Update CVE-2024-6845.yaml

http/cves/2024/CVE-2024-6845.yaml

@@ -1,15 +1,15 @@
 id: CVE-2024-6845
 
 info:
-  name: SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure
+  name: SmartSearchWP < 2.4.6 - OpenAI Key Disclosure
   author: s4e-io
   severity: medium
   description: |
     The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key.
   remediation: Fixed in 2.4.6
   reference:
-    - https://cvefeed.io/vuln/detail/CVE-2024-6845
     - https://wpscan.com/vulnerability/cfaaa843-d89e-42d4-90d9-988293499d26/
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-6845
   metadata:
     max-request: 2
     verified: true
@@ -18,21 +18,20 @@ info:
     framework: wordpress
     publicwww-query: "/wp-content/plugins/smartsearchwp"
     fofa-query: body="/wp-content/plugins/smartsearchwp"
-  tags: cve,cve2024,info-leak,wordpress,wp-plugin,smartsearchwp,wpscan
+  tags: cve,cve2024,exposure,wp,wordpress,wp-plugin,smartsearchwp
 
 flow: http(1) && http(2)
 
 http:
   - raw:
       - |
-        GET /wp-content/plugins/smartsearchwp/readme.txt HTTP/1.1
+        GET / HTTP/1.1
         Host: {{Hostname}}
 
     matchers:
       - type: dsl
         dsl:
-          - 'contains(body,"Chatbot with ChatGPT Wordpress")'
-          - 'contains(content_type,"text/plain")'
+          - 'contains(body,"/wp-content/plugins/smartsearchwp")'
           - 'status_code == 200'
         condition: and
         internal: true