Iranian Exploit DataBase

There is a team called Iranian Exploit DataBase, which has caused some confusion and pain in security research community and vulnerability databases. They have some big problems in their advisories mainly:

OSVDB vulnerability listing:

Advisory URLs and their status:

I have analyzed some of their advisories. List below:

Advisory date Title Status
2013-06-30 Wordpress plugin wp-private-messages False-positive (reference)
2013-07-02 WordPress plugin feed False-positive (reference)
2013-07-02 WordPress plugin category-grid-view-gallery Positive. CVE-2013-4117 (CVE request)
2013-10-19 Unofficial WordPress plugin videowall Positive. Only used by one site (
2013-11-05 WordPress plugin jigoshop path disclosure Positive
2014-02-15 phpMyBackupPro 2.4 Cross-Site Scripting vulnerability Positive
2014-05-29 OpenCart below directory traversal vulnerability False-positive (reference)