Auto Generated CVE annotations [Sat Jul 30 08:43:08 UTC 2022] 🤖

cves/2020/CVE-2020-11455.yaml

@@ -3,7 +3,7 @@ id: CVE-2020-11455
 info:
   name: LimeSurvey 4.1.11 - Local File Inclusion
   author: daffainfo
-  severity: medium
+  severity: critical
   description: LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
   reference:
     - https://www.exploit-db.com/exploits/48297
@@ -12,8 +12,8 @@ info:
     - http://packetstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.html
     - https://nvd.nist.gov/vuln/detail/CVE-2020-11455
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
-    cvss-score: 5.3
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
     cve-id: CVE-2020-11455
     cwe-id: CWE-22
   tags: cve,cve2020,lfi

cves/2022/CVE-2022-0594.yaml

@@ -2,16 +2,20 @@ id: CVE-2022-0594
 info:
   name: Shareaholic < 9.7.6 - Information Disclosure
   author: atomiczsec
-  severity: low
+  severity: medium
   description: The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
   reference:
     - https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1
     - https://wordpress.org/plugins/shareaholic/
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0594
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id: CVE-2022-0594
+    cwe-id: CWE-863
   metadata:
-    verified: true
+    verified: "true"
   tags: cve,cve2022,wordpress,wp,wp-plugin,exposure
-
 requests:
   - method: GET
     path: