Enhancement: cves/2023/CVE-2023-23489.yaml by md

cves/2023/CVE-2023-23489.yaml

@@ -1,16 +1,16 @@
 id: CVE-2023-23489
 
 info:
-  name: Easy Digital Downloads 3.1.0.2 & 3.1.0.3 - Unauthenticated SQLi
+  name: WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
   author: theamanrawat
   severity: critical
   description: |
-    The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.
+    WordPress Easy Digital Downloads plugin 3.1.0.2 & 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://wpscan.com/vulnerability/c5a6830c-6420-42fc-b20c-8e20224d6f18
     - https://wordpress.org/plugins/easy-digital-downloads/
-    - https://nvd.nist.gov/vuln/detail/CVE-2023-23489
     - https://www.tenable.com/security/research/tra-2023-2
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-23489
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -38,3 +38,5 @@ requests:
           - 'status_code_1 == 200'
           - 'contains(body_1, "[]") && contains(body_2, "Easy Digital Downloads")'
         condition: and
+
+# Enhanced by md on 2023/03/07