misc update

cves/2019/CVE-2019-14470.yaml

@@ -4,7 +4,6 @@ info:
   name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
-  description: cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
   reference:
     - https://wpscan.com/vulnerability/9815
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470

cves/2021/CVE-2021-26295.yaml

@@ -9,15 +9,13 @@ info:
     - https://github.com/yumusb/CVE-2021-26295-POC
     - https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E
     - https://lists.apache.org/thread.html/r6e4579c4ebf7efeb462962e359501c6ca4045687f12212551df2d607@%3Cnotifications.ofbiz.apache.org%3E
-
-# Note:- This is detection template, To perform deserializes do as below
-# java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot
-# `cat mad.ot | hex` and replace in <cus-obj> along with the url in std-String value
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2021-26295
     cwe-id: CWE-502
+  additional-fileds:
+    ysoserial-payload: 'java -jar ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn | hex'
 
 requests:
   - raw:

vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml

@@ -5,7 +5,7 @@ info:
   author: madrobot
   severity: high
   tags: wordpress,rce,ssrf
-  reference: 
+  reference:
     - https://www.exploit-db.com/exploits/49327
     - https://wpscan.com/vulnerability/10417