Enhancement: cves/2022/CVE-2022-2551.yaml by md

cves/2022/CVE-2022-2551.yaml

@@ -1,18 +1,18 @@
 id: CVE-2022-2551
 
 info:
-  name: Duplicator < 1.4.7 - Unauthenticated Backup Download
+  name: WordPress Duplicator <1.4.7 - Authentication Bypass
   author: LRTK-CODER
   severity: high
   description: |
-    The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.
+    WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.
   reference:
     - https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0
     - https://wordpress.org/plugins/duplicator/
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-2551
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2551
     - https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551
-  remediation: Fixed in version 1.4.7.1
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-2551
+  remediation: Fixed in version 1.4.7.1.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
@@ -45,3 +45,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/04/07