update matcher

http/cves/2024/CVE-2024-0235.yaml

@@ -1,10 +1,11 @@
 id: CVE-2024-0235
 
 info:
-  name: EventON WordPress Plugin Unauthorized Email Access
+  name: EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure
   author: princechaddha
   severity: medium
-  description: The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
+  description: |
+    The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
   impact: |
     An attacker could potentially access sensitive email information.
   remediation: |
@@ -18,7 +19,7 @@ info:
     cve-id: CVE-2024-0235
     cwe-id: CWE-862
     epss-score: 0.00052
-    epss-percentile: 0.19212
+    epss-percentile: 0.19233
     cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
   metadata:
     vendor: myeventon
@@ -26,7 +27,8 @@ info:
     framework: wordpress
     shodan-query: vuln:CVE-2023-2796
     fofa-query: wp-content/plugins/eventon/
-  tags: cve,cve2024,wp,wordpress,unauth,exposure
+    publicwww-query: "wp-content/plugins/eventon/"
+  tags: cve,cve2024,wp,wordpress,unauth,exposure,eventon,wpscan
 
 http:
   - method: POST
@@ -38,8 +40,15 @@ http:
 
     body: "_user_role=administrator"
 
+    matchers-condition: and
     matchers:
       - type: word
         words:
-          - "@"
+          - '@'
+          - '"status":'
+          - '"content":'
         part: body
+
+      - type: status
+        status:
+          - 200