloud 1.9.0 - comments/disqus.php shortname Parameter Reflected XSS","osvdb":["102899"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.9.1"},{"id":7533,"title":"Mobiloud \u003c 2.3.8 Multiple XSS","osvdb":["109671","109672","109673","109674","109675","109676","109677","109678","109679","109680","109681","109682","109683","109684","109685","109686"],"cve":["2014-5344"],"secunia":["60530"],"vuln_type":"XSS","created_at":"2014-09-17T14:48:39.000Z","updated_at":"2014-11-18T21:04:07.000Z","fixed_in":"2.3.8"}]}},{"all_in_one_carousel":{"vulnerabilities":[{"id":7130,"title":"all_in_one_carousel 1.2.20 - /tpl/add_carousel.php id Parameter Reflected XSS","url":["http://seclists.org/bugtraq/2014/Feb/38"],"osvdb":["103351"],"secunia":["56962"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z"}]}},{"frontend-uploader":{"vulnerabilities":[{"id":7131,"title":"Frontend Uploader - Unspecified File Upload Remote Code Execution","osvdb":["103454"],"exploitdb":["31570"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z"},{"id":7742,"title":"Frontend Uploader \u003c= 0.9.2 - Cross Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/129749/"],"cve":["2014-9444"],"vuln_type":"XSS","created_at":"2015-01-03T11:54:21.000Z","updated_at":"2015-01-14T12:52:44.000Z"}]}},{"wp-security-scan":{"vulnerabilities":[{"id":7132,"title":"Acunetix WP Security 4.0.3 - /wp-admin/admin.php wps-database Page Backup Generation CSRF Weakness","url":["http://packetstormsecurity.com/files/125218/"],"osvdb":["103467"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z"}]}},{"aryo-activity-log":{"vulnerabilities":[{"id":7133,"title":"Aryo Activity Log - Full Path Disclosure","url":["https://github.com/KingYes/wordpress-aryo-activity-log/pull/27"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"2.0.4"}]}},{"wp-jquery-spam":{"vulnerabilities":[{"id":7134,"title":"WP jQuery Spam 1.1 - dynamic.php id Parameter Reflected XSS","osvdb":["103579"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"1.2"}]}},{"media-file-renamer":{"vulnerabilities":[{"id":7135,"title":"Media File Renamer v1.7.0 - Persistent XSS","url":["http://packetstormsecurity.com/files/125378/","http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/"],"cve":["2014-2040"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z"}]}},{"flash-player-widget":{"vulnerabilities":[{"id":7136,"title":"Flash Player Widget - dewplayer.swf Content Spoofing","url":["http://www.openwall.com/lists/oss-security/2013/12/30/5"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z"}]}},{"alpine-photo-tile-for-instagram":{"vulnerabilities":[{"id":7137,"title":"Alpine PhotoTile For Instagram 1.2.6.5 - wp-admin/options-general.php general_lightbox_params Parameter XSS Weakness","url":["http://packetstormsecurity.com/files/125418/"],"osvdb":["103822"],"secunia":["57198"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z"}]}},{"widget-control-powered-by-everyblock":{"vulnerabilities":[{"id":7138,"title":"Widget Control Powered By Everyblock 1.0.1 - wp-admin/admin.php idDropdown Parameter XSS Weakness","url":["http://packetstormsecurity.com/files/125421/"],"osvdb":["103831"],"secunia":["57203"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z"}]}},{"search-everything":{"vulnerabilities":[{"id":7139,"title":"Search Everything 8.1.0 - options.php Unspecified CSRF","osvdb":["106733"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:10.000Z","updated_at":"2014-08-01T10:59:10.000Z","fixed_in":"8.1.1"},{"id":7141,"title":"Search Everything 7.0.2 - search-everything.php s Parameter SQL Injection","url":["http://www.securityfocus.com/bid/65765"],"osvdb":["103718"],"cve":["2014-2316"],"secunia":["56802"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"7.0.3"}]}},{"zedity":{"vulnerabilities":[{"id":7142,"title":"Zedity 2.5 - wp-admin/admin-ajax.php zedity_ajax Action zaction Parameter XSS","url":["http://www.securityfocus.com/bid/65799","http://packetstormsecurity.com/files/125402/"],"osvdb":["103789"],"secunia":["57026"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-09-18T19:11:45.000Z","fixed_in":"2.5.1"},{"id":7143,"title":"Zedity 2.4 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/125402/"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z"}]}},{"wp-post-to-pdf":{"vulnerabilities":[{"id":7144,"title":"WP Post to PDF 2.3.1 - wp-admin/options.php wpptopdf headerFontSize Parameter XSS","url":["http://packetstormsecurity.com/files/125432/"],"osvdb":["103872"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z"}]}},{"bsk-pdf-manager":{"vulnerabilities":[{"id":7145,"title":"BSK PDF Manager 1.3.2 - wp-admin/admin.php Multiple Parameter SQL Injection","url":["http://packetstormsecurity.com/files/127407/","http://www.securityfocus.com/bid/68488"],"osvdb":["108913"],"cve":["2014-4944"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z"},{"id":7146,"title":"BSK PDF Manager 1.3 - wp-admin/admin.php Multiple Parameter XSS","url":["http://packetstormsecurity.com/files/125422/"],"osvdb":["103873"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z"}]}},{"mp3-jplayer":{"vulnerabilities":[{"id":7147,"title":"MP3-jPlayer 1.8.7 - wp-admin/options-general.php Multiple Parameter XSS","url":["http://packetstormsecurity.com/files/125417/"],"osvdb":["103875"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z"},{"id":7148,"title":"MP3-jPlayer 1.8.3 - jPlayer.swf XSS","osvdb":["92254"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"1.8.4"}]}},{"google-analytics-mu":{"vulnerabilities":[{"id":7149,"title":"Google Analytics MU 2.3 - google-analytics-mu-network.php Analytics Code Manipulation CSRF","url":["http://packetstormsecurity.com/files/125514/","http://seclists.org/fulldisclosure/2014/Mar/20","http://www.securityfocus.com/bid/65926"],"osvdb":["103937"],"secunia":["56157"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"2.4"}]}},{"repagent":{"vulnerabilities":[{"id":7150,"title":"Repagent - dewplayer-vinyl.swf xml Parameter XML File Handling XSS","url":["http://packetstormsecurity.com/files/124582/","http://www.securityfocus.com/bid/64506","http://seclists.org/fulldisclosure/2013/Dec/192"],"osvdb":["101353"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z"},{"id":7151,"title":"Repagent - dewplayer-vinyl-en.swf xml Parameter XML File Handling XSS","url":["http://packetstormsecurity.com/files/124582/","http://www.securityfocus.com/bid/64506","http://seclists.org/fulldisclosure/2013/Dec/192"],"osvdb":["101352"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z"}]}},{"LayerSlider":{"vulnerabilities":[{"id":7152,"title":"LayerSlider 4.6.1 - Style Editing CSRF","url":["http://packetstormsecurity.com/files/125637/"],"osvdb":["104393"],"secunia":["57930"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-09-25T16:01:50.000Z"},{"id":7153,"title":"LayerSlider 4.6.1 - Remote Path Traversal File Access","url":["http://packetstormsecurity.com/files/125637/"],"osvdb":["104394"],"secunia":["57309"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-09-25T16:02:10.000Z"}]}},{"xcloner-backup-and-restore":{"vulnerabilities":[{"id":7154,"title":"XCloner 3.1.0 - Multiple Actions CSRF","url":["http://packetstormsecurity.com/files/125991/","https://www.htbridge.com/advisory/HTB23206","https://www.htbridge.com/advisory/HTB23207"],"osvdb":["104402"],"cve":["2014-2340","2014-2579"],"secunia":["57362"],"exploitdb":["32701"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"3.1.1"},{"id":7657,"title":"XCloner \u003c= 3.1.1 - Multiple Vulnerabilities (RCE \u0026 LFI)","url":["http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/"],"osvdb":["114176","114177","114178","114179","114180"],"vuln_type":"MULTI","created_at":"2014-11-07T09:16:49.000Z","updated_at":"2014-11-07T09:16:49.000Z"}]}},{"guiform":{"vulnerabilities":[{"id":7155,"title":"GuiForm 1.4.10 - class/class-ajax.php Entry Saving CSRF","osvdb":["104399"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"1.5.0"}]}},{"clickdesk-live-support-chat-plugin":{"vulnerabilities":[{"id":7156,"title":"ClickDesk - Live Chat Widget Multiple Field XSS","url":["http://packetstormsecurity.com/files/125528/","http://www.securityfocus.com/bid/65971"],"osvdb":["104037"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z"}]}},{"duplicate-post":{"vulnerabilities":[{"id":7157,"title":"Duplicate Post 2.5 - duplicate-post-admin.php User Login Cookie Value SQL Injection","osvdb":["104669"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"2.6"},{"id":7158,"title":"Duplicate Post 2.5 - options-general.php post Parameter Reflected XSS","osvdb":["104670"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"2.6"}]}},{"mtouch-quiz":{"vulnerabilities":[{"id":7159,"title":"mTouch Quiz 3.0.6 - question.php quiz Parameter Reflected XSS","url":["http://www.securityfocus.com/bid/66306"],"osvdb":["104667"],"cve":["2014-100023"],"secunia":["57491"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2015-01-17T19:24:29.000Z","fixed_in":"3.0.7"},{"id":7160,"title":"mTouch Quiz 3.0.6 - question.php quiz Parameter SQL Injection","url":["http://www.securityfocus.com/bid/66306"],"osvdb":["104668"],"cve":["2014-100022"],"secunia":["57491"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2015-01-17T19:26:00.000Z","fixed_in":"3.0.7"}]}},{"simple-retail-menus":{"vulnerabilities":[{"id":7161,"title":"Simple Retail Menus 4.0.1 - includes/actions.php targetmenu Parameter SQL Injection","osvdb":["104680"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"4.1"},{"id":7162,"title":"Simple Retail Menus 4.0.1 - includes/mode-edit.php targetmenu Parameter SQL Injection","osvdb":["104682"],"cve":["2014-5183"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-09-24T07:34:05.000Z","fixed_in":"4.1"}]}},{"user-domain-whitelist":{"vulnerabilities":[{"id":7163,"title":"User Domain Whitelist 1.4 - user-domain-whitelist.php domain_whitelist Parameter Stored XSS","osvdb":["104681"],"secunia":["57490"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z"},{"id":7164,"title":"User Domain Whitelist 1.4 -  user-domain-whitelist.php Domain Whitelisting Manipulation CSRF","osvdb":["104683"],"secunia":["57490"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"1.5"}]}},{"subscribe-to-comments-reloaded":{"vulnerabilities":[{"id":7165,"title":"Subscribe To Comments Reloaded 140204 - options/index.php manager_page Parameter Stored XSS Weakness","url":["http://www.securityfocus.com/bid/66288"],"osvdb":["104698"],"secunia":["57015"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"140219"},{"id":7166,"title":"Subscribe