Update CVE-2021-24284.yaml

cves/2021/CVE-2021-24284.yaml

@@ -7,18 +7,18 @@ info:
   description: |
     The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24284
-    - https://github.com/advisories/GHSA-wqvg-8q49-hjc7
     - https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5
+    - https://github.com/advisories/GHSA-wqvg-8q49-hjc7
     - https://www.wordfence.com/blog/2021/04/psa-remove-kaswara-modern-wpbakery-page-builder-addons-plugin-immediately/
     - https://www.waltermairena.net/en/2021/04/25/0-day-vulnerability-in-the-plugin-kaswara-modern-vc-addons-plugin-what-can-i-do/
     - https://lifeinhex.com/kaswara-exploit-or-how-much-wordfence-cares-about-user-security/
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24284
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2021-24284
     cwe-id: CWE-434
-  tags: cve,cve2021,wordpress,wp-plugin,rce
+  tags: cve,cve2021,wordpress,wp-plugin,rce,wp,intrusive,unauth,fileupload
 
 variables:
   zip_file: "{{to_lower(rand_text_alpha(6))}}"
@@ -66,4 +66,4 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200