From 2056a3e7a65bc2e59fd23d0b456941c00b8f1211 Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Tue, 28 Mar 2023 16:12:22 -0400
Subject: [PATCH] Enhancement: cves/2022/CVE-2022-3933.yaml by md

---
 cves/2022/CVE-2022-3933.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/cves/2022/CVE-2022-3933.yaml b/cves/2022/CVE-2022-3933.yaml
index 21c3687c23..2e8426349a 100644
--- a/cves/2022/CVE-2022-3933.yaml
+++ b/cves/2022/CVE-2022-3933.yaml
@@ -1,12 +1,12 @@
 id: CVE-2022-3933
 
 info:
-  name: Essential Real Estate - Cross Site Scripting
+  name: WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
   author: r3Y3r53
   severity: medium
   description: |
-    The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.
-  remediation: Fixed in version 3.9.6
+    WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow theft of cookie-based authentication credentials and launch of other attacks.
+  remediation: Fixed in version 3.9.6.
   reference:
     - https://wpscan.com/vulnerability/6395f3f1-5cdf-4c55-920c-accc0201baf4
     - https://wordpress.org/plugins/essential-real-estate/advanced/
@@ -42,3 +42,5 @@ requests:
           - 'contains(body_2, "><script>alert(document.domain)</script>")'
           - 'contains(body_2, "ere_property_gallery")'
         condition: and
+
+# Enhanced by md on 2023/03/28