To Comments Reloaded 140204 - options/index.php Admin Settings Manipulation CSRF","url":["http://www.securityfocus.com/bid/66288"],"osvdb":["104699"],"secunia":["57015"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"140219"}]}},{"analytics360":{"vulnerabilities":[{"id":7167,"title":"Analytics360 1.2.1 - analytics360.php Multiple Action CSRF","osvdb":["104743"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"1.2.2"},{"id":7168,"title":"Analytics360 1.2 - analytics360.php a360_error Parameter Reflected XSS","osvdb":["104744"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"1.2.1"}]}},{"the-events-calendar":{"vulnerabilities":[{"id":7169,"title":"The Events Calendar 3.0 - lib/template-classes/month.php tribe-bar-search Parameter Reflected XSS","osvdb":["104785"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:11.000Z","updated_at":"2014-08-01T10:59:11.000Z","fixed_in":"3.0.1"}]}},{"form-maker":{"vulnerabilities":[{"id":7170,"title":"Form Maker 1.6.4 - front_end_form_maker.php Unspecified XSS","osvdb":["104870"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.6.6"}]}},{"1-jquery-photo-gallery-slideshow-flash":{"vulnerabilities":[{"id":7171,"title":"ZooEffect 1.08 - HTTP Referer Reflected XSS","osvdb":["104876"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2015-01-15T18:20:41.000Z","fixed_in":"1.09"}]}},{"google-analytics-dashboard":{"vulnerabilities":[{"id":7172,"title":"Google Analytics Dashboard 2.0.4 - gad-admin-pages-posts.php pid Parameter SQL Injection","osvdb":["104877"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"2.0.5"}]}},{"blogvault-real-time-backup":{"vulnerabilities":[{"id":7173,"title":"blogVault 1.08 - Missing Account Empty Secret Key Generation","osvdb":["107570"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.09"},{"id":7174,"title":"blogVault 1.05 - admin.php blogVault Key Setting CSRF","osvdb":["104906"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.06"}]}},{"captcha":{"vulnerabilities":[{"id":7175,"title":"Captcha 2.12-3.8.1 - captcha bypass","url":["http://www.antoine-cervoise.fr/2014/03/27/contournement-du-plugin-captcha-pour-wordpress-v-3-8-1-et-anterieures/","https://github.com/cervoise/pentest-scripts/blob/master/web/cms/captcha-bypass/wordpress-plugins/captcha/bypass-3.8.1-and-previous.php"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"3.8.2"}]}},{"wp-html-sitemap":{"vulnerabilities":[{"id":7176,"title":"WP HTML Sitemap 1.2 - wp-html-sitemap.html Sitemap Deletion CSRF","url":["http://packetstormsecurity.com/files/125933/","http://seclists.org/fulldisclosure/2014/Mar/400","https://security.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/"],"osvdb":["105084"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z"}]}},{"groups":{"vulnerabilities":[{"id":7177,"title":"Groups 1.4.5 - Negated Role Capability Handling Elevated Privilege Issue","osvdb":["104940"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.4.6"}]}},{"html5-jquery-audio-player":{"vulnerabilities":[{"id":7178,"title":"HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php Multiple Parameter Stored XSS Weakness","osvdb":["104951"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"2.4"},{"id":7179,"title":"HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php id Parameter SQL Injection","osvdb":["104952"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"2.4"}]}},{"shrimptest":{"vulnerabilities":[{"id":7180,"title":"ShrimpTest 1.0b2 - plugins/metric-conversion.php Multiple Unspecified XSS","osvdb":["104956"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.0b3"},{"id":7181,"title":"ShrimpTest 1.0b2 - plugins/plugin-notification.php Unspecified XSS","osvdb":["104957"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.0b3"},{"id":7182,"title":"ShrimpTest 1.0b2 - plugins/variant-shortcode.php Unspecified XSS","osvdb":["104958"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.0b3"},{"id":7183,"title":"ShrimpTest 1.0b2 - admin/experiments.php Multiple Unspecified XSS","osvdb":["104959"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.0b3"},{"id":7184,"title":"ShrimpTest 1.0b2 - admin/experiment-new.php Multiple Unspecified XSS","osvdb":["104960"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.0b3"}]}},{"activehelper-livehelp":{"vulnerabilities":[{"id":7185,"title":"ActiveHelper LiveHelp Server 3.2.2 - server/import/status.php Multiple Parameter SQL Injection","osvdb":["104990"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"3.4.0"},{"id":7186,"title":"ActiveHelper LiveHelp Server 3.2.2 - server/import/tracker.php Multiple Parameter SQL Injection","osvdb":["104991"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"3.4.0"},{"id":7187,"title":"ActiveHelper LiveHelp Server 3.2.2 - server/import/javascript.php Multiple Vector SQL Injection","osvdb":["104992"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"3.4.0"},{"id":7188,"title":"ActiveHelper LiveHelp Server 3.2.2 - server/frames.php DEPARTMENT Parameter SQL Injection","osvdb":["104993"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"3.4.0"},{"id":7572,"title":"ActiveHelper LiveHelp Server 3.1.0 - server/offline.php Multiple Parameter XSS","url":["http://www.securityfocus.com/bid/68312","http://codevigilant.com/disclosure/wp-plugin-activehelper-livehelp-a3-cross-site-scripting-xss"],"osvdb":["108646"],"cve":["2014-4513"],"vuln_type":"XSS","created_at":"2014-09-20T20:01:03.000Z","updated_at":"2014-09-20T20:02:58.000Z","fixed_in":"3.1.5"}]}},{"springboard-video-quick-publish":{"vulnerabilities":[{"id":7189,"title":"Springboard Video Quick Publish 0.2.6 - videolist.php paged Parameter Reflected XSS","osvdb":["105992"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"0.2.7"},{"id":7190,"title":"Springboard Video Quick Publish 0.2.6 - springboardvideo.php video_id Parameter XSS","osvdb":["105993"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"0.2.7"},{"id":7191,"title":"Springboard Video Quick Publish 0.2.6 - sb_search.php paged Parameter Reflected XSS","osvdb":["105994"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"0.2.7"}]}},{"ignitiondeck":{"vulnerabilities":[{"id":7193,"title":"IgnitionDeck 1.1 - Purchase Form Unspecified XSS","osvdb":["105008"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.2"}]}},{"ajax-pagination":{"vulnerabilities":[{"id":7194,"title":"Ajax Pagination 1.1 - wp-admin/admin-ajax.php loop Parameter Local File Inclusion","url":["http://packetstormsecurity.com/files/125929/","http://seclists.org/fulldisclosure/2014/Mar/398"],"osvdb":["105087"],"exploitdb":["32622"],"vuln_type":"LFI","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z"}]}},{"tt-guest-post-submit":{"vulnerabilities":[{"id":7195,"title":"TT Guest Post Submit 1.0.0 - tt-guest-post-submit-submit.php rootpath Parameter Remote File Inclusion","osvdb":["105120"],"vuln_type":"RFI","created_at":"2014-08-01T10:59:12.000Z","updated_at":"2014-08-01T10:59:12.000Z","fixed_in":"1.0.1"}]}},{"salesforce-wordpress-to-lead":{"vulnerabilities":[{"id":7196,"title":"WordPress-to-Lead for Salesforce CRM 1.0.4 - ov_plugin_tools.php textinput Function XSS","osvdb":["105146"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"1.0.5"},{"id":7197,"title":"WordPress-to-Lead for Salesforce CRM 1.0.1 - salesforce.php salesforce_form_shortcode Function Error Message Handling XSS","osvdb":["105148"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"1.0.2"},{"id":7198,"title":"WordPress-to-Lead for Salesforce CRM 1.0 - salesforce.php Multiple Parameter XSS","osvdb":["105147"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"1.0.1"}]}},{"disable-comments":{"vulnerabilities":[{"id":7199,"title":"Disable Comments 1.0.3 - disable_comments_settings.php Comment Status Manipulation CSRF","url":["http://www.securityfocus.com/bid/66564"],"osvdb":["105245"],"cve":["2014-2550"],"secunia":["57613"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"1.0.4"}]}},{"wp-business-intelligence-lite":{"vulnerabilities":[{"id":7200,"title":"WP Business intelligence lite \u003c= 1.0.6 - Remote Code Execution Exploit","url":["http://packetstormsecurity.com/files/125927/","http://cxsecurity.com/issue/WLB-2014030243"],"secunia":["57590"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"1.1"}]}},{"barclaycart":{"vulnerabilities":[{"id":7201,"title":"Barclaycart - Shell Upload","url":["http://packetstormsecurity.com/files/125552/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z"}]}},{"Premium_Gallery_Manager":{"vulnerabilities":[{"id":7202,"title":"Premium Gallery Manager - Shell Upload","url":["http://packetstormsecurity.com/files/125586/"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z"}]}},{"jetpack":{"vulnerabilities":[{"id":7203,"title":"Jetpack \u003c= 2.9.2 - class.jetpack.php XML-RPC Access Control Bypass","url":["http://jetpack.me/2014/04/10/jetpack-security-update/"],"osvdb":["105714"],"cve":["2014-0173"],"secunia":["57729"],"vuln_type":"BYPASS","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"2.9.3"}]}},{"lazyest-gallery":{"vulnerabilities":[{"id":7204,"title":"Lazyest Gallery \u003c= 1.1.20 - EXIF Script Insertion Vulnerability","osvdb":["105680"],"cve":["2014-2333"],"secunia":["57746"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"1.1.21"},{"id":7206,"title":"Lazyest Gallery 0.10.4.3 - Multiple File/Directory Insecure Permissions Local Content Manipulation","osvdb":["105818"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"0.10.4.4"}]}},{"post-expirator":{"vulnerabilities":[{"id":7208,"title":"Post Expirator \u003c= 2.1.1 - Cross-Site Request Forgery Vulnerability","secunia":["57503"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"2.1.2"}]}},{"quick-pagepost-redirect-plugin":{"vulnerabilities":[{"id":7209,"title":"Quick Page Post Redirect 5.0.4 - redirect-updates.php quickppr_redirects Parameter Stored XSS","url":["http://www.securityfocus.com/bid/66790","https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/"],"osvdb":["105707"],"cve":["2014-2598"],"secunia":["57883"],"exploitdb":["32867"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"5.0.5"},{"id":7210,"title":"Quick Page Post Redirect 5.0.4 - redirect-updates.php Multiple Admin Function CSRF","url":["http://www.securityfocus.com/bid/66790","https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/"],"osvdb":["105708"],"cve":["2014-2598"],"secunia":["57883"],"exploitdb":["32867"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"5.0.5"}]}},{"twitget":{"vulnerabilities":[{"id":7211,"title":"Twitget 3.3.1 - twitget.php Twitter Setting Manipulation CSRF","url":["https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1/","http://packetstormsecurity.com/files/126134"],"osvdb":["105705"],"cve":["2014-2559"],"exploitdb":["32868"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-10-26T13:19:12.000Z","fixed_in":"3.3.3"},{"id":7212,"title":"Twitget 3.3.1 - twitget.php twitget_consumer_key Stored XSS","url":["https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1/","http://packetstormsecurity.com/files/126134/"],"osvdb":["105704"],"cve":["2014-2995"],"exploitdb":["32868"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-11-27T20:42:11.000Z","fixed_in":"3.3.3"}]}},{"hk-exif-tags":{"vulnerabilities":[{"id":7213,"title":"HK Exif Tags 1.11 - hk_exif_tags.php hk_exif_tags_images_process Function EXIF Tags Handling Stored XSS","url":["http://xforce.iss.net/xforce/xfdb/92555"],"osvdb":["105725"],"cve":["2014-100007"],"secunia":["57753"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2015-01-14T12:10:14.000Z","fixed_in":"1.12"}]}},{"unconfirmed":{"vulnerabilities":[{"id":7214,"title":"Unconfirmed \u003c= 1.2.4 - unconfirmed.php s Parameter Reflected XSS","url":["http://www.securityfocus.com/bid/66781"],"osvdb":["105722"],"cve":["2014-100018"],"secunia":["57838"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2015-01-17T19:28:47.000Z","fixed_in":"1.2.5"}]}},{"liveoptim":{"vulnerabilities":[{"id":7215,"title":"LiveOptim 1.1.3 - Configuration Setting Manipulation CSRF","url":["http://www.securityfocus.com/bid/66939"],"osvdb":["105986"],"cve":["2014-100001"],"secunia":["57990"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2015-01-14T11:56:45.000Z","fixed_in":"1.1.4"}]}},{"wp-conditional-captcha":{"vulnerabilities":[{"id":7216,"title":"Conditional CAPTCHA 3.6 - wp-conditional-captcha.php Settings Page CSRF","osvdb":["106014"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"3.6.1"}]}},{"wp-js-external-link-info":{"vulnerabilities":[{"id":7217,"title":"JS External Link Info 1.21 - redirect.php blog Parameter XSS","url":["http://packetstormsecurity.com/files/126238/","http://www.securityfocus.com/bid/66999"],"osvdb":["106125"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z"}]}},{"simple-fields":{"vulnerabilities":[{"id":7218,"title":"Simple Fields 1.1.6 - inc-admin-options.php Admin Functions CSRF","osvdb":["106316"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"1.2"},{"id":7219,"title":"Simple Fields 0.3.5 - simple_fields.php wp_abspath Parameter Remote File Inclusion","osvdb":["106622"],"vuln_type":"RFI","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-08-01T10:59:13.000Z","fixed_in":"0.3.6"}]}},{"work-the-flow-file-upload":{"vulnerabilities":[{"id":7220,"title":"Work The Flow File Upload \u003c 2.4 - wp-admin/admin-ajax.php accept_file_types Parameter Manipulation File Upload Restriction Bypass","url":["http://www.securityfocus.com/bid/67083","http://packetstormsecurity.com/files/126333/"],"osvdb":["106366"],"secunia":["58216"],"vuln_type":"UPLOAD","created_at":"2014-08-01T10:59:13.000Z","updated_at":"2014-10-12T13:24:54.000Z","fixed_in":"2.4"},{"id":7644,"title":"Work-The-Flow 1.2.1 - Shell Upload","url":["http://packetstormsecurity.com/files/126333/"],"osvdb":["106366"],"vuln_type":"RCE","created_at":"2014-10-12T13:22:52.000Z","updated_at":"2014-10-12T13:23:31.000Z","fixed_in":"2.3.2"}]}},{"file-gallery":{"vulnerabilities":[{"id":7221,"title":"File Gallery 1.7.9 - Settings Page create_function Function Remote Command Execution","url":["http://www.securityfocus.com/bid/67120"],"osvdb":["106417"],"cve":["2014-2558"],"secunia":["58216"],"vuln_type":"RCE","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.7.9.2"}]}},{"nextcellent-gallery-nextgen-legacy":{"vulnerabilities":[{"id":7222,"title":"NextCellent Gallery 1.9.13 - admin/manage-images.php Multiple Field Stored XSS Weakness","url":["http://www.securityfocus.com/bid/67085"],"osvdb":["106474"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.9.18"}]}},{"wp-affiliate-platform":{"vulnerabilities":[{"id":7223,"title":"WP Affiliate Manager - login.php msg Parameter XSS","url":["http://packetstormsecurity.com/files/126424/"],"osvdb":["106533"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z"}]}},{"photo-gallery":{"vulnerabilities":[{"id":7225,"title":"Photo-Gallery - UploadHandler.php File Upload CSRF","url":["http://packetstormsecurity.com/files/126521/"],"osvdb":["106732"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z"},{"id":7751,"title":"Photo Gallery \u003c= 1.2.7 - Unauthenticated SQL injection","url":["http://seclists.org/fulldisclosure/2015/Jan/36","http://packetstormsecurity.com/files/129927/"],"vuln_type":"SQLI","created_at":"2015-01-12T21:10:22.000Z","updated_at":"2015-01-14T11:42:36.000Z","fixed_in":"1.2.8"}]}},{"infusion4wp":{"vulnerabilities":[{"id":7226,"title":"iMember360is 3.9.001 - XSS / Disclosure / Code Execution","url":["http://1337day.com/exploit/22184"],"vuln_type":"MULTI","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"3.9.002"}]}},{"acumbamail-signup-forms":{"vulnerabilities":[{"id":7227,"title":"Acumbamail 1.0.4  - acumbamail.class.php callAPI() Function MitM Information Disclosure","url":["http://www.securityfocus.com/bid/67220"],"osvdb":["106711"],"secunia":["67220"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.0.4.1"}]}},{"tinymce-colorpicker":{"vulnerabilities":[{"id":7228,"title":"TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Color Saving CSRF","url":["http://www.securityfocus.com/bid/67333"],"osvdb":["106854"],"secunia":["58095"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.2"},{"id":7229,"title":"TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Missing edit_others_posts Capability Check","url":["http://www.securityfocus.com/bid/67333"],"osvdb":["106854"],"secunia":["58095"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.2"}]}},{"contact-bank":{"vulnerabilities":[{"id":7230,"title":"Contact Bank 2.0.19 - Multiple Unspecified Issues","osvdb":["106868"],"secunia":["67334"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"2.0.20"},{"id":7683,"title":"WP Contact Bank Standard Edition 2.0.69 XSS","url":["http://security.szurek.pl/wp-contact-bank-standard-edition-2069-xss.html"],"cve":["2014-8807"],"vuln_type":"XSS","created_at":"2014-11-20T22:28:54.000Z","updated_at":"2014-11-20T22:29:46.000Z","fixed_in":"2.0.70"}]}},{"bonuspressx":{"vulnerabilities":[{"id":7231,"title":"Bonuspressx - ar_submit.php n Parameter XSS","url":["http://packetstormsecurity.com/files/126595/"],"osvdb":["106931"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z"}]}},{"profile-builder":{"vulnerabilities":[{"id":7232,"title":"Profile Builder 1.1.59 - front-end/wppb.recover.password.php Password Recovery Bypass","url":["http://www.securityfocus.com/bid/67331"],"osvdb":["106986"],"secunia":["58511"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.1.60"}]}},{"basic-google-maps-placemarks":{"vulnerabilities":[{"id":7233,"title":"Basic Google Maps Placemarks 1.10.2 - settings.php Multiple Fields Stored XSS Weakness","osvdb":["107121"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.10.3"}]}},{"simple-popup":{"vulnerabilities":[{"id":7234,"title":"Simple Popup - popup.php z Parameter XSS","url":["http://packetstormsecurity.com/files/126763/","http://www.securityfocus.com/bid/67562"],"osvdb":["107294"],"cve":["2014-3921"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z"}]}},{"bib2html":{"vulnerabilities":[{"id":7235,"title":"bib2html 0.9.3 - /OSBiB/create/index.php styleShortName Parameter XSS","url":["http://packetstormsecurity.com/files/126782/","http://www.securityfocus.com/bid/67589"],"osvdb":["107296"],"cve":["2014-3870"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z"}]}},{"conversionninja":{"vulnerabilities":[{"id":7236,"title":"Conversion Ninja - /lp/index.php id Parameter XSS","url":["http://packetstormsecurity.com/files/126781/","http://www.securityfocus.com/bid/67590"],"osvdb":["107297"],"cve":["2014-4017"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z"}]}},{"cool-video-gallery":{"vulnerabilities":[{"id":7237,"title":"Cool Video Gallery 1.8 - admin/gallery-details.php Multiple Actions CSRF","osvdb":["107354"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.9"},{"id":7238,"title":"Cool Video Gallery 1.8 - admin/gallery-manage.php Gallery Deletion CSRF","osvdb":["107355"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.9"},{"id":7239,"title":"Cool Video Gallery 1.8 - admin/gallery-settings.php Gallery Settings Manipulation CSRF","osvdb":["107356"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.9"},{"id":7240,"title":"Cool Video Gallery 1.8 - admin/gallery-sort.php Gallery Sort Order Manipulation CSRF","osvdb":["107357"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.9"},{"id":7241,"title":"Cool Video Gallery 1.8 - admin/player-settings.php Player Settings Manipulation CSRF","osvdb":["107358"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.9"},{"id":7242,"title":"Cool Video Gallery 1.8 - admin/plugin-uninstall.php Plugin Uninstallation CSRF","osvdb":["107359"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.9"},{"id":7243,"title":"Cool Video Gallery 1.8 - admin/video-sitemap.php XML Video Sitemap Generation CSRF","osvdb":["107360"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.9"},{"id":7244,"title":"Cool Video Gallery 1.8 - lib/core.php Multiple Actions CSRF","osvdb":["107361"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.9"}]}},{"gtranslate":{"vulnerabilities":[{"id":7245,"title":"GTranslate 1.0.12 - gtranslate.php Widget Code Editing CSRF","osvdb":["107399"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.0.13"}]}},{"world-of-warcraft-armory-table":{"vulnerabilities":[{"id":7246,"title":"World of Warcraft Armory Table 0.2.5 - WoWArmoryTable.php page Parameter Reflected XSS","url":["http://www.securityfocus.com/bid/67628"],"osvdb":["107479"],"secunia":["58596"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"0.2.6"}]}},{"participants-database":{"vulnerabilities":[{"id":7247,"title":"Participants Database 1.5.4.8 - pdb-signup CSV_type Action query Parameter SQL Injection","url":["http://www.exploit-db.com/exploits/33613","http://packetstormsecurity.com/files/126878/","http://www.securityfocus.com/bid/67769","http://www.securityfocus.com/bid/67938"],"osvdb":["107626"],"cve":["2014-3961"],"secunia":["58816"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:14.000Z","updated_at":"2014-08-01T10:59:14.000Z","fixed_in":"1.5.4.9"}]}},{"popup-images":{"vulnerabilities":[{"id":7248,"title":"Popup Images - popup-images/popup.php z Parameter XSS","url":["http://packetstormsecurity.com/files/126872/"],"osvdb":["107627"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"ose-firewall":{"vulnerabilities":[{"id":7249,"title":"Centrora Security 3.2.1 - Multiple Admin Actions CSRF","osvdb":["107658"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z","fixed_in":"3.3.0"}]}},{"feature-comments":{"vulnerabilities":[{"id":7251,"title":"Featured Comments 1.2.1 - wp-admin/admin-ajax.php Comment Status Manipulation CSRF","url":["https://security.dxw.com/advisories/csrf-in-featured-comments-1-2-1-allows-an-attacker-to-set-and-unset-comment-statuses/","http://www.securityfocus.com/bid/67955","http://packetstormsecurity.com/files/127023/"],"osvdb":["107844"],"cve":["2014-4163"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"wp-football":{"vulnerabilities":[{"id":7252,"title":"wp-football 1.1 - Multiple Cross-Site Scripting (XSS)","url":["http://codevigilant.com/disclosure/wp-plugin-wp-football-a3-cross-site-scripting-xss/"],"osvdb":["108336","108337","108338","108339","108340","108341","108342","108343","108344","108345"],"cve":["2014-4586"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-11-04T14:47:09.000Z"}]}},{"member-approval":{"vulnerabilities":[{"id":7262,"title":"Member Approval 131109 - wp-admin/options-general.php Option Manipulation CSRF","url":["http://www.securityfocus.com/bid/67952","http://packetstormsecurity.com/files/127024/"],"osvdb":["107845"],"cve":["2014-3850"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"jw-player-plugin-for-wordpress":{"vulnerabilities":[{"id":7263,"title":"JW Player 2.1.2 - wp-admin/admin.php Player Deletion CSRF","url":["http://www.securityfocus.com/bid/67954","http://packetstormsecurity.com/files/127025/"],"osvdb":["107846"],"cve":["2014-4030"],"vuln_type":"CSRF","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"adminonline":{"vulnerabilities":[{"id":7264,"title":"AdminOnline - download.php file Parameter Remote Path Traversal File Access","url":["http://packetstormsecurity.com/files/127046/"],"osvdb":["108024"],"vuln_type":"AUTHBYPASS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"ruven-toolkit":{"vulnerabilities":[{"id":7265,"title":"Ruven Toolkit 1.1 - tinymce/popup.php popup Parameter Reflected XSS","osvdb":["108312"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"verification-code-for-comments":{"vulnerabilities":[{"id":7266,"title":"Verification Code for Comments 2.1.0 - vcc.js.php Multiple Parameter Reflected XSS","url":["http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss"],"osvdb":["108313"],"cve":["2014-4565"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"wpcb":{"vulnerabilities":[{"id":7267,"title":"wpcb 2.4.8 - facture.php id Parameter Reflected XSS","url":["http://www.securityfocus.com/bid/68357"],"osvdb":["108407"],"cve":["2014-4581"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"wp-app-maker":{"vulnerabilities":[{"id":7268,"title":"WP App Maker 1.0.16.4 - icons-launcher.php uid Parameter Reflected XSS","osvdb":["108408"],"cve":["2014-4578"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"wp-amasin-the-amazon-affiliate-shop":{"vulnerabilities":[{"id":7269,"title":"wp-amasin-the-amazon-affiliate-shop 0.9.6 - reviews.php url Parameter Local File Inclusion","osvdb":["108501"],"cve":["2014-4577"],"vuln_type":"LFI","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"cross-rss":{"vulnerabilities":[{"id":7270,"title":"Cross RSS 1.7 - proxy.php rss Parameter Local File Inclusion","url":["http://www.securityfocus.com/bid/68555","http://codevigilant.com/disclosure/wp-plugin-cross-rss-local-file-inclusion/"],"osvdb":["108502"],"cve":["2014-4941"],"vuln_type":"LFI","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"wphotfiles":{"vulnerabilities":[{"id":7271,"title":"Hot Files \u003c 1.0.0 - Cross-site scripting (XSS) vulnerability in tpls/editmedia.php","osvdb":["108720"],"cve":["2014-4588"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"yahoo-updates-for-wordpress":{"vulnerabilities":[{"id":7272,"title":"Yahoo Updates \u003c 1.0 - XSS vulnerabilities in yupdates_application.php","url":["http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss/"],"cve":["2014-4603"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"toolpage":{"vulnerabilities":[{"id":7273,"title":"Toolpage 1.6.1 - XSS vulnerability in includes/getTipo.php","url":["http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss/"],"osvdb":["108704"],"cve":["2014-4560"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"url-cloak-encrypt":{"vulnerabilities":[{"id":7274,"title":"Cloak and Encrypt \u003c 2.0 - XSS vulnerability in go.php","url":["http://codevigilant.com/disclosure/wp-plugin-url-cloak-encrypt-a3-cross-site-scripting-xss/"],"osvdb":["108895"],"cve":["2014-4563"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"validated":{"vulnerabilities":[{"id":7275,"title":"Validated \u003c 1.0.2 - XSS vulnerability in check.php","url":["http://www.securityfocus.com/bid/68320","http://codevigilant.com/disclosure/wp-plugin-validated-a3-cross-site-scripting-xss/"],"osvdb":["108659"],"cve":["2014-4564"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"verweise-wordpress-twitter":{"vulnerabilities":[{"id":7276,"title":"Verwei.se WordPress Twitter \u003c 1.0 2 - XSS vulnerability in res/fake_twitter/frame.php","url":["http://codevigilant.com/disclosure/wp-plugin-verweise-wordpress-twitter-a3-cross-site-scripting-xss/"],"cve":["2014-4566"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"easy-banners":{"vulnerabilities":[{"id":7277,"title":"Easy Banners 1.4 - XSS vulnerability in wp-admin/options-general.php","url":["http://packetstormsecurity.com/files/127293/","http://www.securityfocus.com/bid/68281"],"osvdb":["108626"],"cve":["2014-4723"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"custom-banners":{"vulnerabilities":[{"id":7278,"title":"Custom Banners plugin 1.2.2.2 - XSS vulnerability in custom_banners_registered_name parameter to wp-admin/options.php","url":["http://packetstormsecurity.com/files/127291/","http://www.securityfocus.com/bid/68279"],"osvdb":["108683"],"cve":["2014-4724"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2014-08-01T10:59:15.000Z"}]}},{"video-posts-webcam-recorder":{"vulnerabilities":[{"id":7279,"title":"Video Posts Webcam Recorder plugin \u003c 1.55.4 - XSS vulnerability in posts/videowhisper/r_logout.php","url":["http://codevigilant.com/disclosure/wp-plugin-video-posts-webcam-recorder-a3-cross-site-scripting-xss/"],"osvdb":["108314"],"cve":["2014-4568"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:15.000Z","updated_at":"2015-01-01T11:34:24.000Z"}]}},{"zeenshare":{"vulnerabilities":[{"id":7280,"title":"ZeenShare plugin \u003c 1.0.1 - XSS vulnerability in redirect_to_zeenshare.php via the zs_sid parameter","url":["http://codevigilant.com/disclosure/wp-plugin-zeenshare-a3-cross-site-scripting-xss/"],"cve":["2014-4606"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"zdstats":{"vulnerabilities":[{"id":7281,"title":"ZdStatistics \u003c 2.0.1 - XSS vulnerability in cal/test.php via the lang parameter","url":["http://codevigilant.com/disclosure/wp-plugin-zdstats-a3-cross-site-scripting-xss/"],"osvdb":["108731"],"cve":["2014-4605"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"your-text-manager":{"vulnerabilities":[{"id":7282,"title":"Your Text Manager \u003c 0.3.0 - XSS vulnerability in settings/pwsettings.php via the ytmpw parameter","url":["http://codevigilant.com/disclosure/wp-plugin-your-text-manager-a3-cross-site-scripting-xss/"],"cve":["2014-4604"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"xen-carousel":{"vulnerabilities":[{"id":7283,"title":"XEN Carousel \u003c 0.12.2 - XSS vulnerabilities in xencarousel-admin.js.php via path or ajaxpath parameter","url":["http://codevigilant.com/disclosure/wp-plugin-xen-carousel-a3-cross-site-scripting-xss/"],"cve":["2014-4602"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"wp-media-player":{"vulnerabilities":[{"id":7284,"title":"WP Silverlight Media Player \u003c 0.8 - XSS vulnerability in uploader.php via the post_id parameter","url":["http://codevigilant.com/disclosure/wp-plugin-wp-media-player-a3-cross-site-scripting-xss/"],"osvdb":["108721"],"cve":["2014-4589"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"wp-microblogs":{"vulnerabilities":[{"id":7285,"title":"WP Microblogs plugin \u003c 0.4.0 - XSS vulnerability in get.php via the oauth_verifier parameter","url":["http://codevigilant.com/disclosure/wp-plugin-wp-microblogs-a3-cross-site-scripting-xss/"],"cve":["2014-4590"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"wp-php-widget":{"vulnerabilities":[{"id":7286,"title":"WP PHP Widget 1.0.2 - Full Path Disclosure vulnerability","osvdb":["88846"],"cve":["2013-0721"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"socialgrid":{"vulnerabilities":[{"id":7287,"title":"SocialGrid 2.3 - inline-admin.js.php default_services Parameter XSS","url":["http://seclists.org/bugtraq/2011/Apr/176"],"osvdb":["71966"],"secunia":["44256"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"wp-easycart":{"vulnerabilities":[{"id":7288,"title":"EasyCart 2.0.5 - inc/admin/phpinfo.php Direct Request Remote Information Disclosure","url":["http://www.securityfocus.com/bid/68692"],"osvdb":["109030"],"cve":["2014-4942"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z","fixed_in":"2.0.6"},{"id":7745,"title":"EasyCart \u003c= 3.0.15 - Unrestricted File Upload","url":["http://packetstormsecurity.com/files/129875/"],"osvdb":["116806"],"cve":["2014-9308"],"exploitdb":["35730"],"vuln_type":"UPLOAD","created_at":"2015-01-08T17:32:03.000Z","updated_at":"2015-01-17T18:19:55.000Z","fixed_in":"3.0.16"}]}},{"simple-slider":{"vulnerabilities":[{"id":7289,"title":"Simple Slider 1.0 - New Image URL Field XSS","url":["http://packetstormsecurity.org/files/118309/","http://xforce.iss.net/xforce/xfdb/80260","http://seclists.org/bugtraq/2012/Nov/89"],"osvdb":["87806"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z","fixed_in":"1.1"}]}},{"bookx":{"vulnerabilities":[{"id":7290,"title":"BookX 1.7 - includes/bookx_export.php file Parameter Remote Path Traversal File