From 8e42a015b843e0f98439354b246204707ed779de Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Tue, 7 Mar 2023 16:54:58 -0500
Subject: [PATCH] Enhancement: cves/2023/CVE-2023-23489.yaml by md

---
 cves/2023/CVE-2023-23489.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/cves/2023/CVE-2023-23489.yaml b/cves/2023/CVE-2023-23489.yaml
index 3666fe6662..f7f9f25812 100644
--- a/cves/2023/CVE-2023-23489.yaml
+++ b/cves/2023/CVE-2023-23489.yaml
@@ -1,16 +1,16 @@
 id: CVE-2023-23489
 
 info:
-  name: Easy Digital Downloads 3.1.0.2 & 3.1.0.3 - Unauthenticated SQLi
+  name: WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
   author: theamanrawat
   severity: critical
   description: |
-    The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.
+    WordPress Easy Digital Downloads plugin 3.1.0.2 & 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://wpscan.com/vulnerability/c5a6830c-6420-42fc-b20c-8e20224d6f18
     - https://wordpress.org/plugins/easy-digital-downloads/
-    - https://nvd.nist.gov/vuln/detail/CVE-2023-23489
     - https://www.tenable.com/security/research/tra-2023-2
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-23489
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -38,3 +38,5 @@ requests:
           - 'status_code_1 == 200'
           - 'contains(body_1, "[]") && contains(body_2, "Easy Digital Downloads")'
         condition: and
+
+# Enhanced by md on 2023/03/07