Enhancement: cves/2021/CVE-2021-24997.yaml by md

cves/2021/CVE-2021-24997.yaml

@@ -1,15 +1,15 @@
 id: CVE-2021-24997
 
 info:
-  name: Wordpress Guppy <=1.1 - User ID Disclosure
+  name: WordPress Guppy <=1.1 - Information Disclosure
   author: Evan Rubinstein
   severity: medium
-  description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information to make API requests to either get messages sent between users, or send messages posing as one user to another.
+  description: WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.
   reference:
     - https://www.exploit-db.com/exploits/50540
     - https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24997
     - https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24997
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
     cvss-score: 6.5
@@ -35,3 +35,5 @@ requests:
           - '"userId":'
           - '"type":'
         condition: and
+
+# Enhanced by md on 2023/02/01