Access","url":["http://www.securityfocus.com/bid/68556","http://codevigilant.com/disclosure/wp-plugin-bookx-local-file-inclusion/"],"osvdb":["109022"],"cve":["2014-4937"],"vuln_type":"LFI","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"wp-rss-poster":{"vulnerabilities":[{"id":7291,"title":"WP Rss Poster 1.0.0 - wp-admin/admin.php wrp-add-new Page id Parameter SQL Injection","url":["http://codevigilant.com/disclosure/wp-plugin-wp-rss-poster-a1-injection/"],"osvdb":["109023"],"cve":["2014-4938"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"bannerman":{"vulnerabilities":[{"id":7292,"title":"BannerMan 0.2.4 - XSS in wp-admin/options-general.php via bannerman_background parameter","url":["http://packetstormsecurity.com/files/127289/"],"osvdb":["108682"],"cve":["2014-4845"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"random-banner":{"vulnerabilities":[{"id":7293,"title":"Random Banner 1.1.2.1 - random-banner/random-banner.php buffercode_RBanner_url_banner1 Parameter XSS","url":["http://packetstormsecurity.com/files/127292/","http://www.securityfocus.com/bid/68280"],"osvdb":["108627"],"cve":["2014-4847"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"blogstand-smart-banner":{"vulnerabilities":[{"id":7294,"title":"Blogstand Smart Banner 1.0 - blogstand-banner.php bs_blog_id Parameter XSS","url":["http://packetstormsecurity.com/files/127290/","http://www.securityfocus.com/bid/68282"],"osvdb":["108625"],"cve":["2014-4848"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"wp-construction-mode":{"vulnerabilities":[{"id":7295,"title":"Construction Mode 1.8 - under-construction.php wuc_logo Parameter XSS","url":["http://packetstormsecurity.com/files/127287/","http://www.securityfocus.com/bid/68287"],"osvdb":["108630"],"cve":["2014-4854"],"secunia":["58932"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"},{"id":7724,"title":"WP Construction Mode \u003c= 1.91 - Cross-Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/129511/wpconstructionmode-xss.txt"],"vuln_type":"XSS","created_at":"2014-12-15T17:37:47.000Z","updated_at":"2014-12-15T17:38:37.000Z","fixed_in":"1.92"}]}},{"polylang":{"vulnerabilities":[{"id":7296,"title":"Polylang 1.5.1 - User Description Handling Stored XSS","url":["http://www.securityfocus.com/bid/68509"],"osvdb":["108634"],"cve":["2014-4855"],"secunia":["59357"],"vuln_type":"XSS","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z","fixed_in":"1.5.2"}]}},{"enl-newsletter":{"vulnerabilities":[{"id":7298,"title":"ENL Newsletter 1.0.1 - wp-admin/admin.php enl-add-new Page id Parameter SQL Injection","url":["http://codevigilant.com/disclosure/wp-plugin-enl-newsletter-a1-injection/"],"osvdb":["109027"],"cve":["2014-4939"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"tera-charts":{"vulnerabilities":[{"id":7299,"title":"Tera Charts 0.1 - charts/zoomabletreemap.php fn Parameter Remote Path Traversal File Disclosure","url":["http://www.securityfocus.com/bid/68662","http://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/"],"osvdb":["109029"],"cve":["2014-4940"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z","fixed_in":"1.0"},{"id":7300,"title":"Tera Charts 0.1 - charts/treemap.php fn Parameter Remote Path Traversal File Disclosure","url":["http://www.securityfocus.com/bid/68662","http://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/"],"osvdb":["109028"],"cve":["2014-4940"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z","fixed_in":"1.0"}]}},{"starbox-voting":{"vulnerabilities":[{"id":7301,"title":"Starbox Voting - ajax.php Full Path Disclosure vulnerability","url":["http://seclists.org/bugtraq/2011/Feb/222"],"vuln_type":"FPD","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"uploadify":{"vulnerabilities":[{"id":7302,"title":"Uploadify 1.0 - process_upload.php Arbitrary File Upload","url":["http://packetstormsecurity.org/files/98652/"],"osvdb":["73444"],"vuln_type":"RFI","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"plg_novana":{"vulnerabilities":[{"id":7303,"title":"Plg Novana - wp-content/plugins/plg_novana/novana_detail.php id Parameter SQL Injection","url":["http://www.securityfocus.com/bid/56661","http://packetstormsecurity.org/files/118324/","http://xforce.iss.net/xforce/xfdb/80258"],"osvdb":["87839"],"vuln_type":"SQLI","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"paid-memberships-pro":{"vulnerabilities":[{"id":7304,"title":"Paid Memberships Pro 1.4.7 - adminpages/memberslist-csv.php Direct Request Member Personal Information Disclosure","osvdb":["83760"],"secunia":["49630"],"vuln_type":"UNKNOWN","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z","fixed_in":"1.5"},{"id":7678,"title":"Paid Memberships Pro 1.7.14.2 Path Traversal Vulnerability","url":["http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html"],"cve":["2014-8801"],"vuln_type":"LFI","created_at":"2014-11-19T18:54:22.000Z","updated_at":"2014-11-19T19:00:45.000Z","fixed_in":"1.7.15"}]}},{"wppageflip":{"vulnerabilities":[{"id":7305,"title":"A Page Flip Book 2.3 - index.php pageflipbook_language Parameter Traversal Local File Inclusion","osvdb":["83667"],"cve":["2012-6652"],"secunia":["49505"],"vuln_type":"LFI","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2014-08-01T10:59:16.000Z"}]}},{"simple-forum":{"vulnerabilities":[{"id":7522,"title":"Simple Forum - File Upload Vulnerability","url":["http://cxsecurity.com/issue/WLB-2012080265"],"vuln_type":"UPLOAD","created_at":"2014-08-01T11:50:35.000Z","updated_at":"2014-08-01T14:34:30.000Z"},{"id":7523,"title":"Simple Forum sf-profile.php u Parameter SQL Injection ","osvdb":["52210"],"cve":["2008-7040"],"vuln_type":"SQLI","created_at":"2014-08-01T11:51:24.000Z","updated_at":"2014-08-01T11:51:24.000Z"}]}},{"slideshow-gallery":{"vulnerabilities":[{"id":7532,"title":"Slideshow Gallery \u003c 1.4.7 Arbitrary File Upload","url":["http://seclists.org/bugtraq/2014/Sep/1"],"cve":["2014-5460"],"exploitdb":["34681"],"vuln_type":"UPLOAD","created_at":"2014-09-17T14:31:31.000Z","updated_at":"2014-10-09T11:44:14.000Z","fixed_in":"1.4.7"}]}},{"wordpress-mobile-pack":{"vulnerabilities":[{"id":7536,"title":"Mobile Pack 1.0.8223 - 2.0.1 Password Protected Post Disclosure","url":["https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/","http://seclists.org/fulldisclosure/2014/Aug/54"],"cve":["2014-5337"],"vuln_type":"BYPASS","created_at":"2014-09-17T15:13:44.000Z","updated_at":"2014-09-17T15:14:04.000Z","fixed_in":"2.0.2"}]}},{"json-rest-api":{"vulnerabilities":[{"id":7539,"title":"JSON REST API 1.1 JSONP SOP Bypass","url":["http://make.wordpress.org/core/2014/07/26/json-rest-api-version-1-1-1-security-release/","http://wp-api.org/"],"vuln_type":"BYPASS","created_at":"2014-09-17T17:20:23.000Z","updated_at":"2014-09-17T17:21:15.000Z","fixed_in":"1.1.1"}]}},{"wp-source-control":{"vulnerabilities":[{"id":7541,"title":"WP Content Source Control \u003c= 3.0.0 Path Traversal","url":["http://www.openwall.com/lists/oss-security/2014/08/19/3"],"cve":["2014-5368"],"vuln_type":"LFI","created_at":"2014-09-17T17:38:26.000Z","updated_at":"2014-09-17T17:38:46.000Z","fixed_in":"3.1.1"}]}},{"wordpress-feed-statistics":{"vulnerabilities":[{"id":7543,"title":"Feed Statistics \u003c 4.0 Open Redirect","url":["https://hackerone.com/reports/22142"],"vuln_type":"REDIRECT","created_at":"2014-09-17T17:47:00.000Z","updated_at":"2014-09-17T17:47:11.000Z","fixed_in":"4.0"}]}},{"grand-media":{"vulnerabilities":[{"id":7544,"title":"Gmedia Gallery 1.2.1 - Shell Upload","url":["http://packetstormsecurity.com/files/127725/"],"osvdb":["109790"],"vuln_type":"UPLOAD","created_at":"2014-09-17T17:52:38.000Z","updated_at":"2014-12-21T07:13:44.000Z","fixed_in":"1.2.2"}]}},{"easy-media-gallery-pro":{"vulnerabilities":[{"id":7545,"title":"Easy Media Gallery 1.2.59 CSRF \u0026 XSS","url":["https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-1/"],"vuln_type":"MULTI","created_at":"2014-09-17T17:57:50.000Z","updated_at":"2014-09-17T17:57:50.000Z"}]}},{"wp-rss-multi-importer":{"vulnerabilities":[{"id":7546,"title":"WP RSS Multi Importer 3.1.1 CSRF","url":["https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-1/"],"vuln_type":"CSRF","created_at":"2014-09-17T18:00:31.000Z","updated_at":"2014-09-17T18:00:31.000Z"}]}},{"ready-ecommerce":{"vulnerabilities":[{"id":7547,"title":"Ready! Ecommerce 0.5.0 CSRF \u0026 XSS","url":["https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-1/"],"vuln_type":"MULTI","created_at":"2014-09-17T18:03:59.000Z","updated_at":"2014-09-17T18:04:16.000Z","fixed_in":"0.5.1"}]}},{"google-maps-ready":{"vulnerabilities":[{"id":7548,"title":"Google Maps Ready! 1.1.5 - CSRF \u0026 XSS","url":["https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-1/"],"vuln_type":"MULTI","created_at":"2014-09-17T18:06:19.000Z","updated_at":"2014-09-27T21:19:39.000Z","fixed_in":"1.1.6"}]}},{"coming-soon-maintenance-mode-ready":{"vulnerabilities":[{"id":7549,"title":"Ready! Coming Soon 0.5.0 CSRF \u0026 XSS","url":["https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-1/"],"vuln_type":"MULTI","created_at":"2014-09-17T18:10:22.000Z","updated_at":"2014-09-17T18:10:47.000Z","fixed_in":"0.5.1"}]}},{"webcam-2way-videochat":{"vulnerabilities":[{"id":7551,"title":"Webcam 2Way Videochat 4.41 XSS Vulnerability ","url":["http://1337day.com/exploit/22649"],"vuln_type":"XSS","created_at":"2014-09-17T18:43:56.000Z","updated_at":"2014-09-18T07:02:51.000Z"}]}},{"wp-ban":{"vulnerabilities":[{"id":7553,"title":"WP-Ban \u003c 1.64 BlackList Bypass","url":["http://packetstormsecurity.com/files/128292/wpban-bypass.txt","https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/"],"osvdb":["111702"],"cve":["2014-6230"],"secunia":["61347"],"vuln_type":"BYPASS","created_at":"2014-09-17T19:59:55.000Z","updated_at":"2014-09-20T19:16:57.000Z","fixed_in":"1.64"}]}},{"yikes-inc-easy-mailchimp-extender":{"vulnerabilities":[{"id":7554,"title":"Easy MailChimp Forms  5.0.3 - classes/class.yksemeBase.php Multiple Actions CSRF ","osvdb":["110129"],"vuln_type":"CSRF","created_at":"2014-09-18T15:17:49.000Z","updated_at":"2014-09-18T15:20:20.000Z","fixed_in":"5.0.4"},{"id":7635,"title":"Easy MailChimp Forms 3.0 - 5.0.6 Persistent XSS","url":["http://research.g0blin.co.uk/cve-2014-7152/"],"cve":["2014-7152"],"vuln_type":"XSS","created_at":"2014-10-06T17:28:58.000Z","updated_at":"2014-10-06T17:29:16.000Z","fixed_in":"5.0.6"}]}},{"hdw-player-video-player-video-gallery":{"vulnerabilities":[{"id":7556,"title":"HDW Player 2.4.2 -  wp-admin/admin.php videos Page id Parameter SQL