Update wordpress-social-metrics-tracker.yaml

2022-08-10 14:45:01 +05:30 · 2022-08-10 14:45:01 +05:30 · 9f0b259e75
parent 37c98909c9
commit 9f0b259e75
1 changed files with 8 additions and 6 deletions
--- a/vulnerabilities/wordpress/wordpress-social-metrics-tracker.yaml
+++ b/vulnerabilities/wordpress/wordpress-social-metrics-tracker.yaml
@ -4,10 +4,11 @@ info:
  name: Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
  author: randomrobbie
  severity: medium
-  description: The lack of proper authorisation when exporting data from the plugin could allow unauthenticated users to get information about the posts and page of the blog, including their author's username and email.
+  description: |
+    The lack of proper authorisation when exporting data from the plugin could allow unauthenticated users to get information about the posts and page of the blog, including their author's username and email.
  reference:
    - https://wpscan.com/vulnerability/f4eed3ba-2746-426f-b030-a8c432defeb2
-  tags: wordpress,wp-plugin,wp
+  tags: wordpress,wp-plugin,wp,unauth

 requests:
  - method: GET
@ -16,10 +17,11 @@ requests:

    matchers-condition: and
    matchers:
+      - type: word
+        part: body
+        words:
+          - "Main URL to Post"
+
      - type: status
        status:
          - 200
-      - type: word
-        words:
-          - "Main URL to Post"
-        part: body