From e48aac4d61d817079cfb2e0004a21523066ad50c Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Wed, 1 Feb 2023 12:25:28 -0500
Subject: [PATCH] Enhancement: cves/2021/CVE-2021-24997.yaml by md

---
 cves/2021/CVE-2021-24997.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/cves/2021/CVE-2021-24997.yaml b/cves/2021/CVE-2021-24997.yaml
index 8f90e6b2d1..612280290b 100644
--- a/cves/2021/CVE-2021-24997.yaml
+++ b/cves/2021/CVE-2021-24997.yaml
@@ -1,15 +1,15 @@
 id: CVE-2021-24997
 
 info:
-  name: Wordpress Guppy <=1.1 - User ID Disclosure
+  name: WordPress Guppy <=1.1 - Information Disclosure
   author: Evan Rubinstein
   severity: medium
-  description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information to make API requests to either get messages sent between users, or send messages posing as one user to another.
+  description: WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.
   reference:
     - https://www.exploit-db.com/exploits/50540
     - https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24997
     - https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24997
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
     cvss-score: 6.5
@@ -35,3 +35,5 @@ requests:
           - '"userId":'
           - '"type":'
         condition: and
+
+# Enhanced by md on 2023/02/01