Injection","url":["http://codevigilant.com/disclosure/wp-plugin-hdw-player-video-player-video-gallery-a1-injection/"],"osvdb":["109863"],"cve":["2014-5180"],"vuln_type":"SQLI","created_at":"2014-09-19T05:51:12.000Z","updated_at":"2014-09-19T05:51:47.000Z","fixed_in":"3.0"}]}},{"lastfm-rotation":{"vulnerabilities":[{"id":7557,"title":"Last.fm Rotation 1.0 - lastfm-proxy.php snode Parameter Remote Path Traversal File Access ","url":["http://codevigilant.com/disclosure/wp-plugin-hdw-player-video-player-video-gallery-a1-injection/"],"osvdb":["109877"],"cve":["2014-5181"],"vuln_type":"BYPASS","created_at":"2014-09-19T06:07:20.000Z","updated_at":"2014-09-19T06:08:00.000Z"}]}},{"yawpp":{"vulnerabilities":[{"id":7558,"title":"yawpp 1.2 - admin_update.php id Parameter SQL Injection ","url":["http://codevigilant.com/disclosure/wp-plugin-yawpp-a1-injection/"],"osvdb":["109875"],"cve":["2014-5182"],"vuln_type":"SQLI","created_at":"2014-09-19T07:02:52.000Z","updated_at":"2014-09-19T07:03:15.000Z","fixed_in":"1.2.2"},{"id":7559,"title":" yawpp 1.2 - admin_functions.php id Parameter SQL Injection ","url":["http://codevigilant.com/disclosure/wp-plugin-yawpp-a1-injection/"],"osvdb":["109876"],"cve":["2014-5182"],"vuln_type":"SQLI","created_at":"2014-09-19T07:04:22.000Z","updated_at":"2014-09-19T07:04:49.000Z","fixed_in":"1.2.2"}]}},{"improved-user-search-in-backend":{"vulnerabilities":[{"id":7562,"title":"Improved User Search in Backend \u003c 1.2.6 CSRF \u0026 XSS","url":["https://security.dxw.com/advisories/csrf-and-xss-in-improved-user-search-allow-execution-of-arbitrary-javascript-in-wordpress-admin-area/"],"cve":["2014-5196"],"secunia":["60590"],"vuln_type":"CSRF","created_at":"2014-09-19T11:54:38.000Z","updated_at":"2014-09-19T11:54:51.000Z","fixed_in":"1.2.6"}]}},{"wp-file-upload":{"vulnerabilities":[{"id":7563,"title":"WordPress File Upload \u003c 2.4.2 CSRF","cve":["2014-5199"],"secunia":["60520"],"vuln_type":"CSRF","created_at":"2014-09-19T12:01:02.000Z","updated_at":"2014-09-19T12:01:35.000Z","fixed_in":"2.4.2"}]}},{"fbgorilla":{"vulnerabilities":[{"id":7564,"title":"FB Gorilla SQL Injection","url":["http://xforce.iss.net/xforce/xfdb/94916","http://packetstormsecurity.com/files/127639"],"cve":["2014-5200"],"vuln_type":"SQLI","created_at":"2014-09-19T12:05:03.000Z","updated_at":"2014-09-19T12:05:03.000Z"}]}},{"gallery-objects":{"vulnerabilities":[{"id":7565,"title":"Gallery Objects \u003c= 0.4 - SQL Injection","url":["http://www.homelab.it/index.php/2014/07/18/wordpress-gallery-objects-0-4-sql-injection/#sthash.ftMVwBVK.dpbs","http://packetstormsecurity.com/files/127533/"],"osvdb":["109392"],"cve":["2014-5201"],"vuln_type":"SQLI","created_at":"2014-09-19T12:10:01.000Z","updated_at":"2014-10-19T08:44:16.000Z"}]}},{"compfight":{"vulnerabilities":[{"id":7566,"title":"Compfight \u003c 1.5 Cross-Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html","http://www.securityfocus.com/bid/68518"],"cve":["2014-5202","2014-8622"],"vuln_type":"XSS","created_at":"2014-09-19T12:12:56.000Z","updated_at":"2014-11-11T16:39:37.000Z","fixed_in":"1.5"}]}},{"front-end-upload":{"vulnerabilities":[{"id":7568,"title":"Front End Upload \u003c 0.5.4.5 Arbitrary File Upload","url":["http://packetstormsecurity.com/files/113410/WordPress-Front-End-Upload-0.5.3-Shell-Upload.html","http://www.opensyscom.fr/Actualites/wordpress-plugins-front-end-upload-shell-upload-vulnerability.html"],"osvdb":["82791"],"secunia":["49434"],"exploitdb":["19008","20083"],"vuln_type":"UPLOAD","created_at":"2014-09-19T12:41:38.000Z","updated_at":"2014-09-19T12:41:38.000Z"}]}},{"front-end-editor":{"vulnerabilities":[{"id":7569,"title":"Front End Editor \u003c 2.3 Arbitrary File Upload","url":["http://www.opensyscom.fr/Actualites/wordpress-plugins-front-end-editor-arbitrary-file-upload-vulnerability.html"],"osvdb":["83637"],"secunia":["49822"],"vuln_type":"UPLOAD","created_at":"2014-09-19T12:47:41.000Z","updated_at":"2014-09-19T12:47:55.000Z","fixed_in":"2.3"}]}},{"login-sidebar-widget":{"vulnerabilities":[{"id":7576,"title":"Login Widget With Shortcode 3.1.1 - custom_style_afo Parameter Reflected XSS","url":["http://packetstormsecurity.com/files/128291/"],"osvdb":["111700"],"vuln_type":"XSS","created_at":"2014-09-21T12:29:12.000Z","updated_at":"2014-09-21T12:30:00.000Z","fixed_in":"3.2.1"},{"id":7577,"title":"Login Widget With Shortcode 3.1.1 - CSRF/XSS","url":["http://packetstormsecurity.com/files/128291/","http://seclists.org/fulldisclosure/2014/Sep/58","https://security.dxw.com/advisories/csrfxss-vulnerablity-in-login-widget-with-shortcode-allows-unauthenticated-attackers-to-do-anything-an-admin-can-do/"],"osvdb":["111757"],"cve":["2014-6312"],"vuln_type":"MULTI","created_at":"2014-09-21T12:33:54.000Z","updated_at":"2014-09-27T12:56:01.000Z","fixed_in":"3.2.1"}]}},{"wu-rating":{"vulnerabilities":[{"id":7578,"title":"Wu-Rating 1.0 - wu-ratepost.php v Parameter Reflected XSS","url":["http://www.securityfocus.com/bid/68368","http://codevigilant.com/disclosure/wp-plugin-wu-rating-a3-cross-site-scripting-xss"],"osvdb":["108325"],"cve":["2014-4601"],"vuln_type":"XSS","created_at":"2014-09-22T07:15:22.000Z","updated_at":"2014-09-22T07:15:22.000Z"}]}},{"wordpress-flash-uploader":{"vulnerabilities":[{"id":7579,"title":"Flash Uploader 3.1.2 -  wordpress-flash-uploader.php ImageMagick Command Field Remote Command Execution Weakness","osvdb":["111845"],"cve":["2014-5014"],"vuln_type":"RCE","created_at":"2014-09-22T18:36:47.000Z","updated_at":"2014-09-22T18:37:06.000Z","fixed_in":"3.1.3"}]}},{"ewww-image-optimizer-cloud":{"vulnerabilities":[{"id":7586,"title":"EWWW Image Optimizer Cloud 2.0.1 - Cross-Site Scripting (XSS)","osvdb":["111828"],"vuln_type":"XSS","created_at":"2014-09-23T10:59:32.000Z","updated_at":"2014-09-24T11:16:22.000Z"}]}},{"stripshow":{"vulnerabilities":[{"id":7598,"title":"stripShow 2.5.2 - SQL Injection","osvdb":["109889"],"cve":["2014-5184"],"vuln_type":"SQLI","created_at":"2014-09-24T07:57:07.000Z","updated_at":"2014-09-24T09:58:51.000Z"}]}},{"all-in-one-wp-security-and-firewall":{"vulnerabilities":[{"id":7600,"title":"All In One WP Security plugin 3.8.2 - 2xSQL Injections","url":["http://www.securityfocus.com/archive/1/533519","https://www.htbridge.com/advisory/HTB23231"],"cve":["2014-6242"],"vuln_type":"SQLI","created_at":"2014-09-26T20:53:31.000Z","updated_at":"2014-09-26T20:54:04.000Z","fixed_in":"3.8.3"}]}},{"wp-video-commando":{"vulnerabilities":[{"id":7603,"title":"wp-video-commando Plugin - Cross-Site Scripting (XSS)","url":["http://1337day.com/exploit/20576"],"osvdb":["109866"],"cve":["2013-7403"],"vuln_type":"XSS","created_at":"2014-09-27T11:54:42.000Z","updated_at":"2014-10-01T08:04:19.000Z"}]}},{"bsuite":{"vulnerabilities":[{"id":7604,"title":"bSuite Plugin Multiple Cross-Site Scripting (XSS)","url":["http://www.ihteam.net/advisory/bsuite-wordpress-permanent-xss/"],"osvdb":["74046"],"cve":["2011-4955"],"secunia":["45234"],"vuln_type":"XSS","created_at":"2014-09-27T12:00:26.000Z","updated_at":"2014-09-27T12:00:26.000Z"}]}},{"quartz":{"vulnerabilities":[{"id":7606,"title":"Quartz Plugin 1.01.1 - SQL Injection","url":["http://codevigilant.com/disclosure/wp-plugin-quartz-a1-injection/"],"cve":["2014-5185"],"vuln_type":"SQLI","created_at":"2014-09-27T12:14:04.000Z","updated_at":"2014-09-27T12:14:04.000Z"}]}},{"tom-m8te":{"vulnerabilities":[{"id":7607,"title":"Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal","url":["http://codevigilant.com/disclosure/wp-plugin-tom-m8te-local-file-inclusion/"],"cve":["2014-5187"],"vuln_type":"LFI","created_at":"2014-09-27T12:16:11.000Z","updated_at":"2014-09-27T12:16:11.000Z"}]}},{"listmanager":{"vulnerabilities":[{"id":7608,"title":"Lyris List Manager 8.95a  - Cross-Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/127672"],"cve":["2014-5188"],"vuln_type":"XSS","created_at":"2014-09-27T12:22:05.000Z","updated_at":"2014-09-27T12:22:05.000Z"}]}},{"Lead-Octopus-Power":{"vulnerabilities":[{"id":7609,"title":"Lead-Octopus-Power Plugin - SQL Injection","url":["http://packetstormsecurity.com/files/127640/WordPress-Lead-Octopus-Power-SQL-Injection.html"],"cve":["2014-5189"],"vuln_type":"SQLI","created_at":"2014-09-27T12:24:06.000Z","updated_at":"2014-09-27T12:24:06.000Z"}]}},{"si-captcha-for-wordpress":{"vulnerabilities":[{"id":7610,"title":"SI CAPTCHA 2.7.4 - Cross-Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/127723/WordPress-SI-CAPTCHA-Cross-Site-Scripting.html","http://www.securityfocus.com/bid/69011"],"osvdb":["109789"],"cve":["2014-5190"],"vuln_type":"XSS","created_at":"2014-09-27T12:26:03.000Z","updated_at":"2014-09-27T21:00:05.000Z"}]}},{"advanced-access-manager":{"vulnerabilities":[{"id":7611,"title":"Advanced Access Manager 2.8.2 - Admin User File Read/Write","url":["https://security.dxw.com/advisories/advanced-access-manager-allows-admin-users-to-write-arbitrary-text-to-arbitrary-locations-which-could-lead-to-arbitrary-code-execution-etc/","http://seclists.org/fulldisclosure/2014/Sep/21"],"cve":["2014-6059"],"vuln_type":"RCE","created_at":"2014-09-27T12:33:33.000Z","updated_at":"2014-09-27T12:33:51.000Z","fixed_in":"2.8.3"}]}},{"my-calendar":{"vulnerabilities":[{"id":7627,"title":"My Calendar 1.10.2 - XSS in PATH_INFO Parameter","url":["http://www.securityfocus.com/bid/51539"],"osvdb":["78452"],"cve":["2012-6527"],"secunia":["47579"],"vuln_type":"XSS","created_at":"2014-09-29T06:04:41.000Z","updated_at":"2014-09-29T06:06:14.000Z","fixed_in":"1.10.5"}]}},{"content-audit":{"vulnerabilities":[{"id":7629,"title":"Content Audit 1.6 - Blind SQL Injection","url":["https://security.dxw.com/advisories/blind-sqli-vulnerability-in-content-audit-could-allow-a-privileged-attacker-to-exfiltrate-password-hashes/","http://packetstormsecurity.com/files/128525/"],"cve":["2014-5389"],"vuln_type":"SQLI","created_at":"2014-10-01T15:00:42.000Z","updated_at":"2014-10-07T19:56:17.000Z","fixed_in":"1.6.2"}]}},{"wp-integrator":{"vulnerabilities":[{"id":7630,"title":"WordPress Integrator 1.32 - redirect_to Parameter XSS ","url":["http://packetstormsecurity.com/files/111249/","http://www.securityfocus.com/bid/52739","http://xforce.iss.net/xforce/xfdb/74475"],"osvdb":["80628"],"cve":["2012-5913"],"vuln_type":"XSS","created_at":"2014-10-02T19:17:29.000Z","updated_at":"2014-10-02T19:17:29.000Z"}]}},{"contact-form-7-integrations":{"vulnerabilities":[{"id":7633,"title":"Contact Form 7 Integrations 1.0 - 1.3.10 Multiple Cross-Site scripting (XSS)","url":["http://research.g0blin.co.uk/cve-2014-6445/"],"cve":["2014-6445"],"vuln_type":"XSS","created_at":"2014-10-06T17:23:29.000Z","updated_at":"2014-10-06T17:27:14.000Z","fixed_in":"1.3.10"}]}},{"users-ultra":{"vulnerabilities":[{"id":7638,"title":"Users Ultra 1.3.37 - SQL Injection","url":["http://packetstormsecurity.com/files/128473/"],"vuln_type":"SQLI","created_at":"2014-10-07T20:13:25.000Z","updated_at":"2014-10-07T20:13:25.000Z"}]}},{"spider-facebook":{"vulnerabilities":[{"id":7639,"title":"Spider Facebook 1.0.8 - SQL Injection","url":["http://packetstormsecurity.com/files/128177/"],"osvdb":["111213"],"vuln_type":"SQLI","created_at":"2014-10-08T19:00:47.000Z","updated_at":"2014-10-08T19:03:10.000Z"}]}},{"ewww-image-optimizer":{"vulnerabilities":[{"id":7640,"title":"EWWW Image Optimizer 2.0.1 - Cross-Site Scripting (XSS)","url":["http://seclists.org/bugtraq/2014/Oct/45","https://www.htbridge.com/advisory/HTB23234"],"osvdb":["112139"],"cve":["2014-6243"],"vuln_type":"XSS","created_at":"2014-10-09T11:35:03.000Z","updated_at":"2014-10-11T18:32:51.000Z","fixed_in":"2.0.2"}]}},{"contact-form-7-to-database-extension":{"vulnerabilities":[{"id":7641,"title":"Contact Form DB 2.8.13 - 2 x Cross-Site Scripting (XSS)","url":["http://seclists.org/bugtraq/2014/Oct/46","https://www.htbridge.com/advisory/HTB23233","http://packetstormsecurity.com/files/128625/"],"osvdb":["112170"],"cve":["2014-7139"],"vuln_type":"XSS","created_at":"2014-10-09T11:38:40.000Z","updated_at":"2014-10-18T19:28:52.000Z","fixed_in":"2.8.16"},{"id":7693,"title":"Contact Form DB \u003c= 2.8.17 - Reflected XSS in Admin Area","url":["http://software-talk.org/blog/2014/11/reflected-xss-in-wordpress-contact-form-db-plugin/"],"vuln_type":"XSS","created_at":"2014-11-26T22:12:59.000Z","updated_at":"2014-11-26T22:13:35.000Z","fixed_in":"2.8.18"}]}},{"woocommerce-exporter":{"vulnerabilities":[{"id":7642,"title":"WooCommerce Store Exporter 1.7.5 - Cross Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/128023/"],"osvdb":["110523"],"vuln_type":"XSS","created_at":"2014-10-11T18:46:45.000Z","updated_at":"2014-10-11T18:47:15.000Z","fixed_in":"1.7.6"}]}},{"gallery-images":{"vulnerabilities":[{"id":7643,"title":"Huge IT Image Gallery 1.0.1 - remote SQL injection","url":["http://packetstormsecurity.com/files/128118/"],"osvdb":["110683"],"cve":["2014-7153"],"exploitdb":["34524"],"vuln_type":"SQLI","created_at":"2014-10-11T19:57:37.000Z","updated_at":"2014-11-04T22:51:19.000Z"}]}},{"wp-google-maps":{"vulnerabilities":[{"id":7645,"title":"WP Google Maps 6.0.26 - Cross Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/128694/","https://www.htbridge.com/advisory/HTB23236"],"osvdb":["112133"],"cve":["2014-7182"],"vuln_type":"XSS","created_at":"2014-10-15T18:56:52.000Z","updated_at":"2014-10-15T18:57:45.000Z","fixed_in":"6.0.27"}]}},{"wp-dbmanager":{"vulnerabilities":[{"id":7647,"title":"WP-DBManager 2.7.1 Authenticated Command Injection","url":["http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/"],"osvdb":["113508","113507","113509"],"cve":["2014-8334","2014-8335"],"vuln_type":"RCE","created_at":"2014-10-15T21:10:23.000Z","updated_at":"2014-10-21T20:01:29.000Z","fixed_in":"2.7.2"}]}},{"rich-counter":{"vulnerabilities":[{"id":7648,"title":"Rich Counter 1.1.5 - Cross Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/128221/"],"osvdb":["111389"],"vuln_type":"XSS","created_at":"2014-10-18T19:45:31.000Z","updated_at":"2014-10-18T19:45:31.000Z"}]}},{"alipay":{"vulnerabilities":[{"id":7649,"title":"Alipay \u003c= 3.6.0 'inc.tenpay_notify.php' Cross-Site Scripting (XSS)","url":["http://codevigilant.com/disclosure/wp-plugin-alipay-a3-cross-site-scripting-xss/","http://www.securityfocus.com/bid/70695/info"],"cve":["2014-4514"],"vuln_type":"XSS","created_at":"2014-10-24T16:58:13.000Z","updated_at":"2014-10-24T16:58:13.000Z"}]}},{"cp-multi-view-calendar":{"vulnerabilities":[{"id":7650,"title":"CP Multi View Event Calendar 1.01 - SQL Injection","url":["http://packetstormsecurity.com/files/128814/"],"osvdb":["113670"],"cve":["2014-8586"],"exploitdb":["35073"],"vuln_type":"SQLI","created_at":"2014-10-26T13:09:33.000Z","updated_at":"2014-11-16T10:03:13.000Z"}]}},{"sexy-contact-form":{"vulnerabilities":[{"id":7652,"title":"Creative Contact Form \u003c= 0.9.7 Shell Upload","cve":["2014-8739"],"exploitdb":["35057"],"vuln_type":"UPLOAD","created_at":"2014-10-27T17:04:05.000Z","updated_at":"2014-11-26T11:47:40.000Z","fixed_in":"1.0.0"}]}},{"cbi-referral-manager":{"vulnerabilities":[{"id":7654,"title":"CBI Referral Manager \u003c= 1.2.1 Cross-Site Scripting (XSS)","url":["http://codevigilant.com/disclosure/wp-plugin-cbi-referral-manager-a3-cross-site-scripting-xss/"],"cve":["2014-4517"],"vuln_type":"XSS","created_at":"2014-11-01T18:57:24.000Z","updated_at":"2014-11-01T18:57:24.000Z"}]}},{"gb-gallery-slideshow":{"vulnerabilities":[{"id":7655,"title":"GB Gallery Slideshow 1.5 - SQL Injection","url":["http://packetstormsecurity.com/files/127833/"],"osvdb":["109982"],"cve":["2014-8375"],"vuln_type":"SQLI","created_at":"2014-11-02T13:12:44.000Z","updated_at":"2014-11-02T13:12:44.000Z"}]}},{"clean-and-simple-contact-form-by-meg-nicholas":{"vulnerabilities":[{"id":7658,"title":"Contact Form Clean and Simple \u003c= 4.4.0 Cross-Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/128957/"],"osvdb":["114365"],"cve":["2014-8955"],"vuln_type":"XSS","created_at":"2014-11-07T09:20:23.000Z","updated_at":"2014-11-30T14:11:48.000Z"}]}},{"livesupporti":{"vulnerabilities":[{"id":7670,"title":"LiveSupporti 1.0 - Stored Cross-Site Scripting (XSS)","url":["http://www.checkpoint.com/blog/plugging-security-hole-wordpress-plug/index.html"],"cve":["2014-6063"],"vuln_type":"XSS","created_at":"2014-11-12T21:24:47.000Z","updated_at":"2014-11-12T21:24:48.000Z"}]}},{"supportezzy":{"vulnerabilities":[{"id":7671,"title":"SupportEzzy Ticket System 1.2.5 - Cross Site Scripting","url":["http://packetstormsecurity.com/files/129103/"],"osvdb":["114602"],"cve":["2014-9179"],"vuln_type":"XSS","created_at":"2014-11-13T19:41:09.000Z","updated_at":"2014-12-31T07:42:57.000Z"}]}},{"passwordless-login":{"vulnerabilities":[{"id":7672,"title":"Passwordless Login Plugin - Multiple Input XSS ","osvdb":["114329"],"vuln_type":"XSS","created_at":"2014-11-13T21:53:42.000Z","updated_at":"2014-11-13T21:53:44.000Z"}]}},{"vn-calendar":{"vulnerabilities":[{"id":7673,"title":" VN-Calendar \u003c= 1.0 - Multiple Cross-Site Scripting (XSS)","url":["http://codevigilant.com/disclosure/wp-plugin-vn-calendar-a3-cross-site-scripting-xss/"],"cve":["2014-4571"],"vuln_type":"XSS","created_at":"2014-11-14T11:01:42.000Z","updated_at":"2014-11-14T11:01:48.000Z"}]}},{"cm-download-manager":{"vulnerabilities":[{"id":7679,"title":"CM Download Manager \u003c= 2.0.0 - Code Injection","url":["http://packetstormsecurity.com/files/129183/","https://downloadsmanager.cminds.com/release-notes/"],"osvdb":["114867"],"cve":["2014-8877"],"exploitdb":["35324"],"vuln_type":"RCE","created_at":"2014-11-20T16:46:25.000Z","updated_at":"2015-01-16T07:52:28.000Z","fixed_in":"2.0.4"},{"id":7756,"title":"CM Download Manager \u003c= 2.0.6 - XSS and CSRF","url":["http://packetstormsecurity.com/files/129357/","http://www.securityfocus.com/bid/71418"],"osvdb":["115223"],"cve":["2014-9129"],"vuln_type":"MULTI","created_at":"2015-01-16T07:50:00.000Z","updated_at":"2015-01-16T07:50:40.000Z","fixed_in":"2.0.7"}]}},{"ninja-forms":{"vulnerabilities":[{"id":7684,"title":"Ninja Forms 2.8.6 Reflected Cross-Site Scripting (XSS)","url":["http://security.szurek.pl/ninja-forms-286-reflected-xss.html"],"cve":["2014-8815"],"vuln_type":"XSS","created_at":"2014-11-24T08:39:23.000Z","updated_at":"2014-11-24T08:39:48.000Z","fixed_in":"2.8.7"}]}},{"smart-forms":{"vulnerabilities":[{"id":7685,"title":"Smart Forms 2.1.0 Cross-Site Scripting (XSS)","url":["http://security.szurek.pl/wordpress-smart-forms-210-xss.html"],"cve":["2014-8803"],"vuln_type":"XSS","created_at":"2014-11-24T08:42:41.000Z","updated_at":"2014-11-24T08:43:01.000Z","fixed_in":"2.1.1"}]}},{"wpdatatables":{"vulnerabilities":[{"id":7688,"title":"wpDataTables \u003c= 1.5.3 - Unauthenticated Shell Upload","url":["http://www.homelab.it/index.php/2014/11/23/wordpress-wpdatatables-shell-upload-vulnerability/","http://packetstormsecurity.com/files/129231/","http://wpdatatables.com/wpdatatables-1-5-4/"],"osvdb":["115041"],"vuln_type":"UPLOAD","created_at":"2014-11-25T14:08:42.000Z","updated_at":"2014-12-30T16:32:15.000Z","fixed_in":"1.5.4"},{"id":7689,"title":"wpDataTables \u003c= 1.5.3 - SQL Injection","url":["http://www.homelab.it/index.php/2014/11/23/wordpress-wpdatatables-sql-injection-vulnerability/","http://packetstormsecurity.com/files/129232/","http://wpdatatables.com/wpdatatables-1-5-4/","http://www.securityfocus.com/bid/71271"],"osvdb":["115022"],"cve":["2014-9175"],"exploitdb":["35340"],"vuln_type":"SQLI","created_at":"2014-11-25T14:10:18.000Z","updated_at":"2014-12-30T16:29:06.000Z","fixed_in":"1.5.4"}]}},{"google-analytics-for-wordpress":{"vulnerabilities":[{"id":7692,"title":"Google Analytics by Yoast \u003c= 5.1.2 Cross-Site Scripting (XSS)","url":["https://twitter.com/yoast/status/537569224307511296","http://xforce.iss.net/xforce/xfdb/99053"],"osvdb":["115367"],"cve":["2014-9174"],"vuln_type":"XSS","created_at":"2014-11-26T11:44:53.000Z","updated_at":"2014-12-30T16:25:39.000Z","fixed_in":"5.1.3"}]}},{"html5-mp3-player-with-playlist":{"vulnerabilities":[{"id":7694,"title":"HTML5 MP3 Player with Playlist 2.7.0 - Full Path Disclosure (FPD)","url":["http://h4x0resec.blogspot.fr/","http://packetstormsecurity.com/files/129286/"],"osvdb":["115159"],"cve":["2014-9177"],"exploitdb":["35388"],"vuln_type":"FPD","created_at":"2014-11-27T11:41:20.000Z","updated_at":"2014-12-31T07:34:30.000Z"}]}},{"instasqueeze":{"vulnerabilities":[{"id":7695,"title":"Sexy Squeeze Pages - Cross Site Scripting (XSS)","url":["http://packetstormsecurity.com/files/129285/","http://xforce.iss.net/xforce/xfdb/98986"],"osvdb":["115164"],"cve":["2014-9176"],"vuln_type":"XSS","created_at":"2014-11-27T11:44:52.000Z","updated_at":"2014-12-31T07:31:34.000Z"}]}},{"iwp-client":{"vulnerabilities":[{"id":7700,"title":"InfiniteWP Client \u003c= 1.3.7 - Privilege Escalation","url":["http://blog.sucuri.net/2014/12/security-advisory-high-severity-infinitewp-client-wordpress-plugin.html"],"vuln_type":"BYPASS","created_at":"2014-12-02T16:24:48.000Z","updated_at":"2014-12-02T16:25:06.000Z","fixed_in":"1.3.8"}]}},{"sp-client-document-manager":{"vulnerabilities":[{"id":7701,"title":"SP Client