From fdbe49059bd545c61a7c7ca4073cc26297277f2a Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Tue, 7 Mar 2023 16:52:58 -0500
Subject: [PATCH] Enhancement: cves/2023/CVE-2023-23488.yaml by md

---
 cves/2023/CVE-2023-23488.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cves/2023/CVE-2023-23488.yaml b/cves/2023/CVE-2023-23488.yaml
index 674da13d7f..8b790a2250 100644
--- a/cves/2023/CVE-2023-23488.yaml
+++ b/cves/2023/CVE-2023-23488.yaml
@@ -1,11 +1,11 @@
 id: CVE-2023-23488
 
 info:
-  name: Paid Memberships Pro < 2.9.8 - Unauthenticated Blind SQLi
+  name: WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection
   author: dwisiswant0
   severity: critical
   description: |
-    The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
+    WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://www.tenable.com/security/research/tra-2023-2
     - https://wordpress.org/plugins/paid-memberships-pro/
@@ -37,3 +37,5 @@ requests:
           - status_code_1 != 403 # Wordfence
           - contains(body_2, "pmpro_updates")
         condition: and
+
+# Enhanced by md on 2023/03/07