bug in plugin detection

[d4op]

[i] Name: wysija-newsletters - v2.7.11.3 [!]RCE : MailPoet Newsletters 2.6.6 - Theme File Upload H&ling Remote Code Execution - ID:6680 | Fixed in 2.6.7 | References:

• http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
• http://www.openwall.com/lists/oss-security/2014/07/02/1
• Metasploit exploit/unix/webapp/wp_wysija_newsletters_upload
• Exploitdb 33991
• Cve 2014-4725
• Secunia 59455 [!]SQLI : Wysija Newsletters 2.2 - SQL Injection - ID:6681 | Fixed in 2.2.1 | References:
• https://www.htbridge.com/advisory/HTB23140
• http://packetstormsecurity.com/files/120089/
• http://seclists.org/bugtraq/2013/Feb/29
• http://cxsecurity.com/issue/WLB-2013020039
• Cve 2013-1408 [!]XSS : Wysija Newsletters - swfupload Cross-Site Scripting - ID:6682 | Fixed in 2.1.7 | References:
• http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
• Secunia 51249 [!]UNKNOWN : MailPoet Newsletters 2.6.7 - helpers/back.php page Parameter Unspecified Issue - ID:7573 | Fixed in 2.6.8 | References:
• http://www.securityfocus.com/bid/68462/
• Cve 2014-4726 [!]CSRF : MailPoet Newsletters 2.6.10 - Unspecified CSRF - ID:7574 | Fixed in 2.6.11 | References:
• Cve 2014-3907 [!]XSS : MailPoet Newsletters <= 2.6.19 - Unauthenticated Reflected Cross-Site Scripting (XSS) - ID:8373 | Fixed in 2.7 | References:
• https://www.netsparker.com/ns-16-002-xss-vulnerability-identified-in-mailpoet-newsletters/ [!]XSS : MailPoet Newsletters <= 2.7.2 - Authenticated Reflected Cross-Site Scripting (XSS) - ID:8617 | Fixed in 2.7.3 | References:
• https://sumofpwn.nl/advisory/2016/reflected_cross_site_scripting_vulnerability_in_mailpoet_newsletters_plugin.html
• http://seclists.org/fulldisclosure/2016/Sep/17 [!]SQLI : MailPoet Newsletters <= 2.7.2 - SQL Injection - ID:8618 | Fixed in 2.7.3 | References:
• https://plugins.trac.wordpress.org/changeset/1469869/wysija-newsletters [i] Name: contact-form-7 - v4.9 [i] Name: wp-members - v3.1.9.1 [!]XSS : WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS - ID:7079 | Fixed in 2.8.10 | References:
• http://packetstormsecurity.com/files/124720/
• http://www.securityfocus.com/bid/64713/
• Secunia 56271 [!]XSS : WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS - ID:7080 | Fixed in 2.8.10 | References:
• http://packetstormsecurity.com/files/124720/
• http://www.securityfocus.com/bid/64713/
• Secunia 56271 [!]XSS : WP-Members <= 3.1.7 - Authenticated Cross-Site Scripting (XSS) - ID:8858 | Fixed in 3.1.8 | References:
• https://jvn.jp/en/jp/JVN51355647/index.html
• https://plugins.trac.wordpress.org/changeset/1667369/#file12
• Cve 2017-2222

why does it show me vulns of older versions even if all is up-to-date ?

[d4op]

why does it show me vulns of older versions even if all is up-to-date ?