Document Manager 2.4.1 - multiple remote SQL injections","url":["http://packetstormsecurity.com/files/129212/","http://xforce.iss.net/xforce/xfdb/98897"],"osvdb":["115025"],"cve":["2014-9178"],"exploitdb":["35313"],"vuln_type":"SQLI","created_at":"2014-12-02T21:41:38.000Z","updated_at":"2014-12-31T07:40:34.000Z","fixed_in":"2.4.4"}]}},{"nextend-facebook-connect":{"vulnerabilities":[{"id":7703,"title":"Nextend Facebook Connect \u003c= 1.4.59 XSS","cve":["2014-8800"],"exploitdb":["35439"],"vuln_type":"XSS","created_at":"2014-12-03T09:42:38.000Z","updated_at":"2014-12-03T09:42:40.000Z"}]}},{"shariff-sharing":{"vulnerabilities":[{"id":7708,"title":"Shariff for WordPress \u003c= 1.0.7 - Stored XSS","url":["http://imgur.com/hipNRLW"],"vuln_type":"XSS","created_at":"2014-12-05T15:19:42.000Z","updated_at":"2014-12-05T15:19:45.000Z"}]}},{"ajax-store-locator":{"vulnerabilities":[{"id":7712,"title":"Ajax Store Locator \u003c= 1.2 - Arbitrary File Download","url":["http://packetstormsecurity.com/files/129408/","http://www.homelab.it/index.php/2014/12/06/wordpress-ajax-store-locator-arbitrary-file-download-vulnerability/"],"exploitdb":["35493"],"vuln_type":"LFI","created_at":"2014-12-08T18:49:05.000Z","updated_at":"2014-12-11T09:46:25.000Z"}]}},{"uninstall":{"vulnerabilities":[{"id":7715,"title":"WordPress Uninstall \u003c= 1.1 - WordPress Deletion via CSRF","url":["http://pastebin.com/5QTTTSUV"],"vuln_type":"CSRF","created_at":"2014-12-11T09:28:11.000Z","updated_at":"2014-12-11T09:28:55.000Z"}]}},{"lightbox-photo-gallery":{"vulnerabilities":[{"id":7719,"title":"Lightbox Photo Gallery 1.0 - CSRF/XSS","url":["http://packetstormsecurity.com/files/129507/wplpg-xsrfxss.txt"],"vuln_type":"MULTI","created_at":"2014-12-14T15:53:14.000Z","updated_at":"2014-12-14T15:53:17.000Z"}]}},{"wp-timed-popup":{"vulnerabilities":[{"id":7720,"title":"Timed Popup \u003c= 1.3 - CSRF \u0026 Stored XSS","url":["http://packetstormsecurity.com/files/129510/wptimedpopup-xsrfxss.txt"],"vuln_type":"MULTI","created_at":"2014-12-14T15:55:03.000Z","updated_at":"2014-12-14T15:55:06.000Z"}]}},{"wp-fb-autoconnect":{"vulnerabilities":[{"id":7721,"title":"WP-FB-AutoConnect \u003c= 4.0.5 - XSS/CSRF","url":["http://packetstormsecurity.com/files/129508/wpfbautoconnect-xsrfxss.txt"],"vuln_type":"MULTI","created_at":"2014-12-14T15:57:04.000Z","updated_at":"2014-12-14T15:57:21.000Z","fixed_in":"4.0.6"}]}},{"seo-redirection":{"vulnerabilities":[{"id":7722,"title":"SEO Redirection \u003c= 2.2 - Unauthenticated Stored XSS","url":["http://pastebin.com/mHsW5twa"],"vuln_type":"XSS","created_at":"2014-12-15T08:21:57.000Z","updated_at":"2014-12-15T08:22:00.000Z"}]}},{"sliding-social-icons":{"vulnerabilities":[{"id":7723,"title":"Sliding Social Icons \u003c= 1.61 - CSRF \u0026 Stored XSS","url":["http://packetstormsecurity.com/files/129509/wpssi-xsrfxss.txt"],"vuln_type":"MULTI","created_at":"2014-12-15T17:35:56.000Z","updated_at":"2014-12-15T17:36:00.000Z"}]}},{"db-backup":{"vulnerabilities":[{"id":7726,"title":"DB Backup \u003c= 4.5 - Path Traversal File Access","cve":["2014-9119"],"vuln_type":"LFI","created_at":"2014-12-16T17:00:10.000Z","updated_at":"2014-12-16T17:02:10.000Z"}]}},{"bird-feeder":{"vulnerabilities":[{"id":7727,"title":"Bird Feeder \u003c= 1.2.3 - CSRF and XSS","url":["http://www.vulnerability-lab.com/get_content.php?id=1372","http://packetstormsecurity.com/files/129623/"],"osvdb":["116013"],"cve":["2014-9334"],"vuln_type":"MULTI","created_at":"2014-12-17T14:00:43.000Z","updated_at":"2015-01-13T08:22:40.000Z"}]}},{"liveforms":{"vulnerabilities":[{"id":7728,"title":"Live Forms \u003c= 1.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS)","url":["http://pastebin.com/6C26ZXUj"],"vuln_type":"XSS","created_at":"2014-12-19T11:04:50.000Z","updated_at":"2014-12-19T11:05:12.000Z","fixed_in":"1.3.0"}]}},{"itwitter":{"vulnerabilities":[{"id":7729,"title":"iTwitter \u003c= 0.04 - XSS \u0026 CSRF","url":["http://www.securityfocus.com/archive/1/534277"],"cve":["2014-9336"],"vuln_type":"MULTI","created_at":"2014-12-19T21:07:40.000Z","updated_at":"2014-12-19T21:07:44.000Z"}]}},{"post-to-twitter":{"vulnerabilities":[{"id":7730,"title":"Post to Twitter \u003c= 0.7 CSRF \u0026 XSS","url":["http://packetstormsecurity.com/files/129639/WordPress-Twitter-0.7-CSRF-XSS.html"],"cve":["2014-9393"],"vuln_type":"MULTI","created_at":"2014-12-20T10:40:19.000Z","updated_at":"2014-12-20T10:40:23.000Z"}]}},{"dukapress":{"vulnerabilities":[{"id":7731,"title":"DukaPress 2.5.2 - Path Traversal","url":["http://xforce.iss.net/xforce/xfdb/98943"],"osvdb":["115130"],"cve":["2014-8799"],"exploitdb":["35346"],"vuln_type":"BYPASS","created_at":"2014-12-29T22:51:59.000Z","updated_at":"2014-12-29T22:52:03.000Z"}]}},{"sell-downloads":{"vulnerabilities":[{"id":7732,"title":"Sell Downloads 1.0.1 - Arbitrary File Disclosure","url":["https://research.g0blin.co.uk/g0blin-00023/"],"vuln_type":"LFI","created_at":"2014-12-29T23:00:45.000Z","updated_at":"2014-12-29T23:01:42.000Z","fixed_in":"1.0.2"}]}},{"whydowork-adsense":{"vulnerabilities":[{"id":7733,"title":"WhyDoWork AdSense 1.2 - XSS and CSRF","url":["http://packetstormsecurity.com/files/127658/","http://www.securityfocus.com/bid/68954"],"osvdb":["109687","109688"],"cve":["2014-9099","2014-9100"],"vuln_type":"MULTI","created_at":"2014-12-29T23:23:56.000Z","updated_at":"2014-12-30T16:18:32.000Z"}]}},{"twitterdash":{"vulnerabilities":[{"id":7734,"title":"twitterDash 2.1 - CSRF and XSS","url":["http://packetstormsecurity.com/files/129579/"],"osvdb":["116136"],"cve":["2014-9368"],"vuln_type":"MULTI","created_at":"2014-12-31T20:19:14.000Z","updated_at":"2014-12-31T20:19:18.000Z"}]}},{"cart66":{"vulnerabilities":[{"id":7736,"title":"Cart66 Pro \u003c= 1.5.3 Arbitrary File Disclosure","url":["https://research.g0blin.co.uk/g0blin-00021/"],"cve":["2014-9461"],"vuln_type":"LFI","created_at":"2015-01-01T16:39:44.000Z","updated_at":"2015-01-03T11:26:01.000Z","fixed_in":"1.5.4"}]}},{"revslider":{"vulnerabilities":[{"id":7540,"title":"WordPress Slider Revolution Vulnerability","url":["http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html","http://marketblog.envato.com/general/affected-themes/","http://packetstormsecurity.com/files/129761/"],"osvdb":["109645"],"exploitdb":["34511","35385"],"vuln_type":"LFI","created_at":"2014-09-17T17:32:24.000Z","updated_at":"2015-01-18T10:13:18.000Z"}]}},{"wp-responsive-preview":{"vulnerabilities":[{"id":7738,"title":"WP Responsive Preview - XSS","osvdb":["108330"],"cve":["2014-4594"],"vuln_type":"XSS","created_at":"2015-01-01T20:08:15.000Z","updated_at":"2015-01-01T20:09:29.000Z","fixed_in":"1.2"}]}},{"wp-limit-posts-automatically":{"vulnerabilities":[{"id":7739,"title":"WP Limit Posts Automatically \u003c= 0.7 - CSRF \u0026 XSS","url":["http://packetstormsecurity.com/files/129647/WordPress-WP-Limit-Posts-Automatically-0.7-CSRF-XSS.html"],"cve":["2014-9401"],"vuln_type":"MULTI","created_at":"2015-01-02T11:08:06.000Z","updated_at":"2015-01-02T11:08:09.000Z"}]}},{"simpleflickr":{"vulnerabilities":[{"id":7743,"title":"SimpleFlickr 3.0.3 - CSRF and XSS","url":["http://packetstormsecurity.com/files/129642/"],"osvdb":["116285","116286"],"cve":["2014-9396"],"vuln_type":"MULTI","created_at":"2015-01-03T18:41:17.000Z","updated_at":"2015-01-03T18:41:21.000Z"}]}},{"slideoptinprox":{"vulnerabilities":[{"id":7746,"title":"slideoptinprox - XSS vulnerability","url":["http://packetstormsecurity.com/files/129873/"],"osvdb":["116854"],"vuln_type":"XSS","created_at":"2015-01-10T21:26:00.000Z","updated_at":"2015-01-10T21:26:05.000Z"}]}},{"our-team-enhanced":{"vulnerabilities":[{"id":7747,"title":"Our Team Showcase 1.2 - CSRF and XSS","url":["http://packetstormsecurity.com/files/129499/"],"osvdb":["116252"],"cve":["2014-9523"],"vuln_type":"MULTI","created_at":"2015-01-11T12:27:49.000Z","updated_at":"2015-01-11T12:27:54.000Z"}]}},{"pods":{"vulnerabilities":[{"id":7748,"title":"Pods \u003c= 2.4.3 - Authenticated XSS \u0026 CSRF","url":["http://seclists.org/fulldisclosure/2015/Jan/26","http://packetstormsecurity.com/files/129890/"],"cve":["2014-7957","2014-7956"],"vuln_type":"MULTI","created_at":"2015-01-12T09:08:48.000Z","updated_at":"2015-01-12T20:01:47.000Z","fixed_in":"2.5"}]}},{"banner-effect-header":{"vulnerabilities":[{"id":7749,"title":"Banner Effect Header 1.2.6 - XSS and CSRF","url":["http://packetstormsecurity.com/files/129804/"],"cve":["2015-0920"],"vuln_type":"MULTI","created_at":"2015-01-12T16:02:55.000Z","updated_at":"2015-01-12T16:11:00.000Z","fixed_in":"1.2.7"}]}},{"wp-unique-article-header-image":{"vulnerabilities":[{"id":7750,"title":"WP Unique Article Header Image 1.0 - CSRF and XSS","url":["http://packetstormsecurity.com/files/129646/"],"cve":["2014-9400"],"vuln_type":"MULTI","created_at":"2015-01-12T16:40:14.000Z","updated_at":"2015-01-12T16:40:18.000Z"}]}},{"cforms2":{"vulnerabilities":[{"id":7752,"title":"CformsII 14.7 - Remote Code Execution via Unauthorised File upload","url":["http://www.securityfocus.com/archive/1/534349/30/0/threaded"],"cve":["2014-9473"],"vuln_type":"RCE","created_at":"2015-01-13T08:42:05.000Z","updated_at":"2015-01-13T08:43:05.000Z","fixed_in":"14.8"}]}},{"simple-security":{"vulnerabilities":[{"id":7753,"title":"Simple Security \u003c= 1.1.5 -   Two Cross-Site Scripting (XSS) Vulnerabilities","url":["https://www.htbridge.com/advisory/HTB23244","http://seclists.org/bugtraq/2015/Jan/71","http://packetstormsecurity.com/files/129962/"],"cve":["2014-9570"],"vuln_type":"XSS","created_at":"2015-01-14T15:31:31.000Z","updated_at":"2015-01-14T22:18:04.000Z"}]}},{"gi-media-library":{"vulnerabilities":[{"id":7754,"title":"GI-Media Library \u003c= 2.2.2 - Arbitrary File Download","url":["http://wordpressa.quantika14.com/repository/index.php?id=24"],"vuln_type":"LFI","created_at":"2015-01-15T10:08:23.000Z","updated_at":"2015-01-15T10:08:27.000Z"}]}},{"pixabay-images":{"vulnerabilities":[{"id":7758,"title":"Pixabay Images \u003c= 2.3 - Multiple Vulnerabilities (RCE, XSS, ...)","url":["https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt","http://packetstormsecurity.com/files/130017/"],"vuln_type":"MULTI","created_at":"2015-01-19T15:37:37.000Z","updated_at":"2015-01-20T09:38:50.000Z","fixed_in":"2.4"}]}},{"cip4-folder-download-widget":{"vulnerabilities":[{"id":7759,"title":"CIP4 Folder Download 1.10 - Local File Inclusion","url":["http://packetstormsecurity.com/files/130009/"],"vuln_type":"LFI","created_at":"2015-01-20T09:49:50.000Z","updated_at":"2015-01-20T09:49:55.000Z"}]}}]