matcher and workflow update

cves/2020/CVE-2020-35489.yaml

@@ -4,8 +4,9 @@ info:
   name: WordPress Contact Form 7 Plugin - Unrestricted File Upload
   author: soyelmago
   severity: critical
-  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35489
+  description: The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
-  tags: cve,cve2020,wordpress,plugin
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35489
+  tags: cve,cve2020,wordpress,wp-plugin
 
 requests:
   - method: GET
@@ -17,100 +18,13 @@ requests:
       - type: status
         status:
           - 200
+
       - type: word
         words:
           - "Contact Form 7"
-        condition: and
-        part: body
-      - type: word
-        words:
-          - "2.0.7"
-          - "2.1"
-          - "2.1.2"
-          - "2.2"
-          - "2.2.1"
-          - "2.3"
-          - "2.3.1"
-          - "2.4"
-          - "2.4.1"
-          - "2.4.2"
-          - "2.4.3"
-          - "2.4.4"
-          - "2.4.5"
-          - "2.4.6"
-          - "3.0"
-          - "3.0.1"
-          - "3.0.2"
-          - "3.1"
-          - "3.1.1"
-          - "3.1.2"
-          - "3.2"
-          - "3.3"
-          - "3.3.1"
-          - "3.3.2"
-          - "3.3.3"
-          - "3.4"
-          - "3.4.1"
-          - "3.4.2"
-          - "3.5"
-          - "3.5.1"
-          - "3.5.2"
-          - "3.5.3"
-          - "3.5.4"
-          - "3.6"
-          - "3.7"
-          - "3.7.1"
-          - "3.7.2"
-          - "3.8"
-          - "3.8.1"
-          - "3.9"
-          - "3.9.1"
-          - "3.9.2"
-          - "3.9.3"
-          - "4.0"
-          - "4.0.1"
-          - "4.0.2"
-          - "4.0.3"
-          - "4.1"
-          - "4.1.1"
-          - "4.1.2"
-          - "4.2"
-          - "4.2.1"
-          - "4.2.2"
-          - "4.3"
-          - "4.3.1"
-          - "4.4"
-          - "4.4.1"
-          - "4.4.2"
-          - "4.5"
-          - "4.5.1"
-          - "4.6"
-          - "4.6.1"
-          - "4.7"
-          - "4.8"
-          - "4.8.1"
-          - "4.9"
-          - "4.9.1"
-          - "4.9.2"
-          - "5.0"
-          - "5.0.1"
-          - "5.0.2"
-          - "5.0.3"
-          - "5.0.4"
-          - "5.0.5"
-          - "5.1"
-          - "5.1.1"
-          - "5.1.2"
-          - "5.1.4"
-          - "5.1.5"
-          - "5.1.6"
-          - "5.1.7"
-          - "5.1.8"
-          - "5.1.9"
-          - "5.2"
-          - "5.2.1"
-          - "5.2.2"
-          - "5.3"
-          - "5.3.1"
-        condition: or
         part: body
+
+      - type: regex
+        regex:
+          - '^([0-4]\.|5\.[0-2]\.|5\.3\.[0-1]$)'
+        part: body

workflows/wordpress-workflow.yaml

@@ -26,6 +26,7 @@ workflows:
           - template: cves/2020/CVE-2020-13700.yaml
           - template: cves/2020/CVE-2020-14092.yaml
           - template: cves/2020/CVE-2020-35951.yaml
+          - template: cves/2020/CVE-2020-35489.yaml
           - template: vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
           - template: vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
           - template: vulnerabilities/wordpress/wordpress-total-upkeep-backup-download.yaml