Enhancement: cves/2022/CVE-2022-1386.yaml by md

cves/2022/CVE-2022-1386.yaml

@@ -1,15 +1,16 @@
 id: CVE-2022-1386
 
 info:
-  name: WordPress Fusion Builder < 3.6.2 - Unauthenticated SSRF
+  name: WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery
   author: akincibor,MantisSTS,calumjelrick
   severity: critical
   description: |
-    The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
+    WordPress Fusion Builder plugin before 3.6.2, used in the Avada theme, is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can potentially interact with hosts on the server's local network, bypass firewalls, and access control measures.
   reference:
     - https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b
     - https://www.rootshellsecurity.net/rootshell-discovered-a-critical-vulnerability-in-top-wordpress-theme/
     - https://theme-fusion.com/version-7-6-2-security-update/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-1386
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -94,3 +95,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/04/06