From 0e6e1450ec9c762ad0776bf24081e7b296aa9049 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Fri, 22 Mar 2024 21:13:51 +0530
Subject: [PATCH] Update CVE-2024-27954.yaml

---
 http/cves/2024/CVE-2024-27954.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/http/cves/2024/CVE-2024-27954.yaml b/http/cves/2024/CVE-2024-27954.yaml
index 523bf191fb..9f9c4505d4 100644
--- a/http/cves/2024/CVE-2024-27954.yaml
+++ b/http/cves/2024/CVE-2024-27954.yaml
@@ -1,14 +1,19 @@
 id: CVE-2024-27954
 
 info:
-  name: WordPress Automatic plugin - Arbitrary File Download and SSRF
+  name: WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
   author: iamnoooob,rootxharsh,pdresearch
   severity: critical
   description: |
-    Unauthenticated Arbitrary File Download and SSRF. Located in the downloader.php file, this vulnerability also discovered by Rafie Muhammad, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. Thankfully, this vulnerability too has been patched in version 3.92.1.
+    WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.
   reference:
     - https://securityonline.info/40000-sites-exposed-wordpress-plugin-update-critical-cve-2024-27956-cve-2024-27954/#google_vignette
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27954
+  classification:
+    cve-id: CVE-2024-27954
+  metadata:
+    max-request: 1
+    verified: true
   tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,ssrf
 